From 1ad0fcf1b6b414e629be3b92e486653713902a56 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 17 Jan 2025 13:52:33 +0100 Subject: [PATCH 0001/1064] improve check for auth.docker.io Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 7424c436..bca074ae 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -285,7 +285,7 @@ fi # Check if auth.docker.io is reachable # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268 -if ! curl https://auth.docker.io/token | grep -q token; then +if ! curl https://auth.docker.io/token 2>&1 | grep -q token; then print_red "Could not reach https://auth.docker.io." echo "Most likely is something blocking access to it." echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install" From a425f5b49bc2a82eeb9e714acdb799ef0a4c96e1 Mon Sep 17 00:00:00 2001 From: Thorsten Schaefer Date: Fri, 17 Jan 2025 19:07:37 +0100 Subject: [PATCH 0002/1064] Support custom port for onlyoffice Signed-off-by: Thorsten Schaefer --- Containers/apache/Caddyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile index d635f329..64fb5f93 100644 --- a/Containers/apache/Caddyfile +++ b/Containers/apache/Caddyfile @@ -40,7 +40,7 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443, route /onlyoffice/* { uri strip_prefix /onlyoffice reverse_proxy {$ONLYOFFICE_HOST}:80 { - header_up X-Forwarded-Host {http.request.host}/onlyoffice + header_up X-Forwarded-Host {http.request.hostport}/onlyoffice header_up X-Forwarded-Proto https } } From ec3895beef69361672a1d32374050f9123eab647 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 20 Jan 2025 13:36:10 +0100 Subject: [PATCH 0003/1064] apache: add docs to aio interface Signed-off-by: Simon L. --- php/containers.json | 1 + 1 file changed, 1 insertion(+) diff --git a/php/containers.json b/php/containers.json index 1457b0de..57117d83 100644 --- a/php/containers.json +++ b/php/containers.json @@ -3,6 +3,7 @@ { "container_name": "nextcloud-aio-apache", "image_tag": "%AIO_CHANNEL%", + "documentation": "https://github.com/nextcloud/all-in-one/discussions/2105", "depends_on": [ "nextcloud-aio-onlyoffice", "nextcloud-aio-collabora", From c578a6e3f3d521a01361e83d4e278a429031f9f4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 20 Jan 2025 13:20:06 +0100 Subject: [PATCH 0004/1064] DockerActionManager: improve the logging Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- php/src/Docker/DockerActionManager.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index f040e169..8c2d3abe 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -46,7 +46,7 @@ readonly class DockerController { if ($pullImage) { if (!$this->dockerActionManager->isDockerHubReachable($container)) { $pullImage = false; - error_log('Not pulling the image for the ' . $container->GetContainerName() . ' container because docker hub does not seem to be reachable.'); + error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because docker hub does not seem to be reachable.'); } } diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index e3d7c337..3ec37499 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -167,7 +167,7 @@ readonly class DockerActionManager { try { $this->guzzleClient->post($url); } catch (RequestException $e) { - throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getMessage()); + throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents()); } } @@ -588,7 +588,7 @@ readonly class DockerActionManager { ] ); } catch (RequestException $e) { - throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getMessage()); + throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents()); } } @@ -623,7 +623,7 @@ readonly class DockerActionManager { try { $this->guzzleClient->post($url); } catch (RequestException $e) { - $message = "Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed."; + $message = "Could not pull image " . $imageName . ": " . $e->getResponse()?->getBody()->getContents(); if ($imageIsThere === false) { throw new \Exception($message); } else { @@ -883,7 +883,7 @@ readonly class DockerActionManager { } catch (RequestException $e) { // 409 is undocumented and gets thrown if the network already exists. if ($e->getCode() !== 409) { - throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage()); + throw new \Exception("Could not create the nextcloud-aio network: " . $e->getResponse()?->getBody()->getContents()); } } } From 03b846b3f435e9eb9b7df06463cea76eddf98387 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 21 Jan 2025 14:49:56 +0100 Subject: [PATCH 0005/1064] aio-interface: update wording for entering the domain Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 57dfc3f1..54dc563d 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -101,7 +101,7 @@ {% else %}

AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.

{% endif %} -

Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.

+

Please type the domain that will be used for Nextcloud.

{% if skip_domain_validation == true %}

Please note: The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!

{% endif %} From bfc5f4044836740f814567f58e4ba1c9dfaac4a9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 27 Jun 2024 10:59:08 +0200 Subject: [PATCH 0006/1064] community-containers: add makemkv Signed-off-by: Simon L. --- community-containers/makemkv/makemkv.json | 58 +++++++++++++++++++++++ community-containers/makemkv/readme.md | 20 ++++++++ php/containers-schema.json | 2 +- 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 community-containers/makemkv/makemkv.json create mode 100644 community-containers/makemkv/readme.md diff --git a/community-containers/makemkv/makemkv.json b/community-containers/makemkv/makemkv.json new file mode 100644 index 00000000..e8d7f8dd --- /dev/null +++ b/community-containers/makemkv/makemkv.json @@ -0,0 +1,58 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-makekv", + "display_name": "MakeMKV", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/makemkv", + "image": "jlesage/makemkv", + "image_tag": "latest", + "internal_port": "5802", + "restart": "unless-stopped", + "ports": [ + { + "ip_binding": "", + "port_number": "5802", + "protocol": "tcp" + } + ], + "volumes": [ + { + "source": "nextcloud_aio_makemkv", + "destination": "/config", + "writeable": true + }, + { + "source": "%NEXTCLOUD_DATADIR%", + "destination": "/storage", + "writeable": false + }, + { + "source": "%NEXTCLOUD_MOUNT%", + "destination": "/output", + "writeable": true + }, + { + "source": "/dev", + "destination": "/dev", + "writeable": false + } + ], + "environment": [ + "TZ=%TIMEZONE%", + "SECURE_CONNECTION=1", + "WEB_AUTHENTICATION=1", + "USER_ID=33", + "GROUP_ID=33", + "WEB_AUTHENTICATION_USERNAME=makemkv", + "WEB_AUTHENTICATION_PASSWORD=%MAKEMKV_PASSWORD%", + "WEB_LISTENING_PORT=5802" + ], + "secrets": [ + "MAKEMKV_PASSWORD" + ], + "backup_volumes": [ + "nextcloud_aio_makemkv" + ] + } + ] +} diff --git a/community-containers/makemkv/readme.md b/community-containers/makemkv/readme.md new file mode 100644 index 00000000..fa26be40 --- /dev/null +++ b/community-containers/makemkv/readme.md @@ -0,0 +1,20 @@ +## MakeMKV +This container bundles MakeMKV and auto-configures it for you. + +### Notes +- This container should only be run in home networks +- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being. +- This container only works on Linux and not on Docker-Desktop. +- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly.. +- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-makemkv | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning). +- After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it) +- The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container. +- The config data of MakeMKV will be automatically included in AIOs backup solution! +- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack + +### Repository +https://github.com/jlesage/docker-makemkv + +### Maintainer +https://github.com/szaimen diff --git a/php/containers-schema.json b/php/containers-schema.json index 9f2141d3..8b59c3d8 100644 --- a/php/containers-schema.json +++ b/php/containers-schema.json @@ -213,7 +213,7 @@ }, "source": { "type": "string", - "pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%))$" + "pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%)|(/dev))$" }, "writeable": { "type": "boolean" From 7468386397b23fb9828bc8e8de961f2ca581fe63 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 16 Jan 2025 16:37:37 +0100 Subject: [PATCH 0007/1064] add borgbackup-viewer community container Signed-off-by: Simon L. --- .../borgbackup-viewer/borgbackup-viewer.json | 70 +++++++++++++++++++ .../borgbackup-viewer/readme.md | 17 +++++ php/src/Docker/DockerActionManager.php | 10 ++- php/templates/containers.twig | 3 + readme.md | 6 ++ 5 files changed, 103 insertions(+), 3 deletions(-) create mode 100644 community-containers/borgbackup-viewer/borgbackup-viewer.json create mode 100644 community-containers/borgbackup-viewer/readme.md diff --git a/community-containers/borgbackup-viewer/borgbackup-viewer.json b/community-containers/borgbackup-viewer/borgbackup-viewer.json new file mode 100644 index 00000000..417cc660 --- /dev/null +++ b/community-containers/borgbackup-viewer/borgbackup-viewer.json @@ -0,0 +1,70 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-borgbackup-viewer", + "image_tag": "v1", + "display_name": "Borg Backup Viewer", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer", + "image": "szaimen/aio-borgbackup-viewer", + "internal_port": "5801", + "ports": [ + { + "ip_binding": "", + "port_number": "5801", + "protocol": "tcp" + } + ], + "environment": [ + "BORG_HOST_ID=nextcloud-aio-borgbackup-viewer", + "WEB_AUTHENTICATION_USERNAME=nextcloud", + "WEB_AUTHENTICATION_PASSWORD=%BORGBACKUP_VIEWER_PASSWORD%", + "WEB_LISTENING_PORT=5801", + "BORG_PASSPHRASE=%BORGBACKUP_PASSWORD%", + "BORG_REPO=/mnt/borgbackup/borg" + ], + "secrets": [ + "BORGBACKUP_VIEWER_PASSWORD", + "BORGBACKUP_PASSWORD" + ], + "volumes": [ + { + "source": "nextcloud_aio_backup_cache", + "destination": "/root", + "writeable": true + }, + { + "source": "%NEXTCLOUD_DATADIR%", + "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data", + "writeable": true + }, + { + "source": "nextcloud_aio_mastercontainer", + "destination": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer", + "writeable": true + }, + { + "source": "%BORGBACKUP_HOST_LOCATION%", + "destination": "/mnt/borgbackup", + "writeable": true + }, + { + "source": "nextcloud_aio_elasticsearch", + "destination": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch", + "writeable": true + }, + { + "source": "nextcloud_aio_redis", + "destination": "/mnt/redis", + "writeable": true + } + ], + "devices": [ + "/dev/fuse" + ], + "cap_add": [ + "SYS_ADMIN" + ], + "apparmor_unconfined": true + } + ] +} diff --git a/community-containers/borgbackup-viewer/readme.md b/community-containers/borgbackup-viewer/readme.md new file mode 100644 index 00000000..42b692ec --- /dev/null +++ b/community-containers/borgbackup-viewer/readme.md @@ -0,0 +1,17 @@ +## Borgbackup Viewer +This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser. + +### Notes +- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-borgbackup-viewer | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning). +- Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance! +- After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly. +- You can also delete specific archives by running `borg list`, delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button. +- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack + +### Repository +https://github.com/szaimen/aio-borgbackup-viewer + +### Maintainer +https://github.com/szaimen + diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index e3d7c337..39c612cf 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -541,19 +541,23 @@ readonly class DockerActionManager { $mounts = []; // Special things for the backup container which should not be exposed in the containers.json - if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') { + if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) { // Additional backup directories foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) { if ($additionalBackupVolumes !== '') { $mounts[] = ["Type" => "volume", "Source" => $additionalBackupVolumes, "Target" => "/nextcloud_aio_volumes/" . $additionalBackupVolumes, "ReadOnly" => false]; } } + + // Make volumes read only in case of borgbackup container. The viewer makes them writeable + $isReadOnly = $container->GetIdentifier() === 'nextcloud-aio-borgbackup'; + foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) { if ($additionalBackupDirectories !== '') { if (!str_starts_with($additionalBackupDirectories, '/')) { - $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => true]; + $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => $isReadOnly]; } else { - $mounts[] = ["Type" => "bind", "Source" => $additionalBackupDirectories, "Target" => "/host_mounts" . $additionalBackupDirectories, "ReadOnly" => true, "BindOptions" => ["NonRecursive" => true]]; + $mounts[] = ["Type" => "bind", "Source" => $additionalBackupDirectories, "Target" => "/host_mounts" . $additionalBackupDirectories, "ReadOnly" => $isReadOnly, "BindOptions" => ["NonRecursive" => true]]; } } } diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 57dfc3f1..91c5f2a7 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -504,6 +504,9 @@ {% endif %} {% if has_backup_run_once == true %} +

Backup Viewer

+

There is now a community container that allows to access your backups in a web session. See this documentation.

+

Backup check

Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.

diff --git a/readme.md b/readme.md index a494ca11..88dec7a0 100644 --- a/readme.md +++ b/readme.md @@ -493,6 +493,9 @@ In this example, it would mount `E:\your\backup\path` into the volume so for a d #### Pro-tip: Backup archives access You can open the BorgBackup archives on your host by following these steps:
(instructions for Ubuntu Desktop) + +Alternatively, there is now a community container that allows to access your backups in a web session: https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer. + ```bash # Install borgbackup on the host sudo apt update && sudo apt install borgbackup @@ -520,6 +523,9 @@ sudo umount /tmp/borg #### Delete backup archives manually You can delete BorgBackup archives on your host manually by following these steps:
(instructions for Debian based OS' like Ubuntu) + +Alternatively, there is now a community container that allows to access your backups in a web session: https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer. + ```bash # Install borgbackup on the host sudo apt update && sudo apt install borgbackup From 4def229eea8ca1d2a3e5edd55fbfab95df0d1f4b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 21 Jan 2025 22:43:35 +0100 Subject: [PATCH 0008/1064] add scrutiny community container Signed-off-by: Simon L. --- community-containers/scrutiny/readme.md | 15 ++++++ community-containers/scrutiny/scrutiny.json | 55 +++++++++++++++++++++ php/containers-schema.json | 2 +- 3 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 community-containers/scrutiny/readme.md create mode 100644 community-containers/scrutiny/scrutiny.json diff --git a/community-containers/scrutiny/readme.md b/community-containers/scrutiny/readme.md new file mode 100644 index 00000000..8beb3869 --- /dev/null +++ b/community-containers/scrutiny/readme.md @@ -0,0 +1,15 @@ +## Scrutiny +This container bundles Scrutiny and auto-configures it for you. + +### Notes +- This container should only be run in home networks +- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the drives and smartctl stats which is a security issue. However no better solution was found for the time being. +- This container only works on Linux and not on Docker-Desktop. +- After adding and starting the container, you need to visit `http://internal.ip.of.server:8000` which will show the dashboard for your drives. +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack + +### Repository +https://github.com/szaimen/aio-scrutiny + +### Maintainer +https://github.com/szaimen diff --git a/community-containers/scrutiny/scrutiny.json b/community-containers/scrutiny/scrutiny.json new file mode 100644 index 00000000..6d0900fd --- /dev/null +++ b/community-containers/scrutiny/scrutiny.json @@ -0,0 +1,55 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-scrutiny", + "display_name": "Scrutiny", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny", + "image": "szaimen/aio-scrutiny", + "image_tag": "v1", + "internal_port": "8000", + "restart": "unless-stopped", + "ports": [ + { + "ip_binding": "", + "port_number": "8000", + "protocol": "tcp" + } + ], + "cap_add": [ + "SYS_RAWIO", + "SYS_ADMIN" + ], + "environment": [ + "TZ=%TIMEZONE%", + "SCRUTINY_WEB_LISTEN_PORT=8000", + "COLLECTOR_API_ENDPOINT=http://127.0.0.1:8000" + ], + "volumes": [ + { + "source": "nextcloud_aio_scrutiny", + "destination": "/opt/scrutiny/config", + "writeable": true + }, + { + "source": "nextcloud_aio_scrutiny_db", + "destination": "/opt/scrutiny/influxdb", + "writeable": true + }, + { + "source": "/run/udev", + "destination": "/run/udev", + "writeable": false + }, + { + "source": "/dev", + "destination": "/dev", + "writeable": false + } + ], + "backup_volumes": [ + "nextcloud_aio_scrutiny", + "nextcloud_aio_scrutiny_db" + ] + } + ] +} diff --git a/php/containers-schema.json b/php/containers-schema.json index 8b59c3d8..4f030e8f 100644 --- a/php/containers-schema.json +++ b/php/containers-schema.json @@ -213,7 +213,7 @@ }, "source": { "type": "string", - "pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%)|(/dev))$" + "pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%)|(/dev)|(/run/udev))$" }, "writeable": { "type": "boolean" From 895f4b82e3fcb112821afa2b7938327b467ef0d4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 22 Jan 2025 16:51:55 +0100 Subject: [PATCH 0009/1064] talk: automatically bind ipv4 only if ipv6 is disabled Signed-off-by: Simon L. --- Containers/talk/start.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh index e73525b8..c382f7f1 100644 --- a/Containers/talk/start.sh +++ b/Containers/talk/start.sh @@ -30,14 +30,21 @@ if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_ IPv4_ADDRESS_TALK="" fi +IP_BINDING="::" +if grep -q "1" /sys/module/ipv6/parameters/disable \ +|| sysctl -a 2>/dev/null | grep "net.ipv6.conf.all.disable_ipv6" | grep -q "1" \ +|| sysctl -a 2>/dev/null | grep "net.ipv6.conf.default.disable_ipv6" | grep -q "1"; then + IP_BINDING="0.0.0.0" +fi + # Turn cat << TURN_CONF > "/conf/eturnal.yml" eturnal: listen: - - ip: "::" + - ip: "$IP_BINDING" port: $TALK_PORT transport: udp - - ip: "::" + - ip: "$IP_BINDING" port: $TALK_PORT transport: tcp log_dir: stdout From 0e10cfd20b5c102d406f9b8f646563342403ae89 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 22 Jan 2025 20:47:48 +0100 Subject: [PATCH 0010/1064] move community containers to top as one of the main feature Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index f3f8db61..64a1f6ca 100644 --- a/readme.md +++ b/readme.md @@ -13,6 +13,7 @@ Included are: - Fulltextsearch (optional) - Whiteboard (optional) - Docker Socket Proxy (optional, needed for [Nextcloud App API](https://github.com/cloud-py-api/app_api#nextcloud-appapi)) +- [Community containers](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers)
And much more: - Simple web interface included that enables easy installation and maintenance @@ -46,7 +47,6 @@ Included are: - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive) -- [Additional features can be added very easily](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap) - Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md) - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban) From 16a5c1c04febb041ed9d7fe37d90cf9fcf39fc9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Jan 2025 04:41:11 +0000 Subject: [PATCH 0011/1064] build(deps): bump clamav/clamav in /Containers/clamav Bumps clamav/clamav from 1.4.1-22 to 1.4.2-23. --- updated-dependencies: - dependency-name: clamav/clamav dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 79f6d9cc..e3f1acbd 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.1-22 +FROM clamav/clamav:1.4.2-23 COPY clamav.conf /clamav.conf COPY --chmod=775 start.script /start.script From 96a577b093a16494c67ea17abff0b152ef8894cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Jan 2025 04:42:08 +0000 Subject: [PATCH 0012/1064] build(deps): bump strukturag/nextcloud-spreed-signaling Bumps strukturag/nextcloud-spreed-signaling from 2.0.1 to 2.0.2. --- updated-dependencies: - dependency-name: strukturag/nextcloud-spreed-signaling dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 3de8dc43..9ab2ac4c 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM nats:2.10.24-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal -FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling +FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.2 AS janus ARG JANUS_VERSION=v1.3.0 From 00a2e88c226cd04e78f2daa44d361eb6c22fa031 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 23 Jan 2025 11:22:07 +0100 Subject: [PATCH 0013/1064] address review Signed-off-by: Simon L. Co-authored-by: Richard Steinmetz Signed-off-by: Simon L. --- Containers/talk/start.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh index c382f7f1..d1037f8c 100644 --- a/Containers/talk/start.sh +++ b/Containers/talk/start.sh @@ -32,8 +32,8 @@ fi IP_BINDING="::" if grep -q "1" /sys/module/ipv6/parameters/disable \ -|| sysctl -a 2>/dev/null | grep "net.ipv6.conf.all.disable_ipv6" | grep -q "1" \ -|| sysctl -a 2>/dev/null | grep "net.ipv6.conf.default.disable_ipv6" | grep -q "1"; then +|| grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 \ +|| grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then IP_BINDING="0.0.0.0" fi From 1fb631cc51e77d761f339f868f47253ca640165a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 23 Jan 2025 14:18:58 +0100 Subject: [PATCH 0014/1064] add note regarding scalable variant Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md index c15f9e1b..061a7073 100755 --- a/nextcloud-aio-helm-chart/readme.md +++ b/nextcloud-aio-helm-chart/readme.md @@ -1,5 +1,8 @@ # Nextcloud AIO Helm-chart +> [!NOTE] +> For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/). + You can run the containers that are build for AIO with Kubernetes using this Helm chart. This comes with a few downsides, that are discussed below. ### Advantages From 04ef45667ff62f7c09917e103e504d36b035d6b5 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 23 Jan 2025 16:28:07 +0100 Subject: [PATCH 0015/1064] containers-schema: allow to specify ui-secret and show in aio interface Signed-off-by: Simon L. --- .../borgbackup-viewer/borgbackup-viewer.json | 1 + community-containers/borgbackup-viewer/readme.md | 2 +- community-containers/lldap/readme.md | 2 +- community-containers/makemkv/makemkv.json | 1 + community-containers/makemkv/readme.md | 2 +- manual-install/update-yaml.sh | 1 + php/containers-schema.json | 4 ++++ php/src/Container/Container.php | 5 +++++ php/src/ContainerDefinitionFetcher.php | 6 ++++++ php/src/Data/ConfigurationManager.php | 4 ++++ php/src/Docker/DockerActionManager.php | 4 ++++ php/templates/containers.twig | 9 +++++++++ 12 files changed, 38 insertions(+), 3 deletions(-) diff --git a/community-containers/borgbackup-viewer/borgbackup-viewer.json b/community-containers/borgbackup-viewer/borgbackup-viewer.json index 417cc660..9b5c58e5 100644 --- a/community-containers/borgbackup-viewer/borgbackup-viewer.json +++ b/community-containers/borgbackup-viewer/borgbackup-viewer.json @@ -26,6 +26,7 @@ "BORGBACKUP_VIEWER_PASSWORD", "BORGBACKUP_PASSWORD" ], + "ui_secret": "BORGBACKUP_VIEWER_PASSWORD", "volumes": [ { "source": "nextcloud_aio_backup_cache", diff --git a/community-containers/borgbackup-viewer/readme.md b/community-containers/borgbackup-viewer/readme.md index 42b692ec..dc3d5806 100644 --- a/community-containers/borgbackup-viewer/readme.md +++ b/community-containers/borgbackup-viewer/readme.md @@ -2,7 +2,7 @@ This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser. ### Notes -- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-borgbackup-viewer | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning). +- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). - Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance! - After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly. - You can also delete specific archives by running `borg list`, delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button. diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index 27934d28..74a51c61 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -3,7 +3,7 @@ This container bundles LLDAP server and auto-configures your Nextcloud instance ### Notes - In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server. -- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`. +- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the secret that you can see next to the container in the AIO interface. - To configure Nextcloud, you can use the generic configuration proposed below. - For advanced configurations, see how to configure a client with lldap https://github.com/lldap/lldap#client-configuration - Also, see how Nextcloud's LDAP application works https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html diff --git a/community-containers/makemkv/makemkv.json b/community-containers/makemkv/makemkv.json index e8d7f8dd..22132cb8 100644 --- a/community-containers/makemkv/makemkv.json +++ b/community-containers/makemkv/makemkv.json @@ -50,6 +50,7 @@ "secrets": [ "MAKEMKV_PASSWORD" ], + "ui_secret": "MAKEMKV_PASSWORD", "backup_volumes": [ "nextcloud_aio_makemkv" ] diff --git a/community-containers/makemkv/readme.md b/community-containers/makemkv/readme.md index fa26be40..ed9ce040 100644 --- a/community-containers/makemkv/readme.md +++ b/community-containers/makemkv/readme.md @@ -6,7 +6,7 @@ This container bundles MakeMKV and auto-configures it for you. - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being. - This container only works on Linux and not on Docker-Desktop. - This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly.. -- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-makemkv | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning). +- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). - After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it) - The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container. - The config data of MakeMKV will be automatically included in AIOs backup solution! diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index f4d207c3..95c99426 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -14,6 +14,7 @@ cat /tmp/containers.json OUTPUT="$(cat /tmp/containers.json)" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')" +OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].ui_secrets)')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].enable_nvidia_gpu)')" OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')" diff --git a/php/containers-schema.json b/php/containers-schema.json index 4f030e8f..7a675e60 100644 --- a/php/containers-schema.json +++ b/php/containers-schema.json @@ -145,6 +145,10 @@ "pattern": "^[A-Z_]+$" } }, + "ui_secret": { + "type": "string", + "pattern": "^[A-Z_]+$" + }, "image_tag": { "type": "string", "pattern": "^([a-z0-9.-]+|%AIO_CHANNEL%)$" diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php index 0b032e8c..77858283 100644 --- a/php/src/Container/Container.php +++ b/php/src/Container/Container.php @@ -21,6 +21,7 @@ readonly class Container { private array $dependsOn, /** @var string[] */ private array $secrets, + private string $uiSecret, /** @var string[] */ private array $devices, private bool $enableNvidiaGpu, @@ -85,6 +86,10 @@ readonly class Container { return $this->secrets; } + public function GetUiSecret() : string { + return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret); + } + public function GetTmpfs() : array { return $this->tmpfs; } diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 8f7c6a97..6809650c 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -244,6 +244,11 @@ readonly class ContainerDefinitionFetcher { $secrets = $entry['secrets']; } + $uiSecret = ''; + if (isset($entry['ui_secret'])) { + $uiSecret = $entry['ui_secret']; + } + $devices = []; if (isset($entry['devices'])) { $devices = $entry['devices']; @@ -316,6 +321,7 @@ readonly class ContainerDefinitionFetcher { $variables, $dependsOn, $secrets, + $uiSecret, $devices, $enableNvidiaGpu, $capAdd, diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e7d6884f..2a0fa3d5 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -33,6 +33,10 @@ class ConfigurationManager } public function GetAndGenerateSecret(string $secretId) : string { + if ($secretId === '') { + return ''; + } + $config = $this->GetConfig(); if(!isset($config['secrets'][$secretId])) { $config['secrets'][$secretId] = bin2hex(random_bytes(24)); diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index c9eb402e..e98a5237 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -1032,6 +1032,10 @@ readonly class DockerActionManager { } } + public function GetAndGenerateSecretWrapper(string $secretId) : string { + return $this->configurationManager->GetAndGenerateSecret($secretId); + } + public function isNextcloudImageOutdated() : bool { $createdTime = $this->GetCreatedTimeOfNextcloudImage(); diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 1a2fd11c..6f0128b3 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -282,6 +282,9 @@ {% if container.GetDocumentation() != '' %} (docs) {% endif %} + {% if container.GetUiSecret() != '' %} + (secret: {{ GetUiSecret.GetUiSecret() }} ) + {% endif %} {% elseif container.GetRunningState().value == 'running' %} @@ -289,6 +292,9 @@ {% if container.GetDocumentation() != '' %} (docs) {% endif %} + {% if container.GetUiSecret() != '' %} + (secret: {{ GetUiSecret.GetUiSecret() }} ) + {% endif %} {% else %} @@ -296,6 +302,9 @@ {% if container.GetDocumentation() != '' %} (docs) {% endif %} + {% if container.GetUiSecret() != '' %} + (secret: {{ GetUiSecret.GetUiSecret() }} ) + {% endif %} {% endif %} From dee3773bf3edf4637abd2a13b08c425682e85772 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 04:57:37 +0000 Subject: [PATCH 0016/1064] build(deps): bump httpd in /Containers/apache Bumps httpd from 2.4.62-alpine3.21 to 2.4.63-alpine3.21. --- updated-dependencies: - dependency-name: httpd dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/apache/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index 34bd2df1..1f866552 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -2,7 +2,7 @@ FROM caddy:2.9.1-alpine AS caddy # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile -FROM httpd:2.4.62-alpine3.21 +FROM httpd:2.4.63-alpine3.21 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy From afab39dca9853dd7f2d41f135f9752ac362710e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 04:57:54 +0000 Subject: [PATCH 0017/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.11.3.1 to 24.04.12.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 3bfa837d..08470f88 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker -FROM collabora/code:24.04.11.3.1 +FROM collabora/code:24.04.12.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 85821b467b5f9866df4a0452cff36f50394b4753 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 04:58:18 +0000 Subject: [PATCH 0018/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 27.5.0-cli to 27.5.1-cli. --- updated-dependencies: - dependency-name: docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 18cf331a..51081511 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:27.5.0-cli AS docker +FROM docker:27.5.1-cli AS docker # Caddy is a requirement FROM caddy:2.9.1-alpine AS caddy From 2b4f65a0aaa2988165bccd4bac467f6e2ef9f675 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 04:58:35 +0000 Subject: [PATCH 0019/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.10.24-scratch to 2.10.25-scratch. --- updated-dependencies: - dependency-name: nats dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 9ab2ac4c..b334fd1b 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.10.24-scratch AS nats +FROM nats:2.10.25-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.2 AS janus From 2efeff2b9608f9f22ceaeb65a834011f112ba7b0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 24 Jan 2025 13:34:14 +0100 Subject: [PATCH 0020/1064] address review Signed-off-by: Simon L. --- community-containers/lldap/lldap.json | 1 + community-containers/nocodb/nocodb.json | 1 + community-containers/nocodb/readme.md | 2 +- community-containers/stalwart/stalwart.json | 1 + php/templates/containers.twig | 6 +++--- 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json index 3592f179..8f7fba88 100644 --- a/community-containers/lldap/lldap.json +++ b/community-containers/lldap/lldap.json @@ -27,6 +27,7 @@ "LLDAP_JWT_SECRET", "LLDAP_LDAP_USER_PASS" ], + "ui_secret": "LLDAP_JWT_SECRET", "volumes": [ { "source": "nextcloud_aio_lldap", diff --git a/community-containers/nocodb/nocodb.json b/community-containers/nocodb/nocodb.json index 8a915c2f..a5d56e13 100644 --- a/community-containers/nocodb/nocodb.json +++ b/community-containers/nocodb/nocodb.json @@ -28,6 +28,7 @@ "NOCODB_JWT_SECRET", "NOCODB_USER_PASS" ], + "ui_secret": "NOCODB_USER_PASS", "volumes": [ { "source": "nextcloud_aio_nocodb", diff --git a/community-containers/nocodb/readme.md b/community-containers/nocodb/readme.md index 8d528928..748c8585 100644 --- a/community-containers/nocodb/readme.md +++ b/community-containers/nocodb/readme.md @@ -17,7 +17,7 @@ This is an alternative of **Airtable**. - You need to configure a reverse proxy in order to run this container since nocodb needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy. - Currently, only `tables.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, nocodb will use `tables.your-domain.com`. - The data of NocoDb will be automatically included in AIOs backup solution! -- After adding and starting the container, you need to run `docker inspect nextcloud-aio-nocodb | grep NC_ADMIN_PASS` to obtain the system administrator password (username: `admin@noco.db`). With this information, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin` +- After adding and starting the container, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin` with the username `admin@noco.db` and the password that you can see in the AIO interface next to the container. - See https://docs.nocodb.com/ for usage of NocoDb - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json index 891bd9da..7858327c 100644 --- a/community-containers/stalwart/stalwart.json +++ b/community-containers/stalwart/stalwart.json @@ -53,6 +53,7 @@ "secrets": [ "STALWART_USER_PASS" ], + "ui_secret": "STALWART_USER_PASS", "volumes": [ { "source": "nextcloud_aio_stalwart", diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 6f0128b3..a3de0b24 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -283,7 +283,7 @@ (docs) {% endif %} {% if container.GetUiSecret() != '' %} - (secret: {{ GetUiSecret.GetUiSecret() }} ) + (password: {{ GetUiSecret.GetUiSecret() }} ) {% endif %} {% elseif container.GetRunningState().value == 'running' %} @@ -293,7 +293,7 @@ (docs) {% endif %} {% if container.GetUiSecret() != '' %} - (secret: {{ GetUiSecret.GetUiSecret() }} ) + (password: {{ GetUiSecret.GetUiSecret() }} ) {% endif %} {% else %} @@ -303,7 +303,7 @@ (docs) {% endif %} {% if container.GetUiSecret() != '' %} - (secret: {{ GetUiSecret.GetUiSecret() }} ) + (password: {{ GetUiSecret.GetUiSecret() }} ) {% endif %} {% endif %} From 4aef95a87a4c6050564139f6dce9299efd422631 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 24 Jan 2025 23:40:18 +0100 Subject: [PATCH 0021/1064] make Tailscale even more prominent Signed-off-by: Simon L. --- compose.yaml | 1 + local-instance.md | 26 +++++++++++++------------- php/templates/containers.twig | 2 +- readme.md | 9 +++++---- 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/compose.yaml b/compose.yaml index 8596efd3..61c81a44 100644 --- a/compose.yaml +++ b/compose.yaml @@ -38,6 +38,7 @@ services: # security_opt: ["label:disable"] # Is needed when using SELinux # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575 +# # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439 # # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 # caddy: diff --git a/local-instance.md b/local-instance.md index abd99059..27bc147c 100644 --- a/local-instance.md +++ b/local-instance.md @@ -2,14 +2,17 @@ It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain. However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally. ### Content -- [1. The recommended way](#1-the-recommended-way) -- [2. Use the ACME DNS-challenge](#2-use-the-acme-dns-challenge) -- [3. Use Cloudflare](#3-use-cloudflare) -- [4. Buy a certificate and use that](#4-buy-a-certificate-and-use-that) -- [5. Tailscale network](#5-tailscale-network) +- [1. Tailscale network](#0-tailscale-network) +- [2. The normal way](#1-the-recommended-way) +- [3. Use the ACME DNS-challenge](#2-use-the-acme-dns-challenge) +- [4. Use Cloudflare](#3-use-cloudflare) +- [5. Buy a certificate and use that](#4-buy-a-certificate-and-use-that) -## 1. The recommended way -The recommended way is the following: +## 1. Tailscale network +This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 + +## 2. The normal way +The normal way is the following: 1. Set up your domain correctly to point to your home network 1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port). 1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) @@ -18,14 +21,11 @@ The recommended way is the following: **Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example. -## 2. Use the ACME DNS-challenge +## 3. Use the ACME DNS-challenge You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge -## 3. Use Cloudflare +## 4. Use Cloudflare If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up. -## 4. Buy a certificate and use that +## 5. Buy a certificate and use that If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config. - -## 5. Tailscale network -For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 1a2fd11c..bd86a7fe 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -115,7 +115,7 @@

Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.

Click here for further hints -

If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others.

+

If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use Tailscale

If you have a dynamic public IP-address, you can use e.g. DDclient with a compatible domain provider for DNS updates.

If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow this documentation.

If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.

diff --git a/readme.md b/readme.md index 64a1f6ca..790fb355 100644 --- a/readme.md +++ b/readme.md @@ -232,6 +232,7 @@ On older TrueNAS SCALE releases with Kubernetes environment, there are two ways Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart. ### Notes on Cloudflare (proxy/tunnel) +Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible. - Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you. - Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel. - It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation @@ -273,22 +274,22 @@ You can install AIO in reverse proxy mode where is also documented how to get it If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly. ### Can I use an ip-address for Nextcloud instead of a domain? -No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md) for configuration without a traditional domain. Or, [consider using NextcloudPi](nextcloudpi.com) for ip-address access locally (it bundles fewer features than AIO). +No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439). ### Can I run AIO offline or in an airgapped system? No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more. ### Are self-signed certificates supported for Nextcloud? -No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). +No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439). ### Can I use AIO with multiple domains? No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain. ### Are other ports than the default 443 for Nextcloud supported? -No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the a Cloudflare Tunnel if you want to publish it online. You could also use the ACME DNS-challenge to get a valid certificate. However in all cases the Nextcloud interface will redirect you to port 443. +No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443. ### Can I run Nextcloud in a subdirectory on my domain? -No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). +No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. ### How can I access Nextcloud locally? Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work. From ac54fce52243e54a1b115c2255253e7321908ebe Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sat, 25 Jan 2025 02:05:27 +0100 Subject: [PATCH 0022/1064] fix details Signed-off-by: Simon L. --- local-instance.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/local-instance.md b/local-instance.md index 27bc147c..9557e1c9 100644 --- a/local-instance.md +++ b/local-instance.md @@ -2,11 +2,11 @@ It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain. However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally. ### Content -- [1. Tailscale network](#0-tailscale-network) -- [2. The normal way](#1-the-recommended-way) -- [3. Use the ACME DNS-challenge](#2-use-the-acme-dns-challenge) -- [4. Use Cloudflare](#3-use-cloudflare) -- [5. Buy a certificate and use that](#4-buy-a-certificate-and-use-that) +- [1. Tailscale network](#1-tailscale-network) +- [2. The normal way](#2-the-normal-way) +- [3. Use the ACME DNS-challenge](#3-use-the-acme-dns-challenge) +- [4. Use Cloudflare](#4-use-cloudflare) +- [5. Buy a certificate and use that](#5-buy-a-certificate-and-use-that) ## 1. Tailscale network This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 From a07b3b8ccb2eb29399c56797d2f078e158635243 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sat, 25 Jan 2025 02:28:35 +0100 Subject: [PATCH 0023/1064] some more adjustments Signed-off-by: Simon L. --- local-instance.md | 4 ++-- readme.md | 4 ++-- reverse-proxy.md | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/local-instance.md b/local-instance.md index 9557e1c9..4633bc08 100644 --- a/local-instance.md +++ b/local-instance.md @@ -2,13 +2,13 @@ It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain. However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally. ### Content -- [1. Tailscale network](#1-tailscale-network) +- [1. Tailscale](#1-tailscale) - [2. The normal way](#2-the-normal-way) - [3. Use the ACME DNS-challenge](#3-use-the-acme-dns-challenge) - [4. Use Cloudflare](#4-use-cloudflare) - [5. Buy a certificate and use that](#5-buy-a-certificate-and-use-that) -## 1. Tailscale network +## 1. Tailscale This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 ## 2. The normal way diff --git a/readme.md b/readme.md index 790fb355..2ab8f378 100644 --- a/readme.md +++ b/readme.md @@ -28,7 +28,7 @@ Included are: - A+ security in Nextcloud security scan - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel) -- Can be used inside [Tailscale network](https://github.com/nextcloud/all-in-one/discussions/5439) +- Can be used inside [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case) - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads) - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud) @@ -249,7 +249,7 @@ Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed b ### How to run Nextcloud behind a Cloudflare Tunnel? Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. -### How to run Nextcloud inside a Tailscale network? +### How to run Nextcloud via Tailscale? For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 ### Disrecommended VPS providers diff --git a/reverse-proxy.md b/reverse-proxy.md index d8fdaa7d..89aca458 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -2,6 +2,8 @@ > [!NOTE] > Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO. +> [!TIP] +> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/5439). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575). ## Introduction In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to: From de49af4806abf02c5151ba87cbeca90d4e8824be Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sat, 25 Jan 2025 02:29:23 +0100 Subject: [PATCH 0024/1064] add empty line Signed-off-by: Simon L. --- reverse-proxy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/reverse-proxy.md b/reverse-proxy.md index 89aca458..52f917a2 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -2,6 +2,7 @@ > [!NOTE] > Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO. + > [!TIP] > If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/5439). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575). From 28aecab21199a38753cb7f568e9883f87bfa8ddc Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sat, 25 Jan 2025 02:36:39 +0100 Subject: [PATCH 0025/1064] Update wording Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 2ab8f378..dd6f8334 100644 --- a/readme.md +++ b/readme.md @@ -28,7 +28,7 @@ Included are: - A+ security in Nextcloud security scan - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel) -- Can be used inside [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) +- Can be used via [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case) - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads) - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud) From 0f15fb194d773b1f0ed802b7b886bc9f1c1b200b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 05:07:55 +0000 Subject: [PATCH 0026/1064] build(deps): bump clamav/clamav in /Containers/clamav Bumps clamav/clamav from 1.4.2-23 to 1.4.2-24. --- updated-dependencies: - dependency-name: clamav/clamav dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index e3f1acbd..7f039908 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.2-23 +FROM clamav/clamav:1.4.2-24 COPY clamav.conf /clamav.conf COPY --chmod=775 start.script /start.script From 4cd8ac0ab7d1e4d5fba9729283c6bc2138a73c8d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 27 Jan 2025 13:03:05 +0100 Subject: [PATCH 0027/1064] aio-interface: add note that talk-recording only works on x86 Signed-off-by: Simon L. --- php/src/Data/ConfigurationManager.php | 8 +++++++- php/templates/includes/optional-containers.twig | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e7d6884f..33c5b7d0 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -210,7 +210,7 @@ class ConfigurationManager } public function SetFulltextsearchEnabledState(int $value) : void { - # Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768 + // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768 if ($this->GetCollaboraSeccompDisabledState() === 'true') { $value = 0; } @@ -281,6 +281,12 @@ class ConfigurationManager if (!$this->isTalkEnabled()) { $value = 0; } + + // Currently only works on x64. See https://github.com/nextcloud/nextcloud-talk-recording/issues/17 + if (!$this->isx64Platform()) { + $value = 0; + } + $config = $this->GetConfig(); $config['isTalkRecordingEnabled'] = $value; $this->WriteConfig($config); diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index baa6c1cc..1f749115 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -96,7 +96,7 @@ data-initial-state="false" {% endif %} > - +

{% if is_onlyoffice_enabled == true %}

From f3dff2f780435150c7342d37a3d31369ce8e3743 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 27 Jan 2025 13:52:54 +0100 Subject: [PATCH 0028/1064] address review Signed-off-by: Simon L. --- php/templates/includes/optional-containers.twig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 1f749115..6df95600 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -21,7 +21,7 @@ data-initial-state="false" {% endif %} > - +

- +

{% if is_onlyoffice_enabled == true %}

From 0a1fba8c3bd95092e4748ddc680a639c680714eb Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 28 Jan 2025 10:16:00 +0100 Subject: [PATCH 0029/1064] nextcloud: updates3.config.php Signed-off-by: Simon L. --- Containers/nextcloud/config/s3.config.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php index f902bde8..b973fbc4 100644 --- a/Containers/nextcloud/config/s3.config.php +++ b/Containers/nextcloud/config/s3.config.php @@ -11,7 +11,6 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', - 'sse_c_key' => getenv('OBJECTSTORE_S3_SSE_C_KEY') ?: '', 'region' => getenv('OBJECTSTORE_S3_REGION') ?: '', 'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '', 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', @@ -26,4 +25,9 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { ) ) ); + + $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY'); + if ($sse_c_key) { + $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key; + } } From 6f2ae6258f5ba1e7979213251157dde7aabec70f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 28 Jan 2025 10:46:39 +0100 Subject: [PATCH 0030/1064] increase to 10.5.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 5c334a67..756b3f98 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@

-

Nextcloud AIO v10.4.0

+

Nextcloud AIO v10.5.0

{# Add 2nd tab warning #} From 21dfc131ad552e9504119f23cd6f309d1ad2f49d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 28 Jan 2025 11:11:41 +0100 Subject: [PATCH 0031/1064] fix showing ui-secret in aio-interface Signed-off-by: Simon L. --- php/templates/containers.twig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 756b3f98..43468d84 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -283,7 +283,7 @@ (docs) {% endif %} {% if container.GetUiSecret() != '' %} - (password: {{ GetUiSecret.GetUiSecret() }} ) + (password: {{ container.GetUiSecret() }} ) {% endif %} {% elseif container.GetRunningState().value == 'running' %} @@ -293,7 +293,7 @@ (docs) {% endif %} {% if container.GetUiSecret() != '' %} - (password: {{ GetUiSecret.GetUiSecret() }} ) + (password: {{ container.GetUiSecret() }} ) {% endif %} {% else %} @@ -303,7 +303,7 @@ (docs) {% endif %} {% if container.GetUiSecret() != '' %} - (password: {{ GetUiSecret.GetUiSecret() }} ) + (password: {{ container.GetUiSecret() }} ) {% endif %} {% endif %} From 1542c894c12de690da5d052e0334144204b5a85a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 28 Jan 2025 11:48:06 +0100 Subject: [PATCH 0032/1064] fix formatting of password in aio-interface Signed-off-by: Simon L. --- php/templates/containers.twig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 43468d84..f167dd5d 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -283,7 +283,7 @@ (docs) {% endif %} {% if container.GetUiSecret() != '' %} - (password: {{ container.GetUiSecret() }} ) + (password: {{ container.GetUiSecret() }}) {% endif %} {% elseif container.GetRunningState().value == 'running' %} @@ -293,7 +293,7 @@ (docs) {% endif %} {% if container.GetUiSecret() != '' %} - (password: {{ container.GetUiSecret() }} ) + (password: {{ container.GetUiSecret() }}) {% endif %} {% else %} @@ -303,7 +303,7 @@ (docs) {% endif %} {% if container.GetUiSecret() != '' %} - (password: {{ container.GetUiSecret() }} ) + (password: {{ container.GetUiSecret() }}) {% endif %} {% endif %} From a87d7b3aa97190cc0a5af7e5ebe27887032ab176 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 28 Jan 2025 11:49:35 +0100 Subject: [PATCH 0033/1064] scrutiny does not allow init Signed-off-by: Simon L. --- community-containers/scrutiny/scrutiny.json | 1 + 1 file changed, 1 insertion(+) diff --git a/community-containers/scrutiny/scrutiny.json b/community-containers/scrutiny/scrutiny.json index 6d0900fd..7fe369c5 100644 --- a/community-containers/scrutiny/scrutiny.json +++ b/community-containers/scrutiny/scrutiny.json @@ -7,6 +7,7 @@ "image": "szaimen/aio-scrutiny", "image_tag": "v1", "internal_port": "8000", + "init": false, "restart": "unless-stopped", "ports": [ { From 365e8f6f79d326ad6d2b5c4a2c83e5bba1a870d1 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 28 Jan 2025 12:16:51 +0100 Subject: [PATCH 0034/1064] whiteboard: add tmpfs in app as this seems to be required now Signed-off-by: Simon L. --- php/containers.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/php/containers.json b/php/containers.json index 57117d83..7a4d455f 100644 --- a/php/containers.json +++ b/php/containers.json @@ -857,6 +857,9 @@ "expose": [ "3002" ], + "tmpfs": [ + "/app" + ], "internal_port": "3002", "environment": [ "TZ=%TIMEZONE%", From 92f0f2bc4472bb51a9c8ff021c7d63a88e532009 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 28 Jan 2025 12:36:47 +0100 Subject: [PATCH 0035/1064] try to fix whiteboard Signed-off-by: Simon L. --- Containers/whiteboard/Dockerfile | 2 ++ Containers/whiteboard/start.sh | 2 +- php/containers.json | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index d20705ef..1000ecbb 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -13,6 +13,8 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh HEALTHCHECK CMD /healthcheck.sh +WORKDIR /tmp + ENTRYPOINT ["/start.sh"] LABEL com.centurylinklabs.watchtower.enable="false" diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh index 576bd094..962df9b9 100644 --- a/Containers/whiteboard/start.sh +++ b/Containers/whiteboard/start.sh @@ -14,4 +14,4 @@ fi export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX" # Run it -exec npm run server:start +exec npm --prefix /app run server:start diff --git a/php/containers.json b/php/containers.json index 7a4d455f..32978f20 100644 --- a/php/containers.json +++ b/php/containers.json @@ -858,7 +858,7 @@ "3002" ], "tmpfs": [ - "/app" + "/tmp" ], "internal_port": "3002", "environment": [ From 417d36644f4ed51cecd262bd2422a266da4803ca Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 28 Jan 2025 12:42:33 +0100 Subject: [PATCH 0036/1064] talk: add set x for easier debugging Signed-off-by: Simon L. --- Containers/talk/start.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh index d1037f8c..185dde8a 100644 --- a/Containers/talk/start.sh +++ b/Containers/talk/start.sh @@ -30,12 +30,14 @@ if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_ IPv4_ADDRESS_TALK="" fi +set -x IP_BINDING="::" if grep -q "1" /sys/module/ipv6/parameters/disable \ || grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 \ || grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then IP_BINDING="0.0.0.0" fi +set +x # Turn cat << TURN_CONF > "/conf/eturnal.yml" From f03990199363ebd9cf4f78ac726980cd4bf2ffce Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 28 Jan 2025 13:03:43 +0100 Subject: [PATCH 0037/1064] fix whiteboard Signed-off-by: Simon L. --- php/containers.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/php/containers.json b/php/containers.json index 32978f20..d384053c 100644 --- a/php/containers.json +++ b/php/containers.json @@ -867,7 +867,8 @@ "JWT_SECRET_KEY=%WHITEBOARD_SECRET%", "STORAGE_STRATEGY=redis", "REDIS_HOST=nextcloud-aio-redis", - "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%" + "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%", + "BACKUP_DIR=/tmp" ], "secrets": [ "WHITEBOARD_SECRET", From bd09fc02b83528492c5eab6d9ebafe5cafd7f317 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 28 Jan 2025 12:32:17 +0000 Subject: [PATCH 0038/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 99efa300..8bebf41c 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -459,6 +459,8 @@ services: retries: 3 expose: - "3002" + tmpfs: + - /tmp environment: - TZ=${TIMEZONE} - NEXTCLOUD_URL=https://${NC_DOMAIN} @@ -466,6 +468,7 @@ services: - STORAGE_STRATEGY=redis - REDIS_HOST=nextcloud-aio-redis - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} + - BACKUP_DIR=/tmp restart: unless-stopped profiles: - whiteboard From 3a2b1a2efefd7e083fefe081d888df1a72663688 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 29 Jan 2025 10:28:36 +0100 Subject: [PATCH 0039/1064] fix space Signed-off-by: Simon L. --- Containers/nextcloud/config/s3.config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php index b973fbc4..cd08f7fc 100644 --- a/Containers/nextcloud/config/s3.config.php +++ b/Containers/nextcloud/config/s3.config.php @@ -30,4 +30,4 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { if ($sse_c_key) { $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key; } -} +} From f3ed548add2c9132e41144e68a350128708b3c43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 04:24:44 +0000 Subject: [PATCH 0040/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.1.2-alpine to 3.1.3-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 93ce5884..bad6ea3e 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.1.2-alpine +FROM haproxy:3.1.3-alpine # hadolint ignore=DL3002 USER root From ee3d2a4db75b87fb9eadcdb9cf6aa0dc7ca0413a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 30 Jan 2025 11:36:12 +0100 Subject: [PATCH 0041/1064] run-exec-commands.sh. adjust message when waiting for container Signed-off-by: Simon L. --- Containers/nextcloud/run-exec-commands.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh index e917a96d..4fff009c 100644 --- a/Containers/nextcloud/run-exec-commands.sh +++ b/Containers/nextcloud/run-exec-commands.sh @@ -2,7 +2,7 @@ # Wait until the apache container is ready while ! nc -z "$APACHE_HOST" "$APACHE_PORT"; do - echo "Waiting for Apache to become available..." + echo "Waiting for $APACHE_HOST to become available..." sleep 15 done From 8bac3fd2fe5499f745300611ecff6fade6987114 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 31 Jan 2025 05:09:47 +0000 Subject: [PATCH 0042/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.12.1.1 to 24.04.12.2.1. --- updated-dependencies: - dependency-name: collabora/code dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 08470f88..450d201e 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker -FROM collabora/code:24.04.12.1.1 +FROM collabora/code:24.04.12.2.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 1b3b38523869751d4bc6026e2efabca2e79b20d6 Mon Sep 17 00:00:00 2001 From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> Date: Sun, 2 Feb 2025 08:40:36 -0500 Subject: [PATCH 0043/1064] Update readme.md Add requirement for proxy support setting with fail2ban Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> --- community-containers/jellyseerr/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/jellyseerr/readme.md b/community-containers/jellyseerr/readme.md index d6e606df..756f2475 100644 --- a/community-containers/jellyseerr/readme.md +++ b/community-containers/jellyseerr/readme.md @@ -5,7 +5,7 @@ This container bundles Jellyseerr and auto-configures it for you. - This container is only intended to be used inside home networks as it uses http for its management page by default. - After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Jellyseerr instance, which can be used to manage Plex, Jellyfin, and Emby. - In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr. -- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban +- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban. Note that [enabling the proxy support option in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-proxy-support) is required for this to work properly. - The config of Jellyseerr will be automatically included in AIO's backup solution! - See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack. From 844dcd068b2e9a5bbf77ce24865903afce008153 Mon Sep 17 00:00:00 2001 From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> Date: Sun, 2 Feb 2025 08:47:02 -0500 Subject: [PATCH 0044/1064] Update readme.md Recommendation to enable CSRF protection when using with the caddy container Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> --- community-containers/jellyseerr/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/jellyseerr/readme.md b/community-containers/jellyseerr/readme.md index 756f2475..0d8e049d 100644 --- a/community-containers/jellyseerr/readme.md +++ b/community-containers/jellyseerr/readme.md @@ -4,7 +4,7 @@ This container bundles Jellyseerr and auto-configures it for you. ### Notes - This container is only intended to be used inside home networks as it uses http for its management page by default. - After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Jellyseerr instance, which can be used to manage Plex, Jellyfin, and Emby. -- In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr. +- In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr. Note that it is recommended to [enable CSRF protection in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-csrf-protection) for added security if you plan to use Jellyseerr outside the local network, but make sure to read up on it and understand the caveats first. - If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban. Note that [enabling the proxy support option in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-proxy-support) is required for this to work properly. - The config of Jellyseerr will be automatically included in AIO's backup solution! - See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack. From 13da99fa91ed73dbe72862d85603df9f34f864e0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sun, 2 Feb 2025 14:51:11 +0100 Subject: [PATCH 0045/1064] also add ui-secret to pi-hole and vaultwarden Signed-off-by: Simon L. --- community-containers/pi-hole/pi-hole.json | 1 + community-containers/pi-hole/readme.md | 2 +- community-containers/vaultwarden/readme.md | 2 +- community-containers/vaultwarden/vaultwarden.json | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/community-containers/pi-hole/pi-hole.json b/community-containers/pi-hole/pi-hole.json index da07fb8c..0f2f397b 100644 --- a/community-containers/pi-hole/pi-hole.json +++ b/community-containers/pi-hole/pi-hole.json @@ -48,6 +48,7 @@ "nextcloud_aio_pihole", "nextcloud_aio_pihole_dnsmasq" ], + "ui_secret": "PIHOLE_WEBPASSWORD", "secrets": [ "PIHOLE_WEBPASSWORD" ] diff --git a/community-containers/pi-hole/readme.md b/community-containers/pi-hole/readme.md index cdfdf641..7254f585 100644 --- a/community-containers/pi-hole/readme.md +++ b/community-containers/pi-hole/readme.md @@ -6,7 +6,7 @@ This container bundles pi-hole and auto-configures it for you. - Make sure that no dns server is already running by checking with `sudo netstat -tulpn | grep 53`. Otherwise the container will not be able to start! - The DHCP functionality of Pi-hole has been disabled! - The data of pi-hole will be automatically included in AIOs backup solution! -- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-pihole | grep WEBPASSWORD`. There you can configure the pi-hole setup. Also you can add local dns records. +- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573/admin` in order to log in with the admin key that you can see next to the container in the AIO interface. There you can configure the pi-hole setup. Also you can add local dns records. - You can configure your home network now to use pi-hole as its dns server by configuring your router. - Additionally, you can configure the docker daemon to use that by editing `/etc/docker/daemon.json` and adding ` { "dns" : [ "ip.address.of.this.server" , "8.8.8.8" ] } `. - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack diff --git a/community-containers/vaultwarden/readme.md b/community-containers/vaultwarden/readme.md index 450f8838..81f37010 100644 --- a/community-containers/vaultwarden/readme.md +++ b/community-containers/vaultwarden/readme.md @@ -6,7 +6,7 @@ This container bundles vaultwarden and auto-configures it for you. - Currently, only `bw.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, vaultwarden will use `bw.your-domain.com`. The reverse proxy and domain must be configured accordingly! - If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban - The data of Vaultwarden will be automatically included in AIOs backup solution! -- After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-vaultwarden | grep ADMIN_TOKEN`. There you can configure smtp first and then invite users via mail. After this is done, you might disable the admin panel via the reverse proxy by blocking connections to the subdirectory. +- After adding and starting the container, you need to visit `https://bw.your-domain.com/admin` in order to log in with the admin key that you can see next to the container in the AIO interface. There you can configure smtp first and then invite users via mail. After this is done, you might disable the admin panel via the reverse proxy by blocking connections to the subdirectory. - If using the caddy community container, the vaultwarden admin interface can be disabled by creating a `block-vaultwarden-admin` file in the `nextcloud-aio-caddy` folder when you open the Nextcloud files app with the default `admin` user. Afterwards restart all containers from the AIO interface and the admin interface should be disabled! You can unlock the admin interface by removing the file again and afterwards restarting the containers via the AIO interface. - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack diff --git a/community-containers/vaultwarden/vaultwarden.json b/community-containers/vaultwarden/vaultwarden.json index 0bacff7a..15f2114d 100644 --- a/community-containers/vaultwarden/vaultwarden.json +++ b/community-containers/vaultwarden/vaultwarden.json @@ -40,6 +40,7 @@ "backup_volumes": [ "nextcloud_aio_vaultwarden" ], + "ui_secret": "VAULTWARDEN_ADMIN_TOKEN", "secrets": [ "VAULTWARDEN_ADMIN_TOKEN" ] From 033c8b679832d535f58d563e600f8f88226f282c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Feb 2025 04:52:11 +0000 Subject: [PATCH 0046/1064] build(deps): bump clamav/clamav in /Containers/clamav Bumps clamav/clamav from 1.4.2-24 to 1.4.2-25. --- updated-dependencies: - dependency-name: clamav/clamav dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 7f039908..d6c266de 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.2-24 +FROM clamav/clamav:1.4.2-25 COPY clamav.conf /clamav.conf COPY --chmod=775 start.script /start.script From f2987232dab63d7ed117444930160706d4207e6a Mon Sep 17 00:00:00 2001 From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> Date: Mon, 3 Feb 2025 20:29:04 -0500 Subject: [PATCH 0047/1064] Update jellyseerr.json Eliminate tini errors Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> --- community-containers/jellyseerr/jellyseerr.json | 1 + 1 file changed, 1 insertion(+) diff --git a/community-containers/jellyseerr/jellyseerr.json b/community-containers/jellyseerr/jellyseerr.json index 1dc2895c..64472a8a 100644 --- a/community-containers/jellyseerr/jellyseerr.json +++ b/community-containers/jellyseerr/jellyseerr.json @@ -8,6 +8,7 @@ "image_tag": "latest", "internal_port": "5055", "restart": "unless-stopped", + "init": false, "ports": [ { "ip_binding": "%APACHE_IP_BINDING%", From cefdec414e4db395ebfbb0a1871aa775c284bdcc Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 4 Feb 2025 11:00:55 +0000 Subject: [PATCH 0048/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 2 +- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 2 +- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 2 +- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 2 +- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 2 +- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 4 +++- 14 files changed, 16 insertions(+), 14 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 97571e93..3931dc76 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.4.0 +version: 10.5.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index eae786e2..782ba09b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: nextcloud/aio-apache:20250122_091948 + image: nextcloud/aio-apache:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 730f9cf5..8beccf20 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-clamav:20250122_091948 + image: nextcloud/aio-clamav:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 69da6e1b..7c6341de 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -34,7 +34,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: nextcloud/aio-collabora:20250122_091948 + image: nextcloud/aio-collabora:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 1ab61316..f27bac21 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-postgresql:20250122_091948 + image: nextcloud/aio-postgresql:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index d4d3c1ad..9979136b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: nextcloud/aio-fulltextsearch:20250122_091948 + image: nextcloud/aio-fulltextsearch:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index f0dc68f6..302ed3b6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-imaginary:20250122_091948 + image: nextcloud/aio-imaginary:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 75c74fa1..fbbb6fb2 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -180,7 +180,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: nextcloud/aio-nextcloud:20250122_091948 + image: nextcloud/aio-nextcloud:20250204_102259 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index ef0455ad..2089d5bb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -53,7 +53,7 @@ spec: value: nextcloud-aio-redis - name: REDIS_HOST_PASSWORD value: "{{ .Values.REDIS_PASSWORD }}" - image: nextcloud/aio-notify-push:20250122_091948 + image: nextcloud/aio-notify-push:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 0bf7c2a6..c10aed88 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-onlyoffice:20250122_091948 + image: nextcloud/aio-onlyoffice:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index b2cfd07e..0b338e86 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-redis:20250122_091948 + image: nextcloud/aio-redis:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 3e827062..64a71bf6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk:20250122_091948 + image: nextcloud/aio-talk:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 10218a93..24a866ad 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk-recording:20250122_091948 + image: nextcloud/aio-talk-recording:20250204_102259 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 1ef71833..f72b98a1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -34,6 +34,8 @@ spec: {{- end }} containers: - env: + - name: BACKUP_DIR + value: /tmp - name: JWT_SECRET_KEY value: "{{ .Values.WHITEBOARD_SECRET }}" - name: NEXTCLOUD_URL @@ -46,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-whiteboard:20250122_091948 + image: nextcloud/aio-whiteboard:20250204_102259 readinessProbe: exec: command: From 7b65109126885966b091e2a6a58f1f83e3bb3eda Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Feb 2025 17:19:55 +0100 Subject: [PATCH 0049/1064] readme: add TOC Signed-off-by: Simon L. --- readme.md | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/readme.md b/readme.md index dd6f8334..79cdbb60 100644 --- a/readme.md +++ b/readme.md @@ -138,6 +138,100 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma 5. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! ## FAQ +- [Where can I find additional documentation?](#where-can-i-find-additional-documentation) +- [How does it work?](#how-does-it-work) +- [How to contribute?](#how-to-contribute) +- [How many users are possible?](#how-many-users-are-possible) +- [Are reverse proxies supported?](#are-reverse-proxies-supported) +- [Which CPU architectures are supported?](#which-cpu-architectures-are-supported) +- [Which ports are mandatory to be open in your firewall/router?](#which-ports-are-mandatory-to-be-open-in-your-firewallrouter) +- [Explanation of used ports:](#explanation-of-used-ports) +- [How to run AIO on macOS?](#how-to-run-aio-on-macos) +- [How to run AIO on Windows?](#how-to-run-aio-on-windows) +- [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm) +- [How to run AIO with Portainer?](#how-to-run-aio-with-portainer) +- [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale) +- [Notes on Cloudflare (proxy/tunnel)](#notes-on-cloudflare-proxytunnel) +- [How to run Nextcloud behind a Cloudflare Tunnel?](#how-to-run-nextcloud-behind-a-cloudflare-tunnel) +- [How to run Nextcloud via Tailscale?](#how-to-run-nextcloud-via-tailscale) +- [Disrecommended VPS providers](#disrecommended-vps-providers) +- [Recommended VPS](#recommended-vps) +- [Note on storage options](#note-on-storage-options) +- [How to get Nextcloud running using the ACME DNS-challenge?](#how-to-get-nextcloud-running-using-the-acme-dns-challenge) +- [How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.](#how-to-run-nextcloud-locally-no-domain-wanted-or-wanting-intranet-access-within-your-lan) +- [Can I use an ip-address for Nextcloud instead of a domain?](#can-i-use-an-ip-address-for-nextcloud-instead-of-a-domain) +- [Can I run AIO offline or in an airgapped system?](#can-i-run-aio-offline-or-in-an-airgapped-system) +- [Are self-signed certificates supported for Nextcloud?](#are-self-signed-certificates-supported-for-nextcloud) +- [Can I use AIO with multiple domains?](#can-i-use-aio-with-multiple-domains) +- [Are other ports than the default 443 for Nextcloud supported?](#are-other-ports-than-the-default-443-for-nextcloud-supported) +- [Can I run Nextcloud in a subdirectory on my domain?](#can-i-run-nextcloud-in-a-subdirectory-on-my-domain) +- [How can I access Nextcloud locally?](#how-can-i-access-nextcloud-locally) +- [How to skip the domain validation?](#how-to-skip-the-domain-validation) +- [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others) +- [Are there known problems when SELinux is enabled?](#are-there-known-problems-when-selinux-is-enabled) +- [How to run `occ` commands?](#how-to-run-occ-commands) +- [How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?](#how-to-resolve-security--setup-warnings-displays-the-missing-default-phone-region-after-initial-install) +- [How to run multiple AIO instances on one server?](#how-to-run-multiple-aio-instances-on-one-server) +- [Bruteforce protection FAQ](#bruteforce-protection-faq) +- [Update policy](#update-policy) +- [How to switch the channel?](#how-to-switch-the-channel) +- [How to update the containers?](#how-to-update-the-containers) + - [How often are update notifications sent?](#how-often-are-update-notifications-sent) +- [How to easily log in to the AIO interface?](#how-to-easily-log-in-to-the-aio-interface) +- [How to change the domain?](#how-to-change-the-domain) +- [How to properly reset the instance?](#how-to-properly-reset-the-instance) +- [Backup solution](#backup-solution) + - [What is getting backed up by AIO's backup solution?](#what-is-getting-backed-up-by-aios-backup-solution) + - [How to adjust borgs retention policy?](#how-to-adjust-borgs-retention-policy) + - [How to migrate from AIO to AIO?](#how-to-migrate-from-aio-to-aio) + - [Are remote borg backups supported?](#are-remote-borg-backups-supported) + - [Failure of the backup container in LXC containers](#failure-of-the-backup-container-in-lxc-containers) + - [How to create the backup volume on Windows?](#how-to-create-the-backup-volume-on-windows) + - [Pro-tip: Backup archives access](#pro-tip-backup-archives-access) + - [Delete backup archives manually](#delete-backup-archives-manually) + - [Sync local backups regularly to another drive](#sync-local-backups-regularly-to-another-drive) +- [How to stop/start/update containers or trigger the daily backup from a script externally?](#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally) +- [How to disable the backup section?](#how-to-disable-the-backup-section) +- [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir) +- [Can I use a CIFS/SMB share as Nextcloud's datadir?](#can-i-use-a-cifssmb-share-as-nextclouds-datadir) +- [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) +- [How to adjust the Talk port?](#how-to-adjust-the-talk-port) +- [How to adjust the upload limit for Nextcloud?](#how-to-adjust-the-upload-limit-for-nextcloud) +- [How to adjust the max execution time for Nextcloud?](#how-to-adjust-the-max-execution-time-for-nextcloud) +- [How to adjust the PHP memory limit for Nextcloud?](#how-to-adjust-the-php-memory-limit-for-nextcloud) +- [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error) +- [Can I run this with Docker swarm?](#can-i-run-this-with-docker-swarm) +- [Can I run this with Kubernetes?](#can-i-run-this-with-kubernetes) +- [How to run this with Docker rootless?](#can-i-run-this-with-podman-instead-of-docker) +- [How to change the Nextcloud apps that are installed on the first startup?](#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) +- [How to add OS packages permanently to the Nextcloud container?](#how-to-add-os-packages-permanently-to-the-nextcloud-container) +- [How to add PHP extensions permanently to the Nextcloud container?](#how-to-add-php-extensions-permanently-to-the-nextcloud-container) +- [What about the pdlib PHP extension for the facerecognition app?](#what-about-the-pdlib-php-extension-for-the-facerecognition-app) +- [How to enable hardware acceleration for Nextcloud?](#how-to-enable-hardware-acceleration-for-nextcloud) + - [With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia](#with-open-source-drivers-mesa-for-amd-intel-and-new-drivers-nouveau-for-nvidia) + - [With proprietary drivers for Nvidia :warning: BETA](#with-proprietary-drivers-for-nvidia-warning-beta) +- [How to keep disabled apps?](#how-to-keep-disabled-apps) +- [Huge docker logs](#huge-docker-logs) +- [Access/Edit Nextcloud files/folders manually](#accessedit-nextcloud-filesfolders-manually) +- [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive) +- [How to edit Nextclouds config.php file with a texteditor?](#how-to-edit-nextclouds-configphp-file-with-a-texteditor) +- [How to change default files by creating a custom skeleton directory?](#how-to-change-default-files-by-creating-a-custom-skeleton-directory) +- [Fail2ban](#fail2ban) +- [LDAP](#ldap) +- [Netdata](#netdata) +- [USER_SQL](#user_sql) +- [phpMyAdmin, Adminer or pgAdmin](#phpmyadmin-adminer-or-pgadmin) +- [Mail server](#mail-server) +- [How to migrate from an already existing Nextcloud installation to Nextcloud AIO?](#how-to-migrate-from-an-already-existing-nextcloud-installation-to-nextcloud-aio) +- [Requirements for integrating new containers](#requirements-for-integrating-new-containers) +- [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca) +- [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature) +- [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) +- [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges) + +## Where can I find additional documentation? +Some of the documentation is available on [GitHub Discussions](https://github.com/nextcloud/all-in-one/discussions/categories/wiki). + ### How does it work? Nextcloud AIO is inspired by projects like Portainer that manage the docker daemon by talking to it through the docker socket directly. This concept allows a user to install only one container with a single command that does the heavy lifting of creating and managing all containers that are needed in order to provide a Nextcloud installation with most features included. It also makes updating a breeze and is not bound to the host system (and its slow updates) anymore as everything is in containers. Additionally, it is very easy to handle from a user perspective because a simple interface for managing your Nextcloud AIO installation is provided. From 69ea9d1a7262e807224e1196eb8274e1e8302213 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Feb 2025 17:29:10 +0100 Subject: [PATCH 0050/1064] adjust detail Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 79cdbb60..5d8f735c 100644 --- a/readme.md +++ b/readme.md @@ -229,7 +229,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma - [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) - [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges) -## Where can I find additional documentation? +### Where can I find additional documentation? Some of the documentation is available on [GitHub Discussions](https://github.com/nextcloud/all-in-one/discussions/categories/wiki). ### How does it work? From 13afcd944ada6c754ddd784975fe8b9d7c504b1a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Feb 2025 19:29:22 +0100 Subject: [PATCH 0051/1064] borg: allow to exclude datadir and preview folder from backup via `.noaiobackup` file Signed-off-by: Simon L. --- Containers/borgbackup/backupscript.sh | 38 +++++++++++++++++++++++---- readme.md | 14 ++++++++++ 2 files changed, 47 insertions(+), 5 deletions(-) diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh index 9317d71a..5c6ddd99 100644 --- a/Containers/borgbackup/backupscript.sh +++ b/Containers/borgbackup/backupscript.sh @@ -185,13 +185,27 @@ if [ "$BORG_MODE" = backup ]; then # Borg options # auto,zstd compression seems to has the best ratio based on: # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6 - BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches) + BORG_OPTS=(-v --stats --compression "auto,zstd") if [ "$NEW_REPOSITORY" = 1 ]; then BORG_OPTS+=(--progress) fi # Exclude the nextcloud log and audit log for GDPR reasons BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log") + BORG_INCLUDE=() + + # Exclude datadir if .noaiobackup file was found + # shellcheck disable=SC2144 + if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup" ]; then + BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/") + BORG_INCLUDE+=(--pattern="+/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup") + echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from backup!" + # Exclude preview folder if .noaiobackup file was found + elif [ -f /nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup ]; then + BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/") + BORG_INCLUDE+=(--pattern="+/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup") + echo "⚠️⚠️⚠️ '.noaiobackup' file was found in the preview directory. Excluding the preview directory from backup!" + fi # Make sure that there is always a borg.config file before creating a new backup if ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then @@ -203,7 +217,7 @@ if [ "$BORG_MODE" = backup ]; then # Create the backup echo "Starting the backup..." get_start_time - if ! borg create "${BORG_OPTS[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then + if ! borg create "${BORG_OPTS[@]}" "${BORG_INCLUDE[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then echo "Deleting the failed backup archive..." borg delete --stats "::$CURRENT_DATE-nextcloud-aio" echo "Backup failed!" @@ -320,16 +334,30 @@ if [ "$BORG_MODE" = restore ]; then fi echo "Restoring '$SELECTED_ARCHIVE'..." - # Exclude previews from restore if selected to speed up process ADDITIONAL_RSYNC_EXCLUDES=() ADDITIONAL_BORG_EXCLUDES=() ADDITIONAL_FIND_EXCLUDES=() - if [ -n "$RESTORE_EXCLUDE_PREVIEWS" ]; then + # Exclude datadir if .noaiobackup file was found + # shellcheck disable=SC2144 + if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup" ]; then + # Keep these 3 in sync. Beware, the pattern syntax and the paths differ + ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/**") + ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/**") + ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data\(/.*\)?') + echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from restore!" + echo "You might run into problems due to this afterwards as potentially this makes the directory go out of sync with the database." + echo "You might be able to fix this by running 'occ files:scan --all' and 'occ maintenance:repair' and 'occ files:scan-app-data' after the restore." + echo "See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands" + # Exclude previews from restore if selected to speed up process or exclude preview folder if .noaiobackup file was found + elif [ -n "$RESTORE_EXCLUDE_PREVIEWS" ] || [ -f /nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup ]; then # Keep these 3 in sync. Beware, the pattern syntax and the paths differ ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/appdata_*/preview/**") ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/**") ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_[^/]*/preview\(/.*\)?') - echo "Excluding previews from restore" + echo "⚠️⚠️⚠️ Excluding previews from restore!" + echo "You might run into problems due to this afterwards as potentially this makes the directory go out of sync with the database." + echo "You might be able to fix this by running 'occ files:scan-app-data preview' after the restore." + echo "See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands" fi # Save Additional Backup dirs diff --git a/readme.md b/readme.md index 5d8f735c..d64ac365 100644 --- a/readme.md +++ b/readme.md @@ -190,6 +190,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma - [Pro-tip: Backup archives access](#pro-tip-backup-archives-access) - [Delete backup archives manually](#delete-backup-archives-manually) - [Sync local backups regularly to another drive](#sync-local-backups-regularly-to-another-drive) + - [How to exclude Nextcloud's data directory or the preview folder from backup?](#how-to-exclude-nextclouds-data-directory-or-the-preview-folder-from-backup) - [How to stop/start/update containers or trigger the daily backup from a script externally?](#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally) - [How to disable the backup section?](#how-to-disable-the-backup-section) - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir) @@ -749,6 +750,19 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup 1. Add the following new line to the crontab if not already present: `0 20 * * 7 /root/backup-script.sh` which will run the script at 20:00 on Sundays each week. 1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`). +#### How to exclude Nextcloud's data directory or the preview folder from backup? +In order to speed up the backups and to keep the backup archives small, you might want to exclude Nextcloud's data directory or its preview folder from backup. + +> [!WARNING] +> However please note that you will run into problems if the database and the data directory or preview folder get out of sync. **So please only read further, if you have an additional external backup of the data directory!** See [this guide](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) for example. + +> [!TIP] +> A better option is to use the external storage app inside Nextcloud as the data connected via the external storage app is not backed up by AIO's backup solution. See [this documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/external_storage_configuration_gui.html) on how to configure the app. + +If you still want to proceed, you can exclude the data directory by simply creating a `.noaiobackup` file in the root directory of the specified `NEXTCLOUD_DATADIR` target. The same logic is implemented for the preview folder that is located inside the data directory, inside the `appdata_*/preview` folder. So simply create a `.noaiobackup` file in there if you want to exclude the preview folder. + +After doing a restore via the AIO interface, you might run into problems due to the data directory and database being out of sync. You might be able to fix this by running `occ files:scan --all` and `occ maintenance:repair` and `occ files:scan-app-data`. See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands. If only the preview folder is excluded, the command `occ files:scan-app-data preview` should be used. + ### How to stop/start/update containers or trigger the daily backup from a script externally? > [!WARNING] > The below script will only work after the initial setup of AIO. So you will always need to first visit the AIO interface, type in your domain and start the containers the first time or restore an older AIO instance from its borg backup before you can use the script. From 4a00eb93470f047b9127593790b895724c52e241 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 5 Feb 2025 13:48:54 +0100 Subject: [PATCH 0052/1064] scrutiny-cc: improve documentation Signed-off-by: Simon L. --- community-containers/scrutiny/readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/community-containers/scrutiny/readme.md b/community-containers/scrutiny/readme.md index 8beb3869..dc972d44 100644 --- a/community-containers/scrutiny/readme.md +++ b/community-containers/scrutiny/readme.md @@ -1,11 +1,12 @@ ## Scrutiny -This container bundles Scrutiny and auto-configures it for you. +This container bundles Scrutiny which is a frontend for SMART stats and auto-configures it for you. ### Notes - This container should only be run in home networks - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the drives and smartctl stats which is a security issue. However no better solution was found for the time being. - This container only works on Linux and not on Docker-Desktop. - After adding and starting the container, you need to visit `http://internal.ip.of.server:8000` which will show the dashboard for your drives. +- It currently does not support sending notifications as no good solution was found yet that makes this possible. See https://github.com/szaimen/aio-scrutiny/issues/3 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository From 75f00d4e7e17b74b770b0e805201fa8d7c51a30a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Feb 2025 04:48:12 +0000 Subject: [PATCH 0053/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.23.5-alpine3.21 to 1.23.6-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index f78f2ad5..d8847808 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.23.5-alpine3.21 AS go +FROM golang:1.23.6-alpine3.21 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From 3a19de9e654d7ee62727345e8e205612226a0359 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Feb 2025 05:02:37 +0000 Subject: [PATCH 0054/1064] build(deps): bump python in /Containers/talk-recording Bumps python from 3.13.1-alpine3.21 to 3.13.2-alpine3.21. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk-recording/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index 26b7baab..bc971ab4 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.13.1-alpine3.21 +FROM python:3.13.2-alpine3.21 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 3c83570360606362a25221ea4610f6215e420623 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 7 Feb 2025 12:06:53 +0000 Subject: [PATCH 0055/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 52 +++++++++++++++++++++++------------------------ 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 37cc3db7..4ae29f5a 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -391,32 +391,32 @@ }, { "name": "laravel/serializable-closure", - "version": "v1.3.7", + "version": "v2.0.2", "source": { "type": "git", "url": "https://github.com/laravel/serializable-closure.git", - "reference": "4f48ade902b94323ca3be7646db16209ec76be3d" + "reference": "2e1a362527783bcab6c316aad51bf36c5513ae44" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/4f48ade902b94323ca3be7646db16209ec76be3d", - "reference": "4f48ade902b94323ca3be7646db16209ec76be3d", + "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/2e1a362527783bcab6c316aad51bf36c5513ae44", + "reference": "2e1a362527783bcab6c316aad51bf36c5513ae44", "shasum": "" }, "require": { - "php": "^7.3|^8.0" + "php": "^8.1" }, "require-dev": { - "illuminate/support": "^8.0|^9.0|^10.0|^11.0", - "nesbot/carbon": "^2.61|^3.0", - "pestphp/pest": "^1.21.3", - "phpstan/phpstan": "^1.8.2", - "symfony/var-dumper": "^5.4.11|^6.2.0|^7.0.0" + "illuminate/support": "^10.0|^11.0|^12.0", + "nesbot/carbon": "^2.67|^3.0", + "pestphp/pest": "^2.36|^3.0", + "phpstan/phpstan": "^2.0", + "symfony/var-dumper": "^6.2.0|^7.0.0" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.x-dev" + "dev-master": "2.x-dev" } }, "autoload": { @@ -448,7 +448,7 @@ "issues": "https://github.com/laravel/serializable-closure/issues", "source": "https://github.com/laravel/serializable-closure" }, - "time": "2024-11-14T18:34:49+00:00" + "time": "2025-01-24T15:42:37+00:00" }, { "name": "nikic/fast-route", @@ -557,20 +557,20 @@ }, { "name": "php-di/php-di", - "version": "7.0.7", + "version": "7.0.8", "source": { "type": "git", "url": "https://github.com/PHP-DI/PHP-DI.git", - "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1" + "reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/e87435e3c0e8f22977adc5af0d5cdcc467e15cf1", - "reference": "e87435e3c0e8f22977adc5af0d5cdcc467e15cf1", + "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/98ddc81f8f768a2ad39e4cbe737285eaeabe577a", + "reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a", "shasum": "" }, "require": { - "laravel/serializable-closure": "^1.0", + "laravel/serializable-closure": "^1.0 || ^2.0", "php": ">=8.0", "php-di/invoker": "^2.0", "psr/container": "^1.1 || ^2.0" @@ -582,7 +582,7 @@ "friendsofphp/php-cs-fixer": "^3", "friendsofphp/proxy-manager-lts": "^1", "mnapoli/phpunit-easymock": "^1.3", - "phpunit/phpunit": "^9.5", + "phpunit/phpunit": "^9.6", "vimeo/psalm": "^4.6" }, "suggest": { @@ -614,7 +614,7 @@ ], "support": { "issues": "https://github.com/PHP-DI/PHP-DI/issues", - "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.7" + "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.8" }, "funding": [ { @@ -626,7 +626,7 @@ "type": "tidelift" } ], - "time": "2024-07-21T15:55:45+00:00" + "time": "2025-01-28T21:02:46+00:00" }, { "name": "php-di/slim-bridge", @@ -1633,16 +1633,16 @@ }, { "name": "twig/twig", - "version": "v3.18.0", + "version": "v3.19.0", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50" + "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50", - "reference": "acffa88cc2b40dbe42eaf3a5025d6c0d4600cc50", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/d4f8c2b86374f08efc859323dbcd95c590f7124e", + "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e", "shasum": "" }, "require": { @@ -1697,7 +1697,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.18.0" + "source": "https://github.com/twigphp/Twig/tree/v3.19.0" }, "funding": [ { @@ -1709,7 +1709,7 @@ "type": "tidelift" } ], - "time": "2024-12-29T10:51:50+00:00" + "time": "2025-01-29T07:06:14+00:00" } ], "packages-dev": [ From ee5db17004124b03a3e0d0dcc571e206e41eb6b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 04:43:37 +0000 Subject: [PATCH 0056/1064] build(deps): bump clamav/clamav in /Containers/clamav Bumps clamav/clamav from 1.4.2-25 to 1.4.2-26. --- updated-dependencies: - dependency-name: clamav/clamav dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index d6c266de..73737720 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.2-25 +FROM clamav/clamav:1.4.2-26 COPY clamav.conf /clamav.conf COPY --chmod=775 start.script /start.script From b340152d80fe90f047539601463a2a28d7f207f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Feb 2025 04:45:11 +0000 Subject: [PATCH 0057/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.12.2.1 to 24.04.12.3.1. --- updated-dependencies: - dependency-name: collabora/code dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 450d201e..8766eb32 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker -FROM collabora/code:24.04.12.2.1 +FROM collabora/code:24.04.12.3.1 USER root ARG DEBIAN_FRONTEND=noninteractive From abec1ef10283a4bf33d976145d41b7313398c712 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 11 Feb 2025 10:11:38 +0100 Subject: [PATCH 0058/1064] notify-push: add timezone to container Signed-off-by: Simon L. --- php/containers.json | 1 + 1 file changed, 1 insertion(+) diff --git a/php/containers.json b/php/containers.json index d384053c..4bfe5d0e 100644 --- a/php/containers.json +++ b/php/containers.json @@ -300,6 +300,7 @@ "environment": [ "NC_DOMAIN=%NC_DOMAIN%", "NEXTCLOUD_HOST=nextcloud-aio-nextcloud", + "TZ=%TIMEZONE%", "REDIS_HOST=nextcloud-aio-redis", "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%", "POSTGRES_HOST=nextcloud-aio-database", From 6170e699c50960265940dc4d4c84a25b9fefeb63 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 11 Feb 2025 14:21:17 +0100 Subject: [PATCH 0059/1064] manual-upgrade: add note that method 1 seems to be currently broken Signed-off-by: Simon L. --- manual-upgrade.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/manual-upgrade.md b/manual-upgrade.md index 517c217f..43aaebb2 100644 --- a/manual-upgrade.md +++ b/manual-upgrade.md @@ -7,7 +7,11 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d --- -## Method 1 +## Method 1 using `assaflavie/runlike` + +> [!Warning] +> Please note that this method is apparently currently broken. See https://help.nextcloud.com/t/manual-upgrade-keeps-failing/217164/10 +> So please refer to method 2 using Portainer. 1. Start all containers from the AIO interface - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem @@ -54,14 +58,11 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d --- -## Method 2 +## Method 2 using Portainer #### *Approach using portainer if method 1 does not work for you* Prerequisite: have all containers from AIO interface running. -
-Click to expand - ##### 1. Install portainer if not installed: ```bash docker volume create portainer_data @@ -119,5 +120,3 @@ docker rm portainer docker volume rm portainer_data ``` - Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts. - -
From b3d8cf78fbb1864e8719f4fecbbff227e83d2a18 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 11 Feb 2025 14:32:47 +0100 Subject: [PATCH 0060/1064] readme: add chapter how to adjust version and trashbin retention policy Signed-off-by: Simon L. --- readme.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/readme.md b/readme.md index 5d8f735c..ad370f3e 100644 --- a/readme.md +++ b/readme.md @@ -216,6 +216,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive) - [How to edit Nextclouds config.php file with a texteditor?](#how-to-edit-nextclouds-configphp-file-with-a-texteditor) - [How to change default files by creating a custom skeleton directory?](#how-to-change-default-files-by-creating-a-custom-skeleton-directory) +- [How to adjust the version retention policy and trashbin retention policy?](#how-to-adjust-the-version-retention-policy-and-trashbin-retention-policy) - [Fail2ban](#fail2ban) - [LDAP](#ldap) - [Netdata](#netdata) @@ -926,6 +927,9 @@ You can edit Nextclouds config.php file directly from the host with your favorit ### How to change default files by creating a custom skeleton directory? All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration. To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory). +### How to adjust the version retention policy and trashbin retention policy? +By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html. + ### Fail2ban You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban From b87b3f7efea7472f7a06efecda57a05ae531556f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 11 Feb 2025 14:35:11 +0100 Subject: [PATCH 0061/1064] update OO Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index 6fdac5bd..3289e1b1 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:8.2.2.1 +FROM onlyoffice/documentserver:8.3.0.1 # USER root is probably used From f9fe028f77f16e655e8e7416c82bfc5a50c452e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Feb 2025 04:43:19 +0000 Subject: [PATCH 0062/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.17.1 to 8.17.2. --- updated-dependencies: - dependency-name: elasticsearch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 7bcac338..68f12b7b 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.17.1 +FROM elasticsearch:8.17.2 USER root From 4f86b0ad0a8557c1aa211104a29c664d5cc0fe01 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 12 Feb 2025 12:03:01 +0000 Subject: [PATCH 0063/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 4ae29f5a..ec60ad7f 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -391,16 +391,16 @@ }, { "name": "laravel/serializable-closure", - "version": "v2.0.2", + "version": "v2.0.3", "source": { "type": "git", "url": "https://github.com/laravel/serializable-closure.git", - "reference": "2e1a362527783bcab6c316aad51bf36c5513ae44" + "reference": "f379c13663245f7aa4512a7869f62eb14095f23f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/2e1a362527783bcab6c316aad51bf36c5513ae44", - "reference": "2e1a362527783bcab6c316aad51bf36c5513ae44", + "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/f379c13663245f7aa4512a7869f62eb14095f23f", + "reference": "f379c13663245f7aa4512a7869f62eb14095f23f", "shasum": "" }, "require": { @@ -448,7 +448,7 @@ "issues": "https://github.com/laravel/serializable-closure/issues", "source": "https://github.com/laravel/serializable-closure" }, - "time": "2025-01-24T15:42:37+00:00" + "time": "2025-02-11T15:03:05+00:00" }, { "name": "nikic/fast-route", From 1ea7f48f9f6d5d8710aef33d7736314ebe3abe5c Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 12 Feb 2025 12:03:12 +0000 Subject: [PATCH 0064/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 8bebf41c..d0f74a5a 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -202,6 +202,7 @@ services: environment: - NC_DOMAIN - NEXTCLOUD_HOST=nextcloud-aio-nextcloud + - TZ=${TIMEZONE} - REDIS_HOST=nextcloud-aio-redis - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} - POSTGRES_HOST=nextcloud-aio-database From b1f14ea1871666d49531e03df4b482ce51191145 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Feb 2025 04:16:57 +0000 Subject: [PATCH 0065/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.23.6-alpine3.21 to 1.24.0-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index d8847808..29935325 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.23.6-alpine3.21 AS go +FROM golang:1.24.0-alpine3.21 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From aa94662aa7668606db8552cc2c54820a62123c7c Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 13 Feb 2025 12:03:05 +0000 Subject: [PATCH 0066/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index ec60ad7f..8cb814c0 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -1633,24 +1633,23 @@ }, { "name": "twig/twig", - "version": "v3.19.0", + "version": "v3.20.0", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e" + "reference": "3468920399451a384bef53cf7996965f7cd40183" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/d4f8c2b86374f08efc859323dbcd95c590f7124e", - "reference": "d4f8c2b86374f08efc859323dbcd95c590f7124e", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/3468920399451a384bef53cf7996965f7cd40183", + "reference": "3468920399451a384bef53cf7996965f7cd40183", "shasum": "" }, "require": { - "php": ">=8.0.2", + "php": ">=8.1.0", "symfony/deprecation-contracts": "^2.5|^3", "symfony/polyfill-ctype": "^1.8", - "symfony/polyfill-mbstring": "^1.3", - "symfony/polyfill-php81": "^1.29" + "symfony/polyfill-mbstring": "^1.3" }, "require-dev": { "phpstan/phpstan": "^2.0", @@ -1697,7 +1696,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.19.0" + "source": "https://github.com/twigphp/Twig/tree/v3.20.0" }, "funding": [ { @@ -1709,7 +1708,7 @@ "type": "tidelift" } ], - "time": "2025-01-29T07:06:14+00:00" + "time": "2025-02-13T08:34:43+00:00" } ], "packages-dev": [ From afba1368eaaf2c3336e5c266e16e816c6bd38e6e Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 14 Feb 2025 12:02:55 +0000 Subject: [PATCH 0067/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 8cb814c0..0c72e6dd 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -2699,16 +2699,16 @@ }, { "name": "phpstan/phpdoc-parser", - "version": "2.0.0", + "version": "2.0.1", "source": { "type": "git", "url": "https://github.com/phpstan/phpdoc-parser.git", - "reference": "c00d78fb6b29658347f9d37ebe104bffadf36299" + "reference": "72e51f7c32c5aef7c8b462195b8c599b11199893" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/c00d78fb6b29658347f9d37ebe104bffadf36299", - "reference": "c00d78fb6b29658347f9d37ebe104bffadf36299", + "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/72e51f7c32c5aef7c8b462195b8c599b11199893", + "reference": "72e51f7c32c5aef7c8b462195b8c599b11199893", "shasum": "" }, "require": { @@ -2740,9 +2740,9 @@ "description": "PHPDoc parser with support for nullable, intersection and generic types", "support": { "issues": "https://github.com/phpstan/phpdoc-parser/issues", - "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.0" + "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.1" }, - "time": "2024-10-13T11:29:49+00:00" + "time": "2025-02-13T12:25:43+00:00" }, { "name": "sebastian/diff", From 52b8f7bccb9365fc40e62b6e98bb0c4ff208c1ad Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 14 Feb 2025 12:11:15 +0000 Subject: [PATCH 0068/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 04606113..3bd9b5f7 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=30.0.5 +ENV NEXTCLOUD_VERSION=30.0.6 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From db77606f55f456bbf285be5cd51c66b42d19181f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 04:59:41 +0000 Subject: [PATCH 0069/1064] build(deps): bump alpine from 3.21.2 to 3.21.3 in /Containers/borgbackup Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/borgbackup/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile index 120bedf2..d2f78df2 100644 --- a/Containers/borgbackup/Dockerfile +++ b/Containers/borgbackup/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21.2 +FROM alpine:3.21.3 RUN set -ex; \ \ From da2358644113ff38a12cf2cc0e7bf754f761ce8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 04:59:43 +0000 Subject: [PATCH 0070/1064] build(deps): bump clamav/clamav in /Containers/clamav Bumps clamav/clamav from 1.4.2-26 to 1.4.2-27. --- updated-dependencies: - dependency-name: clamav/clamav dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 73737720..3825d6c8 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.2-26 +FROM clamav/clamav:1.4.2-27 COPY clamav.conf /clamav.conf COPY --chmod=775 start.script /start.script From 847fe97e47e3f52b6121d017d72a5e21fe55df32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 04:59:49 +0000 Subject: [PATCH 0071/1064] build(deps): bump alpine in /Containers/domaincheck Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/domaincheck/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile index b1fe44be..d36a2611 100644 --- a/Containers/domaincheck/Dockerfile +++ b/Containers/domaincheck/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21.2 +FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache bash lighttpd netcat-openbsd; \ From 7cf6486c520facf609ec97212d3d663f10eb4ddd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 04:59:54 +0000 Subject: [PATCH 0072/1064] build(deps): bump alpine from 3.21.2 to 3.21.3 in /Containers/imaginary Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 29935325..dfa97d11 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -13,7 +13,7 @@ RUN set -ex; \ build-base; \ go install github.com/h2non/imaginary@"$IMAGINARY_HASH"; -FROM alpine:3.21.2 +FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ From 07bfea3b6c1ef59d0425010a249d1032f7aa311e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 05:00:04 +0000 Subject: [PATCH 0073/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.3.16-fpm-alpine3.21 to 8.3.17-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 51081511..c7da9741 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:27.5.1-cli AS docker FROM caddy:2.9.1-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile -FROM php:8.3.16-fpm-alpine3.21 +FROM php:8.3.17-fpm-alpine3.21 EXPOSE 80 EXPOSE 8080 From c4a332eab13b7096fc4c26219ac95beacdae3075 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 05:00:25 +0000 Subject: [PATCH 0074/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.16-fpm-alpine3.21 to 8.3.17-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 3bd9b5f7..9af52cd8 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.16-fpm-alpine3.21 +FROM php:8.3.17-fpm-alpine3.21 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From c58c789f58b78162c3118859dc80293054f86f72 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 05:00:28 +0000 Subject: [PATCH 0075/1064] build(deps): bump alpine in /Containers/notify-push Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/notify-push/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile index 21b83b68..15fd98a0 100644 --- a/Containers/notify-push/Dockerfile +++ b/Containers/notify-push/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21.2 +FROM alpine:3.21.3 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From dd74c9b3af05703a8cb2c7628c6f789ea1da9ff7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 05:00:45 +0000 Subject: [PATCH 0076/1064] build(deps): bump alpine from 3.21.2 to 3.21.3 in /Containers/talk Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index b334fd1b..e050e926 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -2,7 +2,7 @@ FROM nats:2.10.25-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling -FROM alpine:3.21.2 AS janus +FROM alpine:3.21.3 AS janus ARG JANUS_VERSION=v1.3.0 WORKDIR /src @@ -34,7 +34,7 @@ RUN set -ex; \ make configs; \ rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample -FROM alpine:3.21.2 +FROM alpine:3.21.3 ENV ETURNAL_ETC_DIR="/conf" COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local COPY --from=eturnal --chmod=777 --chown=1000:1000 /opt/eturnal /opt/eturnal From 50050574c72004a8cb7c54c669ecb7c6cb838f2e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 05:01:02 +0000 Subject: [PATCH 0077/1064] build(deps): bump alpine from 3.21.2 to 3.21.3 in /Containers/watchtower Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 8a0592fe..8bd5da34 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -2,7 +2,7 @@ # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained FROM containrrr/watchtower:1.7.1 AS watchtower -FROM alpine:3.21.2 +FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ From cca7eef06be5bf62d4e0558e39974eeab33d97bb Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Feb 2025 18:05:09 +0100 Subject: [PATCH 0078/1064] FTS: allow to adjust the ES_JAVA_OPTS Signed-off-by: Simon L. --- Containers/fulltextsearch/Dockerfile | 1 + compose.yaml | 1 + manual-install/latest.yml | 2 +- manual-install/sample.conf | 1 + manual-install/update-yaml.sh | 1 + .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 2 +- nextcloud-aio-helm-chart/update-helm.sh | 2 ++ nextcloud-aio-helm-chart/values.yaml | 1 + php/containers.json | 2 +- php/src/Data/ConfigurationManager.php | 7 +++++++ php/src/Docker/DockerActionManager.php | 2 ++ readme.md | 6 +++++- tests/QA/060-environmental-variables.md | 1 + 13 files changed, 25 insertions(+), 4 deletions(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 7bcac338..dcc52fda 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -22,3 +22,4 @@ USER 1000:0 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" +ENV ES_JAVA_OPTS="-Xms512M -Xmx512M" diff --git a/compose.yaml b/compose.yaml index 61c81a44..a72fbf50 100644 --- a/compose.yaml +++ b/compose.yaml @@ -20,6 +20,7 @@ services: # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature + # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options # NEXTCLOUD_DATADIR: /mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 8bebf41c..daf85630 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -429,7 +429,7 @@ services: - "9200" environment: - TZ=${TIMEZONE} - - ES_JAVA_OPTS=-Xms512M -Xmx512M + - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS} - bootstrap.memory_lock=true - cluster.name=nextcloud-aio - discovery.type=single-node diff --git a/manual-install/sample.conf b/manual-install/sample.conf index 79fa9b36..de7dd709 100644 --- a/manual-install/sample.conf +++ b/manual-install/sample.conf @@ -26,6 +26,7 @@ APACHE_MAX_SIZE=17179869184 # This needs to be an integer and in sync w APACHE_PORT=443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container. +FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options. INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index 95c99426..5a4af271 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -93,6 +93,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com # TODO! Needs to be chang sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD= # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin # TODO! This is the timezone that your containers will use.|' sample.conf sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf +sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options.|' sample.conf sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes" # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 9979136b..ab8ba44a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -35,7 +35,7 @@ spec: containers: - env: - name: ES_JAVA_OPTS - value: -Xms512M -Xmx512M + value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}" - name: FULLTEXTSEARCH_PASSWORD value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}" - name: TZ diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 3a8fff29..6f54d824 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -306,6 +306,8 @@ cat << EOL > /tmp/additional.config EOL # shellcheck disable=SC1083 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*fulltextsearch-deployment.yaml' -exec sed -i 's/{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS }}/{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}/' \{} \; # Additional config cat << EOL > /tmp/additional-apache.config diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml index 3f760504..bbf597f3 100755 --- a/nextcloud-aio-helm-chart/values.yaml +++ b/nextcloud-aio-helm-chart/values.yaml @@ -25,6 +25,7 @@ APACHE_MAX_SIZE: "17179869184" # This needs to be an integer and in syn APACHE_PORT: 443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru # You can change this in order to enable other dictionaries for collabora COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container. +FULLTEXTSEARCH_JAVA_OPTIONS: -Xms512M -Xmx512M # Allows to adjust the fulltextsearch java options. INSTALL_LATEST_MAJOR: no # Setting this to yes will install the latest Major Nextcloud version upon the first installation NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. diff --git a/php/containers.json b/php/containers.json index d384053c..846a60d8 100644 --- a/php/containers.json +++ b/php/containers.json @@ -785,7 +785,7 @@ "internal_port": "9200", "environment": [ "TZ=%TIMEZONE%", - "ES_JAVA_OPTS=-Xms512M -Xmx512M", + "ES_JAVA_OPTS=%FULLTEXTSEARCH_JAVA_OPTIONS%", "bootstrap.memory_lock=true", "cluster.name=nextcloud-aio", "discovery.type=single-node", diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index a06f666c..d8c0c8ec 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -714,6 +714,13 @@ class ConfigurationManager return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); } + public function GetFulltextsearchJavaOptions() : string { + $envVariableName = 'FULLTEXTSEARCH_JAVA_OPTIONS'; + $configName = 'fulltextsearch_java_options'; + $defaultValue = '-Xms512M -Xmx512M'; + return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + } + public function GetDockerSocketPath() : string { $envVariableName = 'WATCHTOWER_DOCKER_SOCKET_PATH'; $configName = 'docker_socket_path'; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index e98a5237..a22b2efb 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -357,6 +357,8 @@ readonly class DockerActionManager { $replacements[1] = $this->configurationManager->GetNextcloudMaxTime(); } elseif ($out[1] === 'BORG_RETENTION_POLICY') { $replacements[1] = $this->configurationManager->GetBorgRetentionPolicy(); + } elseif ($out[1] === 'FULLTEXTSEARCH_JAVA_OPTIONS') { + $replacements[1] = $this->configurationManager->GetFulltextsearchJavaOptions(); } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') { $replacements[1] = $this->configurationManager->GetTrustedCacertsDir(); } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') { diff --git a/readme.md b/readme.md index 5d8f735c..dbd4eda5 100644 --- a/readme.md +++ b/readme.md @@ -226,6 +226,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma - [Requirements for integrating new containers](#requirements-for-integrating-new-containers) - [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca) - [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature) +- [How to adjust the Fulltextsearch Java options?](#how-to-adjust-the-fulltextsearch-java-options) - [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) - [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges) @@ -970,7 +971,10 @@ When using `docker run`, the environmental variable can be set with `--env NEXTC In order for the value to be valid, the path should start with `/` and not end with `/` and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things. ### How to disable Collabora's Seccomp feature? -The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work. +The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. + +### How to adjust the Fulltextsearch Java options? +The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which might not be enough on some systems. You can adjust this by adding e.g. `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. ### How to enable automatic updates without creating a backup beforehand? If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md index fd6a4dca..b2fadceb 100644 --- a/tests/QA/060-environmental-variables.md +++ b/tests/QA/060-environmental-variables.md @@ -12,6 +12,7 @@ - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values. - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values. - [ ] When starting the mastercontainer with `--env BORG_RETENTION_POLICY="--keep-within=1d --keep-weekly=1 --keep-monthly=1"` it should change borgs retention policy to the defined one. This can be checked when creating a backup and looking at the logs. +- [ ] When starting the mastercontainer with `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` it should change Elasticsearchs `ES_JAVA_OPTS` options to the defined one. This can be checked by checking the `ES_JAVA_OPTS` variable for the nextcloud-aio-fulltextsearch container. - [ ] When starting the mastercontainer with `--env WATCHTOWER_DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless. - [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled. - [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host. From b60db873218299f82ca64f106e57a17d270dc4be Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 17 Feb 2025 11:50:52 +0100 Subject: [PATCH 0079/1064] aio-interface: show checkbox for hub 10 Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- php/templates/containers.twig | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 8c2d3abe..ee439824 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -171,7 +171,7 @@ readonly class DockerController { } if (isset($request->getParsedBody()['install_latest_major'])) { - $installLatestMajor = 30; + $installLatestMajor = 31; } else { $installLatestMajor = ""; } diff --git a/php/templates/containers.twig b/php/templates/containers.twig index f167dd5d..fb5c5b24 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -33,7 +33,7 @@ {% set isBackupOrRestoreRunning = false %} {% set isApacheStarting = false %} {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #} - {% set newMajorVersion = '' %} + {% set newMajorVersion = 31 %} {% if is_backup_container_running == true %} {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %} @@ -322,7 +322,7 @@ {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
Note about Nextcloud Hub {{ newMajorVersion - 21 }} -

If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow this documentation

+

If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow this documentation

{% endif %} {% endif %} From 62c4cd4188661c9949a0cff186ee536829a8137f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 17 Feb 2025 11:53:14 +0100 Subject: [PATCH 0080/1064] increase to 10.6.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index fb5c5b24..03fe7802 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
-

Nextcloud AIO v10.5.0

+

Nextcloud AIO v10.6.0

{# Add 2nd tab warning #} From c684ce206c41c1d9f67f87b0e6368ad653be780b Mon Sep 17 00:00:00 2001 From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> Date: Mon, 10 Feb 2025 08:19:47 -0500 Subject: [PATCH 0081/1064] Allow Jellyfin write access to NEXTCLOUD_MOUNT Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> --- community-containers/jellyfin/jellyfin.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/jellyfin/jellyfin.json b/community-containers/jellyfin/jellyfin.json index 47972588..f0840913 100644 --- a/community-containers/jellyfin/jellyfin.json +++ b/community-containers/jellyfin/jellyfin.json @@ -25,7 +25,7 @@ { "source": "%NEXTCLOUD_MOUNT%", "destination": "%NEXTCLOUD_MOUNT%", - "writeable": false + "writeable": true } ], "devices": [ From 577b22192dc32f7f0d934bf7308601d4ab202a14 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Feb 2025 05:04:22 +0000 Subject: [PATCH 0082/1064] build(deps): bump postgres in /Containers/postgresql Bumps postgres from 16.6-alpine to 16.7-alpine. --- updated-dependencies: - dependency-name: postgres dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/postgresql/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index 40479f97..a537d0a2 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile -FROM postgres:16.6-alpine +FROM postgres:16.7-alpine COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 61749514a179ab32d32c7157968411f23bdac5ab Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 18 Feb 2025 11:36:52 +0100 Subject: [PATCH 0083/1064] readme: re-order the faq section and add chapters Signed-off-by: Simon L. --- readme.md | 896 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 457 insertions(+), 439 deletions(-) diff --git a/readme.md b/readme.md index 513e0e03..5f6abfd6 100644 --- a/readme.md +++ b/readme.md @@ -137,50 +137,84 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma `https://your-domain-that-points-to-this-server.tld:8443` 5. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! -## FAQ -- [Where can I find additional documentation?](#where-can-i-find-additional-documentation) -- [How does it work?](#how-does-it-work) -- [How to contribute?](#how-to-contribute) -- [How many users are possible?](#how-many-users-are-possible) -- [Are reverse proxies supported?](#are-reverse-proxies-supported) -- [Which CPU architectures are supported?](#which-cpu-architectures-are-supported) -- [Which ports are mandatory to be open in your firewall/router?](#which-ports-are-mandatory-to-be-open-in-your-firewallrouter) -- [Explanation of used ports:](#explanation-of-used-ports) -- [How to run AIO on macOS?](#how-to-run-aio-on-macos) -- [How to run AIO on Windows?](#how-to-run-aio-on-windows) -- [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm) -- [How to run AIO with Portainer?](#how-to-run-aio-with-portainer) -- [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale) -- [Notes on Cloudflare (proxy/tunnel)](#notes-on-cloudflare-proxytunnel) -- [How to run Nextcloud behind a Cloudflare Tunnel?](#how-to-run-nextcloud-behind-a-cloudflare-tunnel) -- [How to run Nextcloud via Tailscale?](#how-to-run-nextcloud-via-tailscale) -- [Disrecommended VPS providers](#disrecommended-vps-providers) -- [Recommended VPS](#recommended-vps) -- [Note on storage options](#note-on-storage-options) -- [How to get Nextcloud running using the ACME DNS-challenge?](#how-to-get-nextcloud-running-using-the-acme-dns-challenge) -- [How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.](#how-to-run-nextcloud-locally-no-domain-wanted-or-wanting-intranet-access-within-your-lan) -- [Can I use an ip-address for Nextcloud instead of a domain?](#can-i-use-an-ip-address-for-nextcloud-instead-of-a-domain) -- [Can I run AIO offline or in an airgapped system?](#can-i-run-aio-offline-or-in-an-airgapped-system) -- [Are self-signed certificates supported for Nextcloud?](#are-self-signed-certificates-supported-for-nextcloud) -- [Can I use AIO with multiple domains?](#can-i-use-aio-with-multiple-domains) -- [Are other ports than the default 443 for Nextcloud supported?](#are-other-ports-than-the-default-443-for-nextcloud-supported) -- [Can I run Nextcloud in a subdirectory on my domain?](#can-i-run-nextcloud-in-a-subdirectory-on-my-domain) -- [How can I access Nextcloud locally?](#how-can-i-access-nextcloud-locally) -- [How to skip the domain validation?](#how-to-skip-the-domain-validation) -- [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others) -- [Are there known problems when SELinux is enabled?](#are-there-known-problems-when-selinux-is-enabled) -- [How to run `occ` commands?](#how-to-run-occ-commands) -- [How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?](#how-to-resolve-security--setup-warnings-displays-the-missing-default-phone-region-after-initial-install) -- [How to run multiple AIO instances on one server?](#how-to-run-multiple-aio-instances-on-one-server) -- [Bruteforce protection FAQ](#bruteforce-protection-faq) -- [Update policy](#update-policy) -- [How to switch the channel?](#how-to-switch-the-channel) -- [How to update the containers?](#how-to-update-the-containers) - - [How often are update notifications sent?](#how-often-are-update-notifications-sent) -- [How to easily log in to the AIO interface?](#how-to-easily-log-in-to-the-aio-interface) -- [How to change the domain?](#how-to-change-the-domain) -- [How to properly reset the instance?](#how-to-properly-reset-the-instance) -- [Backup solution](#backup-solution) +# FAQ +- [TOC](#faq) + - [Where can I find additional documentation?](#where-can-i-find-additional-documentation) + - [How does it work?](#how-does-it-work) + - [How to contribute?](#how-to-contribute) + - [How many users are possible?](#how-many-users-are-possible) +- [Network](#network) + - [Are reverse proxies supported?](#are-reverse-proxies-supported) + - [Which ports are mandatory to be open in your firewall/router?](#which-ports-are-mandatory-to-be-open-in-your-firewallrouter) + - [Explanation of used ports](#explanation-of-used-ports) + - [Notes on Cloudflare (proxy/tunnel)](#notes-on-cloudflare-proxytunnel) + - [How to run Nextcloud behind a Cloudflare Tunnel?](#how-to-run-nextcloud-behind-a-cloudflare-tunnel) + - [How to run Nextcloud via Tailscale?](#how-to-run-nextcloud-via-tailscale) + - [How to get Nextcloud running using the ACME DNS-challenge?](#how-to-get-nextcloud-running-using-the-acme-dns-challenge) + - [How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN.](#how-to-run-nextcloud-locally-no-domain-wanted-or-wanting-intranet-access-within-your-lan) + - [Can I use an ip-address for Nextcloud instead of a domain?](#can-i-use-an-ip-address-for-nextcloud-instead-of-a-domain) + - [Can I run AIO offline or in an airgapped system?](#can-i-run-aio-offline-or-in-an-airgapped-system) + - [Are self-signed certificates supported for Nextcloud?](#are-self-signed-certificates-supported-for-nextcloud) + - [Can I use AIO with multiple domains?](#can-i-use-aio-with-multiple-domains) + - [Are other ports than the default 443 for Nextcloud supported?](#are-other-ports-than-the-default-443-for-nextcloud-supported) + - [Can I run Nextcloud in a subdirectory on my domain?](#can-i-run-nextcloud-in-a-subdirectory-on-my-domain) + - [How can I access Nextcloud locally?](#how-can-i-access-nextcloud-locally) + - [How to skip the domain validation?](#how-to-skip-the-domain-validation) + - [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others) + - [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error) +- [Infrastructure](#infrastructure) + - [Which CPU architectures are supported?](#which-cpu-architectures-are-supported) + - [Disrecommended VPS providers](#disrecommended-vps-providers) + - [Recommended VPS](#recommended-vps) + - [Note on storage options](#note-on-storage-options) + - [Are there known problems when SELinux is enabled?](#are-there-known-problems-when-selinux-is-enabled) +- [Customization](#customization) + - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir) + - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive) + - [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) + - [How to adjust the Talk port?](#how-to-adjust-the-talk-port) + - [How to adjust the upload limit for Nextcloud?](#how-to-adjust-the-upload-limit-for-nextcloud) + - [How to adjust the max execution time for Nextcloud?](#how-to-adjust-the-max-execution-time-for-nextcloud) + - [How to adjust the PHP memory limit for Nextcloud?](#how-to-adjust-the-php-memory-limit-for-nextcloud) + - [How to change the Nextcloud apps that are installed on the first startup?](#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) + - [How to add OS packages permanently to the Nextcloud container?](#how-to-add-os-packages-permanently-to-the-nextcloud-container) + - [How to add PHP extensions permanently to the Nextcloud container?](#how-to-add-php-extensions-permanently-to-the-nextcloud-container) + - [What about the pdlib PHP extension for the facerecognition app?](#what-about-the-pdlib-php-extension-for-the-facerecognition-app) + - [How to enable hardware acceleration for Nextcloud?](#how-to-enable-hardware-acceleration-for-nextcloud) + - [With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia](#with-open-source-drivers-mesa-for-amd-intel-and-new-drivers-nouveau-for-nvidia) + - [With proprietary drivers for Nvidia :warning: BETA](#with-proprietary-drivers-for-nvidia-warning-beta) + - [How to keep disabled apps?](#how-to-keep-disabled-apps) + - [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca) + - [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature) + - [How to adjust the Fulltextsearch Java options?](#how-to-adjust-the-fulltextsearch-java-options) +- [Guides](#guides) + - [How to run AIO on macOS?](#how-to-run-aio-on-macos) + - [How to run AIO on Windows?](#how-to-run-aio-on-windows) + - [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm) + - [How to run AIO with Portainer?](#how-to-run-aio-with-portainer) + - [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale) + - [How to run `occ` commands?](#how-to-run-occ-commands) + - [How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?](#how-to-resolve-security--setup-warnings-displays-the-missing-default-phone-region-after-initial-install) + - [How to run multiple AIO instances on one server?](#how-to-run-multiple-aio-instances-on-one-server) + - [Bruteforce protection FAQ](#bruteforce-protection-faq) + - [How to switch the channel?](#how-to-switch-the-channel) + - [How to update the containers?](#how-to-update-the-containers) + - [How to easily log in to the AIO interface?](#how-to-easily-log-in-to-the-aio-interface) + - [How to change the domain?](#how-to-change-the-domain) + - [How to properly reset the instance?](#how-to-properly-reset-the-instance) + - [Can I use a CIFS/SMB share as Nextcloud's datadir?](#can-i-use-a-cifssmb-share-as-nextclouds-datadir) + - [Can I run this with Docker swarm?](#can-i-run-this-with-docker-swarm) + - [Can I run this with Kubernetes?](#can-i-run-this-with-kubernetes) + - [How to run this with Docker rootless?](#can-i-run-this-with-podman-instead-of-docker) + - [Can I run this with Podman instead of Docker?](#can-i-run-this-with-podman-instead-of-docker) + - [Access/Edit Nextcloud files/folders manually](#accessedit-nextcloud-filesfolders-manually) + - [How to edit Nextclouds config.php file with a texteditor?](#how-to-edit-nextclouds-configphp-file-with-a-texteditor) + - [How to change default files by creating a custom skeleton directory?](#how-to-change-default-files-by-creating-a-custom-skeleton-directory) + - [How to adjust the version retention policy and trashbin retention policy?](#how-to-adjust-the-version-retention-policy-and-trashbin-retention-policy) + - [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) + - [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges) + - [How to migrate from an already existing Nextcloud installation to Nextcloud AIO?](#how-to-migrate-from-an-already-existing-nextcloud-installation-to-nextcloud-aio) +- [Backup](#backup) - [What is getting backed up by AIO's backup solution?](#what-is-getting-backed-up-by-aios-backup-solution) - [How to adjust borgs retention policy?](#how-to-adjust-borgs-retention-policy) - [How to migrate from AIO to AIO?](#how-to-migrate-from-aio-to-aio) @@ -191,46 +225,20 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma - [Delete backup archives manually](#delete-backup-archives-manually) - [Sync local backups regularly to another drive](#sync-local-backups-regularly-to-another-drive) - [How to exclude Nextcloud's data directory or the preview folder from backup?](#how-to-exclude-nextclouds-data-directory-or-the-preview-folder-from-backup) -- [How to stop/start/update containers or trigger the daily backup from a script externally?](#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally) -- [How to disable the backup section?](#how-to-disable-the-backup-section) -- [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir) -- [Can I use a CIFS/SMB share as Nextcloud's datadir?](#can-i-use-a-cifssmb-share-as-nextclouds-datadir) -- [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) -- [How to adjust the Talk port?](#how-to-adjust-the-talk-port) -- [How to adjust the upload limit for Nextcloud?](#how-to-adjust-the-upload-limit-for-nextcloud) -- [How to adjust the max execution time for Nextcloud?](#how-to-adjust-the-max-execution-time-for-nextcloud) -- [How to adjust the PHP memory limit for Nextcloud?](#how-to-adjust-the-php-memory-limit-for-nextcloud) -- [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error) -- [Can I run this with Docker swarm?](#can-i-run-this-with-docker-swarm) -- [Can I run this with Kubernetes?](#can-i-run-this-with-kubernetes) -- [How to run this with Docker rootless?](#can-i-run-this-with-podman-instead-of-docker) -- [How to change the Nextcloud apps that are installed on the first startup?](#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) -- [How to add OS packages permanently to the Nextcloud container?](#how-to-add-os-packages-permanently-to-the-nextcloud-container) -- [How to add PHP extensions permanently to the Nextcloud container?](#how-to-add-php-extensions-permanently-to-the-nextcloud-container) -- [What about the pdlib PHP extension for the facerecognition app?](#what-about-the-pdlib-php-extension-for-the-facerecognition-app) -- [How to enable hardware acceleration for Nextcloud?](#how-to-enable-hardware-acceleration-for-nextcloud) - - [With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia](#with-open-source-drivers-mesa-for-amd-intel-and-new-drivers-nouveau-for-nvidia) - - [With proprietary drivers for Nvidia :warning: BETA](#with-proprietary-drivers-for-nvidia-warning-beta) -- [How to keep disabled apps?](#how-to-keep-disabled-apps) -- [Huge docker logs](#huge-docker-logs) -- [Access/Edit Nextcloud files/folders manually](#accessedit-nextcloud-filesfolders-manually) -- [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive) -- [How to edit Nextclouds config.php file with a texteditor?](#how-to-edit-nextclouds-configphp-file-with-a-texteditor) -- [How to change default files by creating a custom skeleton directory?](#how-to-change-default-files-by-creating-a-custom-skeleton-directory) -- [How to adjust the version retention policy and trashbin retention policy?](#how-to-adjust-the-version-retention-policy-and-trashbin-retention-policy) -- [Fail2ban](#fail2ban) -- [LDAP](#ldap) -- [Netdata](#netdata) -- [USER_SQL](#user_sql) -- [phpMyAdmin, Adminer or pgAdmin](#phpmyadmin-adminer-or-pgadmin) -- [Mail server](#mail-server) -- [How to migrate from an already existing Nextcloud installation to Nextcloud AIO?](#how-to-migrate-from-an-already-existing-nextcloud-installation-to-nextcloud-aio) -- [Requirements for integrating new containers](#requirements-for-integrating-new-containers) -- [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca) -- [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature) -- [How to adjust the Fulltextsearch Java options?](#how-to-adjust-the-fulltextsearch-java-options) -- [How to enable automatic updates without creating a backup beforehand?](#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) -- [Securing the AIO interface from unauthorized ACME challenges](#securing-the-aio-interface-from-unauthorized-acme-challenges) + - [How to stop/start/update containers or trigger the daily backup from a script externally?](#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally) + - [How to disable the backup section?](#how-to-disable-the-backup-section) +- [Addons](#addons) + - [Fail2ban](#fail2ban) + - [LDAP](#ldap) + - [Netdata](#netdata) + - [USER_SQL](#user_sql) + - [phpMyAdmin, Adminer or pgAdmin](#phpmyadmin-adminer-or-pgadmin) + - [Mail server](#mail-server) +- [Miscellaneous](#miscellaneous) + - [Requirements for integrating new containers](#requirements-for-integrating-new-containers) + - [Update policy](#update-policy) + - [How often are update notifications sent?](#how-often-are-update-notifications-sent) + - [Huge docker logs](#huge-docker-logs) ### Where can I find additional documentation? Some of the documentation is available on [GitHub Discussions](https://github.com/nextcloud/all-in-one/discussions/categories/wiki). @@ -244,21 +252,18 @@ See [this issue](https://github.com/nextcloud/all-in-one/issues/5251) for a list ### How many users are possible? Up to 100 users are free, more are possible with [Nextcloud Enterprise](https://nextcloud.com/all-in-one/) +## Network + ### Are reverse proxies supported? Yes. Please refer to the following documentation on this: [reverse-proxy.md](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) -### Which CPU architectures are supported? -You can check this on Linux by running: `uname -m` -- x86_64/x64/amd64 -- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture) - ### Which ports are mandatory to be open in your firewall/router? Only those (if you access the Mastercontainer Interface internally via port 8080): - `443/TCP` for the Apache container - `443/UDP` if you want to enable http3 for the Apache container - `3478/TCP` and `3478/UDP` for the Talk container -### Explanation of used ports: +### Explanation of used ports - `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`) ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser) - `80/TCP`: redirects to Nextcloud (is used for getting the certificate via ACME http-challenge for the Mastercontainer) - `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open/forwarded in your firewall/router and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.) @@ -266,6 +271,235 @@ Only those (if you access the Mastercontainer Interface internally via port 8080 - `443/UDP`: will be used by the Apache container later on and needs to be open/forwarded in your firewall/router if you want to enable http3 - `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open/forwarded in your firewall/router +### Notes on Cloudflare (proxy/tunnel) +Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible. +- Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you. +- Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel. +- It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation +- Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown. +- Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled. +- If using Cloudflare Tunnel and the Nextcloud Desktop Client [Set Chunking on Nextcloud Desktop Client](https://github.com/nextcloud/desktop/issues/4271#issuecomment-1159578065) +- Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled. +- It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments` +- Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981 +- The built-in turn-server for Nextcloud Talk will not work behind Cloudflare Tunnel since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to install your own turnserver or use a publicly available one and adjust and test your stun and turn settings in `https://yourdomain.com/settings/admin/talk`. +- If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually. +- If you are using AIO's built-in Reverse Proxy and don't use your own, then the certificate issuing may possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. Note that this isn't an option if you need Cloudflare Tunnel as disabling the proxy would also disable Cloudflare Tunnel which would in turn make your server unreachable for the verification. See https://github.com/nextcloud/all-in-one/discussions/1101. + +### How to run Nextcloud behind a Cloudflare Tunnel? +Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. + +### How to run Nextcloud via Tailscale? +For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 + +### How to get Nextcloud running using the ACME DNS-challenge? +You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic. + +### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN. +If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly. + +### Can I use an ip-address for Nextcloud instead of a domain? +No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439). + +### Can I run AIO offline or in an airgapped system? +No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more. + +### Are self-signed certificates supported for Nextcloud? +No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439). + +### Can I use AIO with multiple domains? +No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain. + +### Are other ports than the default 443 for Nextcloud supported? +No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443. + +### Can I run Nextcloud in a subdirectory on my domain? +No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. + +### How can I access Nextcloud locally? +Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work. + +Please make sure that if you are running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work. + +Now that this is out of the way, the recommended way how to access Nextcloud locally, is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides: +- https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/ +- https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6 +- https://howchoo.com/pi/pi-hole-setup together with https://web.archive.org/web/20221203223505/https://docs.callitkarma.me/posts/PiHole-Local-DNS/ +- https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html +Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole + +### How to skip the domain validation? +If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). + +### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others? +It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running: +``` +sudo sed -i 's/FirewallBackend=nftables/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf +sudo systemctl restart firewalld docker +``` +Afterwards it should work.
+ +See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it + +### What can I do to fix the internal or reserved ip-address error? +If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation. + +## Infrastructure + +### Which CPU architectures are supported? +You can check this on Linux by running: `uname -m` +- x86_64/x64/amd64 +- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture) + +### Disrecommended VPS providers +- *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work. + If your VPS has a `/proc/user_beancounters` file and a low `numproc` limit set in it + your server will likely misbehave once it reaches this limit + which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164). +- Hostingers VPS seem to miss a specific Kernel feature which is required for AIO to run correctly. See [here](https://help.nextcloud.com/t/help-installing-nc-via-aio-on-vps/153956). + +### Recommended VPS +In general recommended VPS are those that are KVM/non-virtualized as Docker should work best on them. + +### Note on storage options +- SD-cards are disrecommended for AIO since they cripple the performance and they are not meant for many write operations which is needed for the database and other parts +- SSD storage is recommended +- HDD storage should work as well but is of course much slower than SSD storage + +### Are there known problems when SELinux is enabled? +Yes. If SELinux is enabled, you might need to add the `--security-opt label:disable` option to the docker run command of the mastercontainer in order to allow it to access the docker socket (or `security_opt: ["label:disable"]` in compose.yaml). See https://github.com/nextcloud/all-in-one/discussions/485 + +## Customization + +### How to change the default location of Nextcloud's Datadir? +> [!WARNING] +> Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it. + +You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container. + +- An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using an external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696. +- On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"` +- For Synology it may be `--env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. +- On Windows it might be `--env NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives. +- Another option is to provide a specific volume name here with: `--env NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. on Windows with: + ``` + docker volume create ^ + --driver local ^ + --name nextcloud_aio_nextcloud_datadir ^ + -o device="/host_mnt/e/your/data/path" ^ + -o type="none" ^ + -o o="bind" + ``` + In this example, it would mount `E:\your\data\path` into the volume so for a different location you need to adjust `/host_mnt/e/your/data/path` accordingly. + +### How to store the files/installation on a separate drive? +You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/
+(Of course docker needs to be installed first for this to work.) + +⚠️ If you encounter errors from richdocuments in your Nextcloud logs, check in your Collabora container if the message "Capabilities are not set for the coolforkit program." appears. If so, follow these steps: + +1. Stop all the containers from the AIO Interface. +2. Go to your terminal and delete the Collabora container (`docker rm nextcloud-aio-collabora`) AND the Collabora image (`docker image rm nextcloud/aio-collabora`). +3. You might also want to prune your Docker (`docker system prune`) (no data will be lost). +4. Restart your containers from the AIO Interface. + +This should solve the problem. + +### How to allow the Nextcloud container to access directories on the host? +By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. + +- Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`. +- On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"` +- For Synology it may be `--env NEXTCLOUD_MOUNT="/volume1/"`. +- On Windows it might be `--env NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives. + +After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `--env NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`. + +You can then navigate to `https://your-nc-domain.com/settings/apps/disabled`, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. + +Be aware though that these locations will not be covered by the built-in backup solution - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done. + +> [!NOTE] +> If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required. + +### How to adjust the Talk port? +By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517 + +### How to adjust the upload limit for Nextcloud? +By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`. + +### How to adjust the max execution time for Nextcloud? +By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`. + +### How to adjust the PHP memory limit for Nextcloud? +By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`. + +### How to change the Nextcloud apps that are installed on the first startup? +You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`. + +### How to add OS packages permanently to the Nextcloud container? +Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. + +You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well. + +### How to add PHP extensions permanently to the Nextcloud container? +Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. + +You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well. + +### What about the pdlib PHP extension for the facerecognition app? +The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition. + +### How to enable hardware acceleration for Nextcloud? +Some container can use GPU acceleration to increase performance like [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. + +#### With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia + +> [!WARNING] +> This only works if the `/dev/dri` device is present on the host! If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below. Make sure that your driver is correctly configured on the host. + +A list of supported device can be fond in [MESA 3D documentation](https://docs.mesa3d.org/systems.html). + +This method use the [Direct Rendering Infrastructure](https://dri.freedesktop.org/wiki/) with the access to the `/dev/dri` device. + +In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. + + +#### With proprietary drivers for Nvidia :warning: BETA + +> [!WARNING] +> This only works if the Nvidia Toolkit is installed on the host and an NVIDIA GPU is enabled! Make sure that it is correctly configured on the host. If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below. +> +> This feature is in beta. Since the proprietary, we haven't a lot of user using proprietary drivers, we can't guarantee the stability of this feature. Your feedback is welcome. + +This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) with the nvidia runtime. + +In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime. + +If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2). + +### How to keep disabled apps? +In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). +> [!WARNING] +> Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example. + +### How to trust user-defined Certification Authorities (CA)? +For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization. + +You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted. + +When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`. + +In order for the value to be valid, the path should start with `/` and not end with `/` and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things. + +### How to disable Collabora's Seccomp feature? +The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. + +### How to adjust the Fulltextsearch Java options? +The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which might not be enough on some systems. You can adjust this by adding e.g. `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. + +## Guides + ### How to run AIO on macOS? On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux. @@ -319,7 +553,6 @@ If you have the NAS setup on your local network (which is most often the case) y The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./compose.yaml) in order to start AIO correctly. ### Can I run AIO on TrueNAS SCALE? - With the Truenas Scale Release 24.10.0 (which was officially released on October 29th 2024 as a stable release) IX Systems ditched the Kubernetes integration and implemented a fully working docker environment. For a more complete guide, see this guide by @zybster: https://github.com/nextcloud/all-in-one/discussions/5506 @@ -328,94 +561,6 @@ On older TrueNAS SCALE releases with Kubernetes environment, there are two ways Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart. -### Notes on Cloudflare (proxy/tunnel) -Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible. -- Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you. -- Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel. -- It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation -- Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown. -- Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled. -- If using Cloudflare Tunnel and the Nextcloud Desktop Client [Set Chunking on Nextcloud Desktop Client](https://github.com/nextcloud/desktop/issues/4271#issuecomment-1159578065) -- Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings. Note that this will both disable Cloudflare DDoS protection and Cloudflare Tunnel as these services require the proxy option to be enabled. -- It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments` -- Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981 -- The built-in turn-server for Nextcloud Talk will not work behind Cloudflare Tunnel since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to install your own turnserver or use a publicly available one and adjust and test your stun and turn settings in `https://yourdomain.com/settings/admin/talk`. -- If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually. -- If you are using AIO's built-in Reverse Proxy and don't use your own, then the certificate issuing may possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. Note that this isn't an option if you need Cloudflare Tunnel as disabling the proxy would also disable Cloudflare Tunnel which would in turn make your server unreachable for the verification. See https://github.com/nextcloud/all-in-one/discussions/1101. - -### How to run Nextcloud behind a Cloudflare Tunnel? -Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. - -### How to run Nextcloud via Tailscale? -For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 - -### Disrecommended VPS providers -- *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work. - If your VPS has a `/proc/user_beancounters` file and a low `numproc` limit set in it - your server will likely misbehave once it reaches this limit - which is very quickly reached by AIO, see [here](https://github.com/nextcloud/all-in-one/discussions/1747#discussioncomment-4716164). -- Hostingers VPS seem to miss a specific Kernel feature which is required for AIO to run correctly. See [here](https://help.nextcloud.com/t/help-installing-nc-via-aio-on-vps/153956). - -### Recommended VPS -In general recommended VPS are those that are KVM/non-virtualized as Docker should work best on them. - -### Note on storage options -- SD-cards are disrecommended for AIO since they cripple the performance and they are not meant for many write operations which is needed for the database and other parts -- SSD storage is recommended -- HDD storage should work as well but is of course much slower than SSD storage - -### How to get Nextcloud running using the ACME DNS-challenge? -You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic. - -### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN. -If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly. - -### Can I use an ip-address for Nextcloud instead of a domain? -No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439). - -### Can I run AIO offline or in an airgapped system? -No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more. - -### Are self-signed certificates supported for Nextcloud? -No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439). - -### Can I use AIO with multiple domains? -No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain. - -### Are other ports than the default 443 for Nextcloud supported? -No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443. - -### Can I run Nextcloud in a subdirectory on my domain? -No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. - -### How can I access Nextcloud locally? -Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work. - -Please make sure that if you are running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work. - -Now that this is out of the way, the recommended way how to access Nextcloud locally, is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides: -- https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/ -- https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6 -- https://howchoo.com/pi/pi-hole-setup together with https://web.archive.org/web/20221203223505/https://docs.callitkarma.me/posts/PiHole-Local-DNS/ -- https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html -Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole - -### How to skip the domain validation? -If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). - -### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others? -It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running: -``` -sudo sed -i 's/FirewallBackend=nftables/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf -sudo systemctl restart firewalld docker -``` -Afterwards it should work.
- -See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it - -### Are there known problems when SELinux is enabled? -Yes. If SELinux is enabled, you might need to add the `--security-opt label:disable` option to the docker run command of the mastercontainer in order to allow it to access the docker socket (or `security_opt: ["label:disable"]` in compose.yaml). See https://github.com/nextcloud/all-in-one/discussions/485 - ### How to run `occ` commands? Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run. @@ -428,9 +573,6 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t ### Bruteforce protection FAQ Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. -### Update policy -This project values stability over new features. That means that when a new major Nextcloud update gets introduced, we will wait at least until the first patch release, e.g. `24.0.1` is out before upgrading to it. Also we will wait with the upgrade until all important apps are compatible with the new major version. Minor or patch releases for Nextcloud and all dependencies as well as all containers will be updated to new versions as soon as possible but we try to give all updates first a good test round before pushing them. That means that it can take around 2 weeks before new updates reach the `latest` channel. If you want to help testing, you can switch to the `beta` channel by following [this documentation](#how-to-switch-the-channel) which will also give you the updates earlier. - ### How to switch the channel? You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `nextcloud/all-in-one:latest` to `nextcloud/all-in-one:beta` and vice versa. @@ -441,9 +583,6 @@ If a new `mastercontainer` update was found, you'll see a note below the `Stop c Additionally, there is a cronjob that runs once a day that checks for container and mastercontainer updates and sends a notification to all Nextcloud admins if a new update was found. -#### How often are update notifications sent? -AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible. - ### How to easily log in to the AIO interface? If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. @@ -483,7 +622,121 @@ Here is how to reset the AIO instance properly: 1. Optional: You can remove all docker images with `sudo docker image prune -a`. 1. And you are done! Now feel free to start over with the recommended docker run command! -### Backup solution +### Can I use a CIFS/SMB share as Nextcloud's datadir? +Sure. Add this to the `/etc/fstab` file on the host system:
+` cifs rw,mfsymlinks,seal,credentials=,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`
+(Of course you need to modify ``, `` and `` for your specific case.) + +One example could look like this:
+`//your-storage-host/subpath /mnt/storagebox cifs rw,mfsymlinks,seal,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`
+and add into `/etc/storage-credentials`: +``` +username= +password= +``` +(Of course you need to modify `` and `` for your specific case.) + +Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above this one. + +### Can I run this with Docker swarm? +Yes. For that to work, you need to use and follow the [manual-install documentation](./manual-install/). + +### Can I run this with Kubernetes? +Yes. For that to work, you need to use and follow the [helm-chart documentation](./nextcloud-aio-helm-chart/). + +### How to run this with Docker rootless? +You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) + +### Can I run this with Podman instead of Docker? +Since Podman is not 100% compatible with the Docker API, Podman is not supported (since that would add yet another platform where the maintainer would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section. Also there is this now: https://github.com/nextcloud/all-in-one/discussions/3487 + +### Access/Edit Nextcloud files/folders manually +The files and folders that you add to Nextcloud are by default stored in the following docker directory: `nextcloud_aio_nextcloud:/mnt/ncdata/` (usually `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on linux host systems). If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state. + +After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`. + +### How to edit Nextclouds config.php file with a texteditor? +You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file. + +### How to change default files by creating a custom skeleton directory? +All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration. To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory). + +### How to adjust the version retention policy and trashbin retention policy? +By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html. + +### How to enable automatic updates without creating a backup beforehand? +If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. + +But anyhow, is here a guide that helps you automate the whole procedure: + +
+Click here to expand + +```bash +#!/bin/bash + +# Stop the containers +docker exec --env STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh + +# Below is optional if you run AIO in a VM which will shut down the VM afterwards +# poweroff + +``` + +
+ +You can simply copy and paste the script into a file e.g. named `shutdown-script.sh` e.g. here: `/root/shutdown-script.sh`. + +Afterwards apply the correct permissions with `sudo chown root:root /root/shutdown-script.sh` and `sudo chmod 700 /root/shutdown-script.sh`. Then you can create a cronjob that runs it on a schedule e.g. runs the script at `04:00` each day like this: +1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). +1. Add the following new line to the crontab if not already present: `0 4 * * * /root/shutdown-script.sh` which will run the script at 04:00 each day. +1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` and then `Enter` to save, and close the editor with `Ctrl + x`). + + +**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly. Hint: If your backup runs on the same host, make sure to at least back up all docker volumes and additionally Nextcloud's datadir if it is not stored in a docker volume.** + +**Afterwards, you can create a second script that automatically updates the containers:** + +
+Click here to expand + +```bash +#!/bin/bash + +# Run container update once +if ! docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh; then + while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do + echo "Waiting for watchtower to stop" + sleep 30 + done + + while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; do + echo "Waiting for Mastercontainer to start" + sleep 30 + done + + # Run container update another time to make sure that all containers are updated correctly. + docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh +fi + +``` + +
+ +You can simply copy and paste the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`. + +Afterwards apply the correct permissions with `sudo chown root:root /root/automatic-updates.sh` and `sudo chmod 700 /root/automatic-updates.sh`. Then you can create a cronjob that runs e.g. at `05:00` each day like this: +1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). +1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. +1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`). + +### Securing the AIO interface from unauthorized ACME challenges +[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure. + +### How to migrate from an already existing Nextcloud installation to Nextcloud AIO? +Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md) + +## Backup Nextcloud AIO provides a backup solution based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup). These backups act as a restore point in case the installation gets corrupted. By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account. It is recommended to create a backup before any container update. By doing this, you will be safe regarding any possible complication during updates because you will be able to restore the whole instance with basically one click. @@ -526,13 +779,13 @@ Be aware that this solution does not back up files and folders that are mounted --- -#### What is getting backed up by AIO's backup solution? +### What is getting backed up by AIO's backup solution? Backed up will get all important data of your Nextcloud AIO instance required to restore the instance, like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order). -#### How to adjust borgs retention policy? +### How to adjust borgs retention policy? The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out! -#### How to migrate from AIO to AIO? +### How to migrate from AIO to AIO? If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on `/mnt/datadir`, you can adjust the steps if it's elsewhere. 1. Set the DNS entry to 60 seconds TTL if applicable @@ -556,7 +809,7 @@ If you have the borg backup feature enabled, you can copy it over to the new hos 1. Wait until the backup is restored 1. Start the containers in the AIO interface -#### Are remote borg backups supported? +### Are remote borg backups supported? Backing up directly to a remote borg repository is supported. This avoids having to store a local copy of your backups, supports append-only borg keys to counter ransomware and allows using the AIO interface to manage your backups. Some alternatives, which do not have all the above benefits: @@ -569,12 +822,12 @@ Some alternatives, which do not have all the above benefits: --- -#### Failure of the backup container in LXC containers +### Failure of the backup container in LXC containers If you are running AIO in a LXC container, you need to make sure that FUSE is enabled in the LXC container settings. Also, if using Alpine Linux as host OS, make sure to add fuse via `apk add fuse`. Otherwise the backup container will not be able to start as FUSE is required for it to work. --- -#### How to create the backup volume on Windows? +### How to create the backup volume on Windows? As stated in the AIO interface, it is possible to use a docker volume as backup target. Before you can use that, you need to create it first. Here is an example how to create one on Windows: ``` docker volume create ^ @@ -588,7 +841,7 @@ In this example, it would mount `E:\your\backup\path` into the volume so for a d --- -#### Pro-tip: Backup archives access +### Pro-tip: Backup archives access You can open the BorgBackup archives on your host by following these steps:
(instructions for Ubuntu Desktop) @@ -618,7 +871,7 @@ sudo umount /tmp/borg --- -#### Delete backup archives manually +### Delete backup archives manually You can delete BorgBackup archives on your host manually by following these steps:
(instructions for Debian based OS' like Ubuntu) @@ -654,7 +907,7 @@ You can do so by clicking on the `Check backup integrity` button or `Create back --- -#### Sync local backups regularly to another drive +### Sync local backups regularly to another drive For increased backup security, you might consider syncing the local backup repository regularly to another drive. To do that, first add the drive to `/etc/fstab` so that it is able to get automatically mounted and then create a script that does all the things automatically. Here is an example for such a script: @@ -752,7 +1005,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup 1. Add the following new line to the crontab if not already present: `0 20 * * 7 /root/backup-script.sh` which will run the script at 20:00 on Sundays each week. 1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`). -#### How to exclude Nextcloud's data directory or the preview folder from backup? +### How to exclude Nextcloud's data directory or the preview folder from backup? In order to speed up the backups and to keep the backup archives small, you might want to exclude Nextcloud's data directory or its preview folder from backup. > [!WARNING] @@ -784,166 +1037,7 @@ One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextclo ### How to disable the backup section? If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). -### How to change the default location of Nextcloud's Datadir? -> [!WARNING] -> Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it. - -You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container. - -- An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using an external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696. -- On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"` -- For Synology it may be `--env NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. -- On Windows it might be `--env NEXTCLOUD_DATADIR="/run/desktop/mnt/host/c/ncdata"`. (This path is equivalent to `C:\ncdata` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `c/ncdata` which is equivalent to `C:\ncdata`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives. -- Another option is to provide a specific volume name here with: `--env NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. This volume needs to be created beforehand manually by you in order to be able to use it. e.g. on Windows with: - ``` - docker volume create ^ - --driver local ^ - --name nextcloud_aio_nextcloud_datadir ^ - -o device="/host_mnt/e/your/data/path" ^ - -o type="none" ^ - -o o="bind" - ``` - In this example, it would mount `E:\your\data\path` into the volume so for a different location you need to adjust `/host_mnt/e/your/data/path` accordingly. - -### Can I use a CIFS/SMB share as Nextcloud's datadir? - -Sure. Add this to the `/etc/fstab` file on the host system:
-` cifs rw,mfsymlinks,seal,credentials=,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`
-(Of course you need to modify ``, `` and `` for your specific case.) - -One example could look like this:
-`//your-storage-host/subpath /mnt/storagebox cifs rw,mfsymlinks,seal,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`
-and add into `/etc/storage-credentials`: -``` -username= -password= -``` -(Of course you need to modify `` and `` for your specific case.) - -Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above this one. - -### How to allow the Nextcloud container to access directories on the host? -By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. - -- Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`. -- On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"` -- For Synology it may be `--env NEXTCLOUD_MOUNT="/volume1/"`. -- On Windows it might be `--env NEXTCLOUD_MOUNT="/run/desktop/mnt/host/d/your-folder/"`. (This path is equivalent to `D:\your-folder` on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with `/run/desktop/mnt/host/`. Append to that the exact location on your windows host, e.g. `d/your-folder/` which is equivalent to `D:\your-folder`.) ⚠️ **Please note**: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives. - -After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `--env NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`. - -You can then navigate to `https://your-nc-domain.com/settings/apps/disabled`, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. - -Be aware though that these locations will not be covered by the built-in backup solution - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done. - -> [!NOTE] -> If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required. - -### How to adjust the Talk port? -By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517 - -### How to adjust the upload limit for Nextcloud? -By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`. - -### How to adjust the max execution time for Nextcloud? -By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`. - -### How to adjust the PHP memory limit for Nextcloud? -By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`. - -### What can I do to fix the internal or reserved ip-address error? -If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation. - -### Can I run this with Docker swarm? -Yes. For that to work, you need to use and follow the [manual-install documentation](./manual-install/). - -### Can I run this with Kubernetes? -Yes. For that to work, you need to use and follow the [helm-chart documentation](./nextcloud-aio-helm-chart/). - -### How to run this with Docker rootless? -You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) - -### Can I run this with Podman instead of Docker? -Since Podman is not 100% compatible with the Docker API, Podman is not supported (since that would add yet another platform where the maintainer would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section. Also there is this now: https://github.com/nextcloud/all-in-one/discussions/3487 - -### How to change the Nextcloud apps that are installed on the first startup? -You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`. - -### How to add OS packages permanently to the Nextcloud container? -Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. - -You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well. - -### How to add PHP extensions permanently to the Nextcloud container? -Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. - -You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well. - -### What about the pdlib PHP extension for the facerecognition app? -The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition. - -### How to enable hardware acceleration for Nextcloud? -Some container can use GPU acceleration to increase performance like [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. - -#### With open source drivers MESA for AMD, Intel and **new** drivers `Nouveau` for Nvidia - -> [!WARNING] -> This only works if the `/dev/dri` device is present on the host! If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below. Make sure that your driver is correctly configured on the host. - -A list of supported device can be fond in [MESA 3D documentation](https://docs.mesa3d.org/systems.html). - -This method use the [Direct Rendering Infrastructure](https://dri.freedesktop.org/wiki/) with the access to the `/dev/dri` device. - -In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. - - -#### With proprietary drivers for Nvidia :warning: BETA - -> [!WARNING] -> This only works if the Nvidia Toolkit is installed on the host and an NVIDIA GPU is enabled! Make sure that it is correctly configured on the host. If it does not exist on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below. -> -> This feature is in beta. Since the proprietary, we haven't a lot of user using proprietary drivers, we can't guarantee the stability of this feature. Your feedback is welcome. - -This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) with the nvidia runtime. - -In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime. - -If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2). - -### How to keep disabled apps? -In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). -> [!WARNING] -> Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example. - -### Huge docker logs -If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs. - -### Access/Edit Nextcloud files/folders manually -The files and folders that you add to Nextcloud are by default stored in the following docker directory: `nextcloud_aio_nextcloud:/mnt/ncdata/` (usually `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on linux host systems). If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state. - -After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`. - -### How to store the files/installation on a separate drive? -You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/
-(Of course docker needs to be installed first for this to work.) - -⚠️ If you encounter errors from richdocuments in your Nextcloud logs, check in your Collabora container if the message "Capabilities are not set for the coolforkit program." appears. If so, follow these steps: - -1. Stop all the containers from the AIO Interface. -2. Go to your terminal and delete the Collabora container (`docker rm nextcloud-aio-collabora`) AND the Collabora image (`docker image rm nextcloud/aio-collabora`). -3. You might also want to prune your Docker (`docker system prune`) (no data will be lost). -4. Restart your containers from the AIO Interface. - -This should solve the problem. - -### How to edit Nextclouds config.php file with a texteditor? -You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file. - -### How to change default files by creating a custom skeleton directory? -All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration. To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory). - -### How to adjust the version retention policy and trashbin retention policy? -By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html. +## Addons ### Fail2ban You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned. Also, you may change the blocked ports to cover all AIO ports: by default `80,443,8080,8443,3478` (see [this](https://github.com/nextcloud/all-in-one#explanation-of-used-ports)). Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban @@ -963,8 +1057,7 @@ It is possible to install any of these to get a GUI for your AIO database. The p ### Mail server You can configure one yourself by using either of these four recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Mailu](https://github.com/Mailu/Mailu), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server), [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------) or [Stalwart](https://stalw.art/). There is now a community container which allows to easily add Stalwart Mail server to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart -### How to migrate from an already existing Nextcloud installation to Nextcloud AIO? -Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md) +## Miscellaneous ### Requirements for integrating new containers For integrating new containers, they must pass specific requirements for being considered to get integrated in AIO itself. Even if not considered, we may add some documentation on it. Also there is this now: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers @@ -979,86 +1072,11 @@ What are the requirements? 7. No additional setup should be needed after adding the container - it should work completely out of the box. 8. If the container requires being exposed, only subfolders are supported. So the container should not require its own (sub-)domain and must be able to run in a subfolder. -### How to trust user-defined Certification Authorities (CA)? -For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization. +### Update policy +This project values stability over new features. That means that when a new major Nextcloud update gets introduced, we will wait at least until the first patch release, e.g. `24.0.1` is out before upgrading to it. Also we will wait with the upgrade until all important apps are compatible with the new major version. Minor or patch releases for Nextcloud and all dependencies as well as all containers will be updated to new versions as soon as possible but we try to give all updates first a good test round before pushing them. That means that it can take around 2 weeks before new updates reach the `latest` channel. If you want to help testing, you can switch to the `beta` channel by following [this documentation](#how-to-switch-the-channel) which will also give you the updates earlier. -You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted. +### How often are update notifications sent? +AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible. -When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`. - -In order for the value to be valid, the path should start with `/` and not end with `/` and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things. - -### How to disable Collabora's Seccomp feature? -The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `--env COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. - -### How to adjust the Fulltextsearch Java options? -The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which might not be enough on some systems. You can adjust this by adding e.g. `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. - -### How to enable automatic updates without creating a backup beforehand? -If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. - -But anyhow, is here a guide that helps you automate the whole procedure: - -
-Click here to expand - -```bash -#!/bin/bash - -# Stop the containers -docker exec --env STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh - -# Below is optional if you run AIO in a VM which will shut down the VM afterwards -# poweroff - -``` - -
- -You can simply copy and paste the script into a file e.g. named `shutdown-script.sh` e.g. here: `/root/shutdown-script.sh`. - -Afterwards apply the correct permissions with `sudo chown root:root /root/shutdown-script.sh` and `sudo chmod 700 /root/shutdown-script.sh`. Then you can create a cronjob that runs it on a schedule e.g. runs the script at `04:00` each day like this: -1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). -1. Add the following new line to the crontab if not already present: `0 4 * * * /root/shutdown-script.sh` which will run the script at 04:00 each day. -1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` and then `Enter` to save, and close the editor with `Ctrl + x`). - - -**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly. Hint: If your backup runs on the same host, make sure to at least back up all docker volumes and additionally Nextcloud's datadir if it is not stored in a docker volume.** - -**Afterwards, you can create a second script that automatically updates the containers:** - -
-Click here to expand - -```bash -#!/bin/bash - -# Run container update once -if ! docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh; then - while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do - echo "Waiting for watchtower to stop" - sleep 30 - done - - while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; do - echo "Waiting for Mastercontainer to start" - sleep 30 - done - - # Run container update another time to make sure that all containers are updated correctly. - docker exec --env AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh -fi - -``` - -
- -You can simply copy and paste the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`. - -Afterwards apply the correct permissions with `sudo chown root:root /root/automatic-updates.sh` and `sudo chmod 700 /root/automatic-updates.sh`. Then you can create a cronjob that runs e.g. at `05:00` each day like this: -1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). -1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. -1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`). - -### Securing the AIO interface from unauthorized ACME challenges -[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure. +### Huge docker logs +If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs. From c531f516d3ab1d151c0252af10cfba2f0965290e Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 18 Feb 2025 12:11:54 +0000 Subject: [PATCH 0084/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 0c72e6dd..1cce5d4a 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -2699,16 +2699,16 @@ }, { "name": "phpstan/phpdoc-parser", - "version": "2.0.1", + "version": "2.0.2", "source": { "type": "git", "url": "https://github.com/phpstan/phpdoc-parser.git", - "reference": "72e51f7c32c5aef7c8b462195b8c599b11199893" + "reference": "51087f87dcce2663e1fed4dfd4e56eccd580297e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/72e51f7c32c5aef7c8b462195b8c599b11199893", - "reference": "72e51f7c32c5aef7c8b462195b8c599b11199893", + "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/51087f87dcce2663e1fed4dfd4e56eccd580297e", + "reference": "51087f87dcce2663e1fed4dfd4e56eccd580297e", "shasum": "" }, "require": { @@ -2740,9 +2740,9 @@ "description": "PHPDoc parser with support for nullable, intersection and generic types", "support": { "issues": "https://github.com/phpstan/phpdoc-parser/issues", - "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.1" + "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.2" }, - "time": "2025-02-13T12:25:43+00:00" + "time": "2025-02-17T20:25:51+00:00" }, { "name": "sebastian/diff", From efe9aac94db6c222cde087b41d0b1dbf2ca8c3ac Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 18 Feb 2025 22:42:23 +0100 Subject: [PATCH 0085/1064] add info box in how-to sectioin Signed-off-by: Simon L. --- readme.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 5f6abfd6..27c45154 100644 --- a/readme.md +++ b/readme.md @@ -81,7 +81,9 @@ Included are: | ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) | ## How to use this? -The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). +> [!INFO] +> The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). + 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms. >[!WARNING] > You could use the convenience script below to install docker. However we recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can of course use it. See below: From 77a44ee7ff6a7dc3c48a9d5713ed4f8033be95a8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 18 Feb 2025 22:52:21 +0100 Subject: [PATCH 0086/1064] aio-interface: adjust aplicable links to always open in a new tab Signed-off-by: Simon L. --- php/templates/containers.twig | 58 +++++++++---------- php/templates/includes/aio-config.twig | 18 +++--- php/templates/includes/backup-dirs.twig | 2 +- .../includes/optional-containers.twig | 12 ++-- php/templates/login.twig | 2 +- 5 files changed, 46 insertions(+), 46 deletions(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 03fe7802..cc038cf4 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -81,7 +81,7 @@ {% if is_backup_container_running == false and domain == "" %} {% if isDomaincheckRunning == false %}

Domaincheck container is not running

-

This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the reverse proxy documentation. Advice: have a detailed look at the changed docker run command for AIO.

+

This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the reverse proxy documentation. Advice: have a detailed look at the changed docker run command for AIO.

{% elseif is_mastercontainer_update_available == true %}

Mastercontainer update

⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.

@@ -97,7 +97,7 @@ {{ include('includes/aio-config.twig') }}

New AIO instance

{% if apache_port == '443' %} -

AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the reverse proxy documentation. Advice: have a detailed look at the changed docker run command for AIO.

+

AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the reverse proxy documentation. Advice: have a detailed look at the changed docker run command for AIO.

{% else %}

AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.

{% endif %} @@ -115,14 +115,14 @@

Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.

Click here for further hints -

If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use Tailscale

-

If you have a dynamic public IP-address, you can use e.g. DDclient with a compatible domain provider for DNS updates.

-

If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow this documentation.

+

If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use Tailscale

+

If you have a dynamic public IP-address, you can use e.g. DDclient with a compatible domain provider for DNS updates.

+

If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow this documentation.

If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.

{% if apache_port != '443' %} -

If you run into issues with your domain being accepted, see these steps for how to debug things.

+

If you run into issues with your domain being accepted, see these steps for how to debug things.

{% endif %} -

Hint: If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following this documentation.

+

Hint: If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following this documentation.

{% endif %} @@ -138,7 +138,7 @@ {% if borg_backup_mode == 'test' %}

Please adjust the path and/or the encryption password in order to make it work!

{% elseif borg_backup_mode == 'check' %} -

The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following this documentation

+

The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following this documentation

Reveal repair option

Below is the option to repair the integrity of your backup. Please note: Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)

@@ -160,7 +160,7 @@ {% endif %}

Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!

-

Please note: If the backup that you want to restore contained any community container, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.

+

Please note: If the backup that you want to restore contained any community container, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.

@@ -191,7 +191,7 @@

Please enter the location of the backup archive on your host or a - remote borg repo url + remote borg repo url if stored remotely; and the encryption password of the backup archive below:

@@ -215,12 +215,12 @@ {% endif %} {% endif %}

How to reset the AIO instance?

-

If something should be going wrong, for example during the initial installation, you can reset the instance by following this documentation.

+

If something should be going wrong, for example during the initial installation, you can reset the instance by following this documentation.

{% endif %} {% if was_start_button_clicked == true %} {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %} -

You are running the {{ current_channel }} channel. (Logs)

+

You are running the {{ current_channel }} channel. (Logs)

{% else %}

No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.

{% endif %} @@ -247,7 +247,7 @@ {% endif %}

Open your Nextcloud ↗

{% if not hasBackupLocation %} -

If your Nextcloud does not open when clicking the button above, see this documentation

+

If your Nextcloud does not open when clicking the button above, see this documentation

{% endif %} {% else %} {% if isAnyRestarting == false %} @@ -280,7 +280,7 @@ {{ container.GetDisplayName() }} (Starting) {% if container.GetDocumentation() != '' %} - (docs) + (docs) {% endif %} {% if container.GetUiSecret() != '' %} (password: {{ container.GetUiSecret() }}) @@ -290,7 +290,7 @@ {{ container.GetDisplayName() }} (Running) {% if container.GetDocumentation() != '' %} - (docs) + (docs) {% endif %} {% if container.GetUiSecret() != '' %} (password: {{ container.GetUiSecret() }}) @@ -300,7 +300,7 @@ {{ container.GetDisplayName() }} (Stopped) {% if container.GetDocumentation() != '' %} - (docs) + (docs) {% endif %} {% if container.GetUiSecret() != '' %} (password: {{ container.GetUiSecret() }}) @@ -322,7 +322,7 @@ {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
Note about Nextcloud Hub {{ newMajorVersion - 21 }} -

If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow this documentation

+

If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow this documentation

{% endif %} {% endif %} @@ -334,11 +334,11 @@ {% if is_mastercontainer_update_available == true %}

⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.

{% if current_channel starts with 'latest' %} -

You can find the changelog here

+

You can find the changelog here

{% elseif current_channel starts with 'beta' %} -

You can find the changelog here

+

You can find the changelog here

{% elseif current_channel starts with 'develop' %} -

You can find all changes here

+

You can find all changes here

{% endif %} {% endif %} @@ -399,7 +399,7 @@

Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.

To store backups remotely instead, fill in the - remote borg repo url. + remote borg repo url.


@@ -420,7 +420,7 @@ {% if backup_exit_code > 0 %}

Last {{ borg_backup_mode }} failed! (Logs)

{% if borg_backup_mode == "check" %} -

The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following this documentation

+

The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following this documentation

Reveal repair option

Below is the option to repair the integrity of your backup. Please note: Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)

@@ -468,7 +468,7 @@

This is your encryption password for backups: {{ borgbackup_password }}

Please save this password in a safe place. You won't be able to restore from backup if you lose this password!

All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.

-

The backup uses a tool called BorgBackup, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.

+

The backup uses a tool called BorgBackup, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.

By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.

{% if borg_remote_repo != '' %}

@@ -482,9 +482,9 @@

Backups will be created in the following directory on the host: {{ borg_backup_host_location }}/borg

{% endif %}

Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.

-

For information about backup retention, see this.

+

For information about backup retention, see this.

Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.

-

For further documentation and options on this backup solution refer to this section and below.

+

For further documentation and options on this backup solution refer to this section and below.

{% if isApacheStarting != true %}

Backup creation

@@ -514,7 +514,7 @@ {% if has_backup_run_once == true %}

Backup Viewer

-

There is now a community container that allows to access your backups in a web session. See this documentation.

+

There is now a community container that allows to access your backups in a web session. See this documentation.

Backup check

Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.

@@ -571,7 +571,7 @@

Each line and entry needs to start with a slash or letter/digit. Only a-z, A-Z, ., 0-9, _, -, and / are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are /directory/on/the/host and my_custom_docker_volume. You need to make sure that all given directories exist or the backup container will fail to start!

-

Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing / as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see this documentation

+

Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing / as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see this documentation

Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually.

{% if additional_backup_directories != "" %}

This option is currently set. You can disable it again by clearing the field and submitting your changes.

@@ -598,7 +598,7 @@ -

The new passphrase needs to be at least 24 characters long. Allowed characters are the latin characters a-z, A-Z, 0-9 and spaces.

+

The new passphrase needs to be at least 24 characters long. Allowed characters are the latin characters a-z, A-Z, 0-9 and spaces.

{% endif %} {% endif %} @@ -623,7 +623,7 @@ -

You need to make sure that the timezone that you enter is valid. An example is Europe/Berlin. You can get valid values by looking at the 'TZ identifier' column of this list: click here. The default is Etc/UTC if nothing is entered.

+

You need to make sure that the timezone that you enter is valid. An example is Europe/Berlin. You can get valid values by looking at the 'TZ identifier' column of this list: click here. The default is Etc/UTC if nothing is entered.

{% else %}

The timezone for Nextcloud is currently set to {{ timezone }}. You can change the timezone by clicking on the button below.

diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig index 07672ce3..7535ad93 100644 --- a/php/templates/includes/aio-config.twig +++ b/php/templates/includes/aio-config.twig @@ -1,8 +1,8 @@
Click here to view the current AIO config and documentation links {% if was_start_button_clicked == true %} -

Nextcloud's config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the config.php documentation.

-

You can run Nextcloud's usual occ commands by following the occ documentation.

+

Nextcloud's config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the config.php documentation.

+

You can run Nextcloud's usual occ commands by following the occ documentation.

{% endif %}

@@ -11,7 +11,7 @@ {% else %} Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume. {% endif %} - See the NEXTCLOUD_DATADIR documentation on how to change this. + See the NEXTCLOUD_DATADIR documentation on how to change this.

@@ -20,13 +20,13 @@ {% else %} The Nextcloud container is getting access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled. {% endif %} - See the NEXTCLOUD_MOUNT documentation on how to change this.

+ See the NEXTCLOUD_MOUNT documentation on how to change this.

-

Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the NEXTCLOUD_UPLOAD_LIMIT documentation on how to change this.

+

Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the NEXTCLOUD_UPLOAD_LIMIT documentation on how to change this.

-

For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the NEXTCLOUD_MEMORY_LIMIT documentation on how to change this.

+

For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the NEXTCLOUD_MEMORY_LIMIT documentation on how to change this.

-

Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the NEXTCLOUD_MAX_TIME documentation on how to change this.

+

Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the NEXTCLOUD_MAX_TIME documentation on how to change this.

{% if is_dri_device_enabled == true and is_nvidia_gpu_enabled == true %} @@ -38,7 +38,7 @@ {% else %} Hardware acceleration is not enabled. It's recommended to enable hardware transcoding for better performance. {% endif %} - See the hardware acceleration documentation on how to change this.

+ See the hardware acceleration documentation on how to change this.

-

For further documentation on AIO, refer to this page. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found here.

+

For further documentation on AIO, refer to this page. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found here.

diff --git a/php/templates/includes/backup-dirs.twig b/php/templates/includes/backup-dirs.twig index 22090dee..85ff877a 100644 --- a/php/templates/includes/backup-dirs.twig +++ b/php/templates/includes/backup-dirs.twig @@ -3,4 +3,4 @@

On Synology it could be /volume1/docker/nextcloud/backup.

For macOS it may be /var/backup.

On Windows it might be /run/desktop/mnt/host/c/backup. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.) ⚠️ Please note: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.

-

Another option is to enter a specific volume name here: nextcloud_aio_backupdir. This volume needs to be created beforehand manually by you in order to be able to use it. See this documentation for an example.

+

Another option is to enter a specific volume name here: nextcloud_aio_backupdir. This volume needs to be created beforehand manually by you in order to be able to use it. See this documentation for an example.

diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 6df95600..c218f8ee 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -1,5 +1,5 @@

Optional containers

-

In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See this documentation how to add them.

+

In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See this documentation how to add them.

{% if isAnyRunning == true %}

Please note: You can enable or disable the options below only when your containers are stopped.

{% else %} @@ -50,7 +50,7 @@ {% endif %} >
From 61b1576c92a1ed2e88277c85fa59243d8b823b43 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 18 Feb 2025 23:12:59 +0100 Subject: [PATCH 0087/1064] fix typo Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 27c45154..b10a262d 100644 --- a/readme.md +++ b/readme.md @@ -81,7 +81,7 @@ Included are: | ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) | ## How to use this? -> [!INFO] +> [!NOTE] > The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms. From 072010467fad785d7872362502087cce1ca4a2a2 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 19 Feb 2025 13:14:21 +0100 Subject: [PATCH 0088/1064] increase to 10.6.1 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 03fe7802..c48baeaf 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
-

Nextcloud AIO v10.6.0

+

Nextcloud AIO v10.6.1

{# Add 2nd tab warning #} From 64cd9acbce02cb2c7816671979b6b0bfcb79429c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Feb 2025 04:57:30 +0000 Subject: [PATCH 0089/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.12.3.1 to 24.04.12.4.1. --- updated-dependencies: - dependency-name: collabora/code dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 8766eb32..e9ca4d01 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker -FROM collabora/code:24.04.12.3.1 +FROM collabora/code:24.04.12.4.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 4e56d89ea66494f5efafdea21d809a98d863411a Mon Sep 17 00:00:00 2001 From: David Hund Date: Fri, 21 Feb 2025 16:29:57 +0100 Subject: [PATCH 0090/1064] fix: `pihole/pihole@latest` Web Admin interface See: https://github.com/nextcloud/all-in-one/discussions/6064 `pihole/pihole@latest` has been updated to `v6`, breaking the Web Admin interface at (http://192.168.x.x:8573/admin) (Pi-hole itself continues working fine, it seems) **Cause:** V6 replaced `lighttpd` with an *embedded webserver* and changed most `pi-hole.json` *environment variables*. **Fix:** This PR updates the environment variables to match the new v6 configuration. Stopping and starting the container will apply the changes and should fix the Web Admin interface. Signed-off-by: David Hund --- community-containers/pi-hole/pi-hole.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/community-containers/pi-hole/pi-hole.json b/community-containers/pi-hole/pi-hole.json index 0f2f397b..2cecb9ec 100644 --- a/community-containers/pi-hole/pi-hole.json +++ b/community-containers/pi-hole/pi-hole.json @@ -28,9 +28,9 @@ ], "environment": [ "TZ=%TIMEZONE%", - "WEBPASSWORD=%PIHOLE_WEBPASSWORD%", - "DNSMASQ_LISTENING=all", - "WEB_PORT=8573" + "FTLCONF_webserver_api_password=%PIHOLE_WEBPASSWORD%", + "FTLCONF_dns_listeningMode=all", + "FTLCONF_webserver_port=8573" ], "volumes": [ { From 68e278d651ee924422bd6c707c3691a145d0eb27 Mon Sep 17 00:00:00 2001 From: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> Date: Sat, 22 Feb 2025 17:11:43 -0500 Subject: [PATCH 0091/1064] Update readme.md Add mention of jellyseerr at the beginning Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com> --- community-containers/caddy/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 3c97c5b6..79d6935e 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -1,5 +1,5 @@ ## Caddy with geoblocking -This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb by listening on `tables.$NC_DOMAIN`, if installed. +This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb by listening on `tables.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr by listening on `requests.$NC_DOMAIN`, if installed. ### Notes - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! From 1325393805449af6478379bb93c9dbffd18542ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Feb 2025 04:47:06 +0000 Subject: [PATCH 0092/1064] build(deps): bump clamav/clamav in /Containers/clamav Bumps clamav/clamav from 1.4.2-27 to 1.4.2-28. --- updated-dependencies: - dependency-name: clamav/clamav dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 3825d6c8..19ac5176 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.2-27 +FROM clamav/clamav:1.4.2-28 COPY clamav.conf /clamav.conf COPY --chmod=775 start.script /start.script From c509118457e5845bc4e66be1bb61150840fb815b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Feb 2025 04:47:11 +0000 Subject: [PATCH 0093/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.1.3-alpine to 3.1.5-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index bad6ea3e..79bd22ac 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.1.3-alpine +FROM haproxy:3.1.5-alpine # hadolint ignore=DL3002 USER root From 647c2ca93d138817aad655930cf4c84965f8e63b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Feb 2025 04:47:42 +0000 Subject: [PATCH 0094/1064] build(deps): bump postgres in /Containers/postgresql Bumps postgres from 16.7-alpine to 16.8-alpine. --- updated-dependencies: - dependency-name: postgres dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/postgresql/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index a537d0a2..7abeaedb 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile -FROM postgres:16.7-alpine +FROM postgres:16.8-alpine COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 4837de43e051f98cb5eeb2cc1b3fe20cbfc22b67 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Feb 2025 10:23:24 +0100 Subject: [PATCH 0095/1064] remove `rel="noopener"` as it is implied by `target="_blank"` Signed-off-by: Simon L. --- app/templates/admin.php | 2 +- php/templates/containers.twig | 86 +++++++++---------- php/templates/includes/aio-config.twig | 18 ++-- php/templates/includes/backup-dirs.twig | 2 +- .../includes/optional-containers.twig | 12 +-- php/templates/login.twig | 2 +- php/templates/setup.twig | 2 +- 7 files changed, 62 insertions(+), 62 deletions(-) diff --git a/app/templates/admin.php b/app/templates/admin.php index 8256dfab..df675cad 100644 --- a/app/templates/admin.php +++ b/app/templates/admin.php @@ -11,6 +11,6 @@ declare(strict_types=1); /** @var array $_ */ ?> diff --git a/php/templates/containers.twig b/php/templates/containers.twig index cc038cf4..540f28fc 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -60,11 +60,11 @@ {% endfor %} {% if is_daily_backup_running == true %} -

Daily backup currently running. (Logs)

+

Daily backup currently running. (Logs)

{% if automatic_updates == true %}

This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.

{% if is_mastercontainer_update_available == true %} -

When the mastercontainer is updated it will restart, making it unavailable for a moment. (Logs)

+

When the mastercontainer is updated it will restart, making it unavailable for a moment. (Logs)

{% endif %} {% endif %} {% if has_update_available == false %} @@ -75,13 +75,13 @@

Reload ↻

If the daily backup is stuck somehow, you can unstick it by running sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running and afterwards reloading this interface.

{% elseif isWatchtowerRunning == true %} -

Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (Logs)

+

Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (Logs)

Reload ↻

{% else %} {% if is_backup_container_running == false and domain == "" %} {% if isDomaincheckRunning == false %}

Domaincheck container is not running

-

This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the reverse proxy documentation. Advice: have a detailed look at the changed docker run command for AIO.

+

This is not expected. Most likely this happened because port {{ apache_port }} is already in use on your server. You can check the mastercontainer logs and domaincheck container logs for further clues. You should be able to resolve this by adjusting the APACHE_PORT by following the reverse proxy documentation. Advice: have a detailed look at the changed docker run command for AIO.

{% elseif is_mastercontainer_update_available == true %}

Mastercontainer update

⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.

@@ -97,7 +97,7 @@ {{ include('includes/aio-config.twig') }}

New AIO instance

{% if apache_port == '443' %} -

AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the reverse proxy documentation. Advice: have a detailed look at the changed docker run command for AIO.

+

AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the reverse proxy documentation. Advice: have a detailed look at the changed docker run command for AIO.

{% else %}

AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.

{% endif %} @@ -115,14 +115,14 @@

Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.

Click here for further hints -

If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use Tailscale

-

If you have a dynamic public IP-address, you can use e.g. DDclient with a compatible domain provider for DNS updates.

-

If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow this documentation.

+

If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use Tailscale

+

If you have a dynamic public IP-address, you can use e.g. DDclient with a compatible domain provider for DNS updates.

+

If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow this documentation.

If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.

{% if apache_port != '443' %} -

If you run into issues with your domain being accepted, see these steps for how to debug things.

+

If you run into issues with your domain being accepted, see these steps for how to debug things.

{% endif %} -

Hint: If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following this documentation.

+

Hint: If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following this documentation.

{% endif %} @@ -134,11 +134,11 @@ {% if hasBackupLocation %} {% if borg_backup_mode in ['test', 'check'] %} {% if backup_exit_code > 0 %} -

Last {{ borg_backup_mode }} failed! (Logs)

+

Last {{ borg_backup_mode }} failed! (Logs)

{% if borg_backup_mode == 'test' %}

Please adjust the path and/or the encryption password in order to make it work!

{% elseif borg_backup_mode == 'check' %} -

The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following this documentation

+

The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following this documentation

Reveal repair option

Below is the option to repair the integrity of your backup. Please note: Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)

@@ -150,7 +150,7 @@
{% endif %} {% elseif backup_exit_code == 0 %} -

Last {{ borg_backup_mode }} successful! (Logs)

+

Last {{ borg_backup_mode }} successful! (Logs)

{% if borg_backup_mode == 'test' %}

Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.

@@ -160,7 +160,7 @@
{% endif %}

Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!

-

Please note: If the backup that you want to restore contained any community container, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.

+

Please note: If the backup that you want to restore contained any community container, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.

@@ -175,7 +175,7 @@ {% endif %} {% elseif borg_backup_mode == 'restore' %} {% if backup_exit_code > 0 %} -

Last restore failed! (Logs)

+

Last restore failed! (Logs)

The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!

{% endif %} {% endif %} @@ -191,7 +191,7 @@

Please enter the location of the backup archive on your host or a - remote borg repo url + remote borg repo url if stored remotely; and the encryption password of the backup archive below:

@@ -215,19 +215,19 @@ {% endif %} {% endif %}

How to reset the AIO instance?

-

If something should be going wrong, for example during the initial installation, you can reset the instance by following this documentation.

+

If something should be going wrong, for example during the initial installation, you can reset the instance by following this documentation.

{% endif %} {% if was_start_button_clicked == true %} {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %} -

You are running the {{ current_channel }} channel. (Logs)

+

You are running the {{ current_channel }} channel. (Logs)

{% else %}

No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.

{% endif %} {% endif %} {% if is_backup_container_running == true %} -

Backup container is currently running: {{ borg_backup_mode }} (Logs)

+

Backup container is currently running: {{ borg_backup_mode }} (Logs)

Reload ↻

{% endif %} @@ -245,9 +245,9 @@ {% else %}

Initial Nextcloud password: {{ nextcloud_password }}

{% endif %} -

Open your Nextcloud ↗

+

Open your Nextcloud ↗

{% if not hasBackupLocation %} -

If your Nextcloud does not open when clicking the button above, see this documentation

+

If your Nextcloud does not open when clicking the button above, see this documentation

{% endif %} {% else %} {% if isAnyRestarting == false %} @@ -278,9 +278,9 @@
  • {% if container.GetStartingState().value == 'starting' %} - {{ container.GetDisplayName() }} (Starting) + {{ container.GetDisplayName() }} (Starting) {% if container.GetDocumentation() != '' %} - (docs) + (docs) {% endif %} {% if container.GetUiSecret() != '' %} (password: {{ container.GetUiSecret() }}) @@ -288,9 +288,9 @@ {% elseif container.GetRunningState().value == 'running' %} - {{ container.GetDisplayName() }} (Running) + {{ container.GetDisplayName() }} (Running) {% if container.GetDocumentation() != '' %} - (docs) + (docs) {% endif %} {% if container.GetUiSecret() != '' %} (password: {{ container.GetUiSecret() }}) @@ -298,9 +298,9 @@ {% else %} - {{ container.GetDisplayName() }} (Stopped) + {{ container.GetDisplayName() }} (Stopped) {% if container.GetDocumentation() != '' %} - (docs) + (docs) {% endif %} {% if container.GetUiSecret() != '' %} (password: {{ container.GetUiSecret() }}) @@ -322,7 +322,7 @@ {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
    Note about Nextcloud Hub {{ newMajorVersion - 21 }} -

    If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow this documentation

    +

    If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow this documentation

    {% endif %} {% endif %} @@ -334,11 +334,11 @@ {% if is_mastercontainer_update_available == true %}

    ⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to update the mastercontainer.

    {% if current_channel starts with 'latest' %} -

    You can find the changelog here

    +

    You can find the changelog here

    {% elseif current_channel starts with 'beta' %} -

    You can find the changelog here

    +

    You can find the changelog here

    {% elseif current_channel starts with 'develop' %} -

    You can find all changes here

    +

    You can find all changes here

    {% endif %} {% endif %} @@ -399,7 +399,7 @@

    Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.

    To store backups remotely instead, fill in the - remote borg repo url. + remote borg repo url.


    @@ -418,9 +418,9 @@ {% if is_backup_container_running == false %}

    Backup and restore

    {% if backup_exit_code > 0 %} -

    Last {{ borg_backup_mode }} failed! (Logs)

    +

    Last {{ borg_backup_mode }} failed! (Logs)

    {% if borg_backup_mode == "check" %} -

    The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following this documentation

    +

    The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following this documentation

    Reveal repair option

    Below is the option to repair the integrity of your backup. Please note: Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)

    @@ -452,9 +452,9 @@ {% endif %} {% elseif backup_exit_code == 0 %} {% if borg_backup_mode == "backup" %} -

    Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (Logs)

    +

    Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (Logs)

    {% else %} -

    Last {{ borg_backup_mode }} successful! (Logs)

    +

    Last {{ borg_backup_mode }} successful! (Logs)

    {% endif %} {% endif %} {% endif %} @@ -468,7 +468,7 @@

    This is your encryption password for backups: {{ borgbackup_password }}

    Please save this password in a safe place. You won't be able to restore from backup if you lose this password!

    All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.

    -

    The backup uses a tool called BorgBackup, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.

    +

    The backup uses a tool called BorgBackup, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.

    By using this tool, backups are incremental, differential, compressed and encrypted – so only the first backup will take a while. Further backups should be fast as only changes are taken into account.

    {% if borg_remote_repo != '' %}

    @@ -482,9 +482,9 @@

    Backups will be created in the following directory on the host: {{ borg_backup_host_location }}/borg

    {% endif %}

    Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.

    -

    For information about backup retention, see this.

    +

    For information about backup retention, see this.

    Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.

    -

    For further documentation and options on this backup solution refer to this section and below.

    +

    For further documentation and options on this backup solution refer to this section and below.

    {% if isApacheStarting != true %}

    Backup creation

    @@ -514,7 +514,7 @@ {% if has_backup_run_once == true %}

    Backup Viewer

    -

    There is now a community container that allows to access your backups in a web session. See this documentation.

    +

    There is now a community container that allows to access your backups in a web session. See this documentation.

    Backup check

    Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.

    @@ -571,7 +571,7 @@

    Each line and entry needs to start with a slash or letter/digit. Only a-z, A-Z, ., 0-9, _, -, and / are allowed. If the entry begins with a letter/digit slashes are not supported. Two valid entries are /directory/on/the/host and my_custom_docker_volume. You need to make sure that all given directories exist or the backup container will fail to start!

    -

    Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing / as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see this documentation

    +

    Be sure to individually specify all storage that you want to back up as storage will not be mounted recursively. E.g. providing / as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. If you want to back up the root partition you should make sure to stop all services before the backup so it can run correctly. For automating this see this documentation

    Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually.

    {% if additional_backup_directories != "" %}

    This option is currently set. You can disable it again by clearing the field and submitting your changes.

    @@ -598,7 +598,7 @@ -

    The new passphrase needs to be at least 24 characters long. Allowed characters are the latin characters a-z, A-Z, 0-9 and spaces.

    +

    The new passphrase needs to be at least 24 characters long. Allowed characters are the latin characters a-z, A-Z, 0-9 and spaces.

    {% endif %} {% endif %} @@ -623,7 +623,7 @@ -

    You need to make sure that the timezone that you enter is valid. An example is Europe/Berlin. You can get valid values by looking at the 'TZ identifier' column of this list: click here. The default is Etc/UTC if nothing is entered.

    +

    You need to make sure that the timezone that you enter is valid. An example is Europe/Berlin. You can get valid values by looking at the 'TZ identifier' column of this list: click here. The default is Etc/UTC if nothing is entered.

    {% else %}

    The timezone for Nextcloud is currently set to {{ timezone }}. You can change the timezone by clicking on the button below.

    diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig index 7535ad93..981d7997 100644 --- a/php/templates/includes/aio-config.twig +++ b/php/templates/includes/aio-config.twig @@ -1,8 +1,8 @@
    Click here to view the current AIO config and documentation links {% if was_start_button_clicked == true %} -

    Nextcloud's config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the config.php documentation.

    -

    You can run Nextcloud's usual occ commands by following the occ documentation.

    +

    Nextcloud's config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can be edited by following the config.php documentation.

    +

    You can run Nextcloud's usual occ commands by following the occ documentation.

    {% endif %}

    @@ -11,7 +11,7 @@ {% else %} Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume. {% endif %} - See the NEXTCLOUD_DATADIR documentation on how to change this. + See the NEXTCLOUD_DATADIR documentation on how to change this.

    @@ -20,13 +20,13 @@ {% else %} The Nextcloud container is getting access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled. {% endif %} - See the NEXTCLOUD_MOUNT documentation on how to change this.

    + See the NEXTCLOUD_MOUNT documentation on how to change this.

    -

    Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the NEXTCLOUD_UPLOAD_LIMIT documentation on how to change this.

    +

    Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the NEXTCLOUD_UPLOAD_LIMIT documentation on how to change this.

    -

    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the NEXTCLOUD_MEMORY_LIMIT documentation on how to change this.

    +

    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the NEXTCLOUD_MEMORY_LIMIT documentation on how to change this.

    -

    Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the NEXTCLOUD_MAX_TIME documentation on how to change this.

    +

    Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the NEXTCLOUD_MAX_TIME documentation on how to change this.

    {% if is_dri_device_enabled == true and is_nvidia_gpu_enabled == true %} @@ -38,7 +38,7 @@ {% else %} Hardware acceleration is not enabled. It's recommended to enable hardware transcoding for better performance. {% endif %} - See the hardware acceleration documentation on how to change this.

    + See the hardware acceleration documentation on how to change this.

    -

    For further documentation on AIO, refer to this page. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found here.

    +

    For further documentation on AIO, refer to this page. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found here.

    diff --git a/php/templates/includes/backup-dirs.twig b/php/templates/includes/backup-dirs.twig index 85ff877a..390bf69c 100644 --- a/php/templates/includes/backup-dirs.twig +++ b/php/templates/includes/backup-dirs.twig @@ -3,4 +3,4 @@

    On Synology it could be /volume1/docker/nextcloud/backup.

    For macOS it may be /var/backup.

    On Windows it might be /run/desktop/mnt/host/c/backup. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.) ⚠️ Please note: This does not work with external drives like USB or network drives and only with internal drives like SATA or NVME drives.

    -

    Another option is to enter a specific volume name here: nextcloud_aio_backupdir. This volume needs to be created beforehand manually by you in order to be able to use it. See this documentation for an example.

    +

    Another option is to enter a specific volume name here: nextcloud_aio_backupdir. This volume needs to be created beforehand manually by you in order to be able to use it. See this documentation for an example.

    diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index c218f8ee..60efcc5e 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -1,5 +1,5 @@

    Optional containers

    -

    In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See this documentation how to add them.

    +

    In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See this documentation how to add them.

    {% if isAnyRunning == true %}

    Please note: You can enable or disable the options below only when your containers are stopped.

    {% else %} @@ -50,7 +50,7 @@ {% endif %} >
    • diff --git a/php/templates/setup.twig b/php/templates/setup.twig index b4761425..ac8063a2 100644 --- a/php/templates/setup.twig +++ b/php/templates/setup.twig @@ -11,6 +11,6 @@

    The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.

    ⚠️ Please note down the passphrase to access the AIO interface and don't lose it!

    Passphrase
    {{ password }}
    - Open Nextcloud AIO login ↗ + Open Nextcloud AIO login ↗
    {% endblock %} From d74b0da0ee3b8bc9bc42f712a58c2685b4d2ee0f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 25 Feb 2025 12:59:30 +0000 Subject: [PATCH 0096/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 2 +- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 2 +- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 2 +- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 2 +- .../templates/nextcloud-aio-notify-push-deployment.yaml | 4 +++- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 2 +- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 16 insertions(+), 14 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 3931dc76..a66038f9 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.5.0 +version: 10.6.1 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 782ba09b..df7a6f0b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: nextcloud/aio-apache:20250204_102259 + image: nextcloud/aio-apache:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 8beccf20..ef33fcce 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-clamav:20250204_102259 + image: nextcloud/aio-clamav:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 7c6341de..f9efa705 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -34,7 +34,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: nextcloud/aio-collabora:20250204_102259 + image: nextcloud/aio-collabora:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index f27bac21..7ff15db8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-postgresql:20250204_102259 + image: nextcloud/aio-postgresql:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index ab8ba44a..8a7f661b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: nextcloud/aio-fulltextsearch:20250204_102259 + image: nextcloud/aio-fulltextsearch:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 302ed3b6..0ba476bf 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-imaginary:20250204_102259 + image: nextcloud/aio-imaginary:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index fbbb6fb2..d07960e3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -180,7 +180,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: nextcloud/aio-nextcloud:20250204_102259 + image: nextcloud/aio-nextcloud:20250225_125724 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 2089d5bb..2121d95c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -53,7 +53,9 @@ spec: value: nextcloud-aio-redis - name: REDIS_HOST_PASSWORD value: "{{ .Values.REDIS_PASSWORD }}" - image: nextcloud/aio-notify-push:20250204_102259 + - name: TZ + value: "{{ .Values.TIMEZONE }}" + image: nextcloud/aio-notify-push:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index c10aed88..7ef6cc79 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-onlyoffice:20250204_102259 + image: nextcloud/aio-onlyoffice:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 0b338e86..72346b86 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-redis:20250204_102259 + image: nextcloud/aio-redis:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 64a71bf6..ac514adc 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk:20250204_102259 + image: nextcloud/aio-talk:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 24a866ad..b34b3f71 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk-recording:20250204_102259 + image: nextcloud/aio-talk-recording:20250225_125724 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index f72b98a1..49f0e836 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-whiteboard:20250204_102259 + image: nextcloud/aio-whiteboard:20250225_125724 readinessProbe: exec: command: From 2631b3922a966bcc2e538bca509567cfe7de05d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Feb 2025 04:16:07 +0000 Subject: [PATCH 0097/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.10.25-scratch to 2.10.26-scratch. --- updated-dependencies: - dependency-name: nats dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index e050e926..2b3045b6 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.10.25-scratch AS nats +FROM nats:2.10.26-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.3 AS janus From 6764b03eebde9311bbe0a2d18b48815d11821f5e Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 26 Feb 2025 12:03:08 +0000 Subject: [PATCH 0098/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 1cce5d4a..8bd74ba9 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -2699,16 +2699,16 @@ }, { "name": "phpstan/phpdoc-parser", - "version": "2.0.2", + "version": "2.1.0", "source": { "type": "git", "url": "https://github.com/phpstan/phpdoc-parser.git", - "reference": "51087f87dcce2663e1fed4dfd4e56eccd580297e" + "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/51087f87dcce2663e1fed4dfd4e56eccd580297e", - "reference": "51087f87dcce2663e1fed4dfd4e56eccd580297e", + "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/9b30d6fd026b2c132b3985ce6b23bec09ab3aa68", + "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68", "shasum": "" }, "require": { @@ -2740,9 +2740,9 @@ "description": "PHPDoc parser with support for nullable, intersection and generic types", "support": { "issues": "https://github.com/phpstan/phpdoc-parser/issues", - "source": "https://github.com/phpstan/phpdoc-parser/tree/2.0.2" + "source": "https://github.com/phpstan/phpdoc-parser/tree/2.1.0" }, - "time": "2025-02-17T20:25:51+00:00" + "time": "2025-02-19T13:28:12+00:00" }, { "name": "sebastian/diff", From 147630df6d1529ca507de3365197341039091aa9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Feb 2025 13:33:37 +0100 Subject: [PATCH 0099/1064] make readme better readable by adjusting links Signed-off-by: Simon L. --- community-containers/caddy/readme.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 79d6935e..d6e63e41 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -1,15 +1,15 @@ ## Caddy with geoblocking -This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb by listening on `tables.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr by listening on `requests.$NC_DOMAIN`, if installed. +This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. ### Notes - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. -- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. -- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart. -- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin. -- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap, make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap. -- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb, make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb. -- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr. +- If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. +- If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart. +- If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin. +- If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap. +- If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb. +- If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr. - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active! - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack From 4e84080f568d45eb10afd4708dce4b80dbc22928 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Feb 2025 14:30:55 +0100 Subject: [PATCH 0100/1064] collabora: allow to configure additional options Signed-off-by: Simon L. --- manual-install/latest.yml | 3 +- manual-install/sample.conf | 2 +- manual-install/update-yaml.sh | 8 +++++ .../nextcloud-aio-collabora-deployment.yaml | 5 +-- nextcloud-aio-helm-chart/update-helm.sh | 6 ++++ nextcloud-aio-helm-chart/values.yaml | 2 +- php/public/index.php | 1 + .../Controller/ConfigurationController.php | 9 +++++ php/src/Data/ConfigurationManager.php | 36 +++++++++++++++++++ php/src/Docker/DockerActionManager.php | 5 +++ .../includes/optional-containers.twig | 22 ++++++++++++ 11 files changed, 94 insertions(+), 5 deletions(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 17bf7ad6..c16aee79 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -239,6 +239,7 @@ services: - NET_RAW nextcloud-aio-collabora: + command: ${ADDITIONAL_COLLABORA_OPTIONS} image: nextcloud/aio-collabora:latest init: true healthcheck: @@ -252,7 +253,7 @@ services: - "9980" environment: - aliasgroup1=https://${NC_DOMAIN}:443 - - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ + - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - dictionaries=${COLLABORA_DICTIONARIES} - TZ=${TIMEZONE} - server_name=${NC_DOMAIN} diff --git a/manual-install/sample.conf b/manual-install/sample.conf index de7dd709..9ee01ab1 100644 --- a/manual-install/sample.conf +++ b/manual-install/sample.conf @@ -24,8 +24,8 @@ WHITEBOARD_ENABLED="no" # Setting this to "yes" (with quotes) enables t APACHE_IP_BINDING=0.0.0.0 # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect APACHE_MAX_SIZE=17179869184 # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT APACHE_PORT=443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). +ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax. COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora -COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container. FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M" # Allows to adjust the fulltextsearch java options. INSTALL_LATEST_MAJOR=no # Setting this to yes will install the latest Major Nextcloud version upon the first installation NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index 5a4af271..dc5e13f1 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -37,6 +37,7 @@ cd manual-install || exit sed -i "s|'||g" containers.yml sed -i '/display_name:/d' containers.yml sed -i '/THIS_IS_AIO/d' containers.yml +sed -i "s|%COLLABORA_SECCOMP_POLICY% ||g" containers.yml sed -i '/stop_grace_period:/s/$/s/' containers.yml sed -i '/: \[\]/d' containers.yml sed -i 's|- source: |- |' containers.yml @@ -129,6 +130,13 @@ echo "$OUTPUT" > containers.yml sed -i '/container_name/d' containers.yml sed -i 's|^ $||' containers.yml +# Additional config for collabora +cat << EOL > /tmp/additional-collabora.config + command: \${ADDITIONAL_COLLABORA_OPTIONS} +EOL +sed -i "/^ nextcloud-aio-collabora:/r /tmp/additional-collabora.config" containers.yml +sed -i "/^COLLABORA_DICTIONARIES.*/i ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax." sample.conf + VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)" mapfile -t VOLUMES <<< "$VOLUMES" echo "" >> containers.yml diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index f9efa705..ba8cb36a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -21,7 +21,8 @@ spec: io.kompose.service: nextcloud-aio-collabora spec: containers: - - env: + - args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default [] }} + env: - name: DONT_GEN_SSL_CERT value: "1" - name: TZ @@ -31,7 +32,7 @@ spec: - name: dictionaries value: "{{ .Values.COLLABORA_DICTIONARIES }}" - name: extra_params - value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ + value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" image: nextcloud/aio-collabora:20250225_125724 diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 6f54d824..6eb92c83 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -42,6 +42,7 @@ sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml sed -i "s|- \${APACHE_PORT}|- $APACHE_PORT|" latest.yml sed -i "s|- \${TALK_PORT}|- $TALK_PORT|" latest.yml sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml +sed -i "s|\${ADDITIONAL_COLLABORA_OPTIONS}|ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER|" latest.yml sed -i "/name: nextcloud-aio/,$ d" latest.yml sed -i "/NEXTCLOUD_DATADIR/d" latest.yml sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml @@ -467,6 +468,11 @@ EOL # shellcheck disable=SC1083 find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^ securityContext:$/r /tmp/security.conf" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*collabora-deployment.yaml*' -exec sed -i "/ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER/d" \{} \; +# shellcheck disable=SC1083 +find ./ -name '*collabora-deployment.yaml*' -exec sed -i "s/- args:/- args: \{\{ .Values.ADDITIONAL_COLLABORA_OPTIONS \}\}/" \{} \; + cat << EOL > /tmp/security.conf # The items below only work in container context allowPrivilegeEscalation: false diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml index bbf597f3..f0897240 100755 --- a/nextcloud-aio-helm-chart/values.yaml +++ b/nextcloud-aio-helm-chart/values.yaml @@ -23,8 +23,8 @@ WHITEBOARD_ENABLED: "no" # Setting this to "yes" (with quotes) enables APACHE_MAX_SIZE: "17179869184" # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT APACHE_PORT: 443 # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). +ADDITIONAL_COLLABORA_OPTIONS: ['--o:security.seccomp=true'] # You can add additional collabora options here by using the array syntax. COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru # You can change this in order to enable other dictionaries for collabora -COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true # Changing the value to false allows to disable the seccomp feature of the Collabora container. FULLTEXTSEARCH_JAVA_OPTIONS: -Xms512M -Xmx512M # Allows to adjust the fulltextsearch java options. INSTALL_LATEST_MAJOR: no # Setting this to yes will install the latest Major Nextcloud version upon the first installation NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. diff --git a/php/public/index.php b/php/public/index.php index e5823cb4..5e5c1896 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -114,6 +114,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped(), 'talk_port' => $configurationManager->GetTalkPort(), 'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(), + 'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(), 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), 'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(), 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled(), diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 67463ab1..561334c8 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -134,6 +134,15 @@ readonly class ConfigurationController { $this->configurationManager->SetCollaboraDictionaries($collaboraDictionaries); } + if (isset($request->getParsedBody()['delete_collabora_additional_options'])) { + $this->configurationManager->DeleteAdditionalCollaboraOptions(); + } + + if (isset($request->getParsedBody()['collabora_additional_options'])) { + $additionalCollaboraOptions = $request->getParsedBody()['collabora_additional_options'] ?? ''; + $this->configurationManager->SetAdditionalCollaboraOptions($additionalCollaboraOptions); + } + if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) { $this->configurationManager->DeleteBorgBackupLocationVars(); } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d8c0c8ec..2c0b79a8 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -950,6 +950,42 @@ class ConfigurationManager $this->WriteConfig($config); } + /** + * @throws InvalidSettingConfigurationException + */ + public function SetAdditionalCollaboraOptions(string $additionalCollaboraOptions) : void { + if ($additionalCollaboraOptions === "") { + throw new InvalidSettingConfigurationException("The additional options must not be empty!"); + } + + if (!preg_match("#^--o:#", $additionalCollaboraOptions)) { + throw new InvalidSettingConfigurationException("The entered options must start with '--o:'. So the config does not seem to be a valid!"); + } + + $config = $this->GetConfig(); + $config['collabora_additional_options'] = $additionalCollaboraOptions; + $this->WriteConfig($config); + } + + public function GetAdditionalCollaboraOptions() : string { + $config = $this->GetConfig(); + if(!isset($config['collabora_additional_options'])) { + $config['collabora_additional_options'] = ''; + } + + return $config['collabora_additional_options']; + } + + public function GetAdditionalCollaboraOptionsArray() : array { + return explode(' ', $this->GetAdditionalCollaboraOptions()); + } + + public function DeleteAdditionalCollaboraOptions() : void { + $config = $this->GetConfig(); + $config['collabora_additional_options'] = ''; + $this->WriteConfig($config); + } + public function GetApacheAdditionalNetwork() : string { $envVariableName = 'APACHE_ADDITIONAL_NETWORK'; $configName = 'apache_additional_network'; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index a22b2efb..d3eace3d 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -578,6 +578,11 @@ readonly class DockerActionManager { // Special things for the caddy community container } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') { $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway']; + // Special things for the collabora container which should not be exposed in the containers.json + } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') { + if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') { + $requestBody['HostConfig']['Config']['Cmd'] = $this->configurationManager->GetAdditionalCollaboraOptionsArray(); + } } if (count($mounts) > 0) { diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 60efcc5e..5b00a769 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -181,4 +181,26 @@ {% endif %} + +

    Additional Collabora options

    + + {% if collabora_additional_options == "" %} +

    You can configure additional options for collabora below.

    +

    (This can be used for configuring the net.content_security_policy and more)

    +
    + + + + +
    +

    You need to make sure that the options that you enter are valid. An example is --o:net.content_security_policy="frame-ancestors *.example.com:*;".

    + {% else %} +

    The additioinal options for Collabora are currently set to {{ collabora_additional_options }}. You can reset them again by clicking on the button below.

    +
    + + + + +
    + {% endif %} {% endif %} From 1759f14c376a2c4d3b8f148e068d8aeae99580ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Feb 2025 04:41:43 +0000 Subject: [PATCH 0101/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 27.5.1-cli to 28.0.1-cli. --- updated-dependencies: - dependency-name: docker dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index c7da9741..6379ba85 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:27.5.1-cli AS docker +FROM docker:28.0.1-cli AS docker # Caddy is a requirement FROM caddy:2.9.1-alpine AS caddy From d01dc6ad8ad77549bfba2f683effbdca0d86e42a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 27 Feb 2025 11:42:44 +0100 Subject: [PATCH 0102/1064] address review Signed-off-by: Simon L. --- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- nextcloud-aio-helm-chart/update-helm.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index ba8cb36a..64e1347a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -21,7 +21,7 @@ spec: io.kompose.service: nextcloud-aio-collabora spec: containers: - - args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default [] }} + - args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson }} env: - name: DONT_GEN_SSL_CERT value: "1" diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 6eb92c83..3c976773 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -471,7 +471,7 @@ find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployme # shellcheck disable=SC1083 find ./ -name '*collabora-deployment.yaml*' -exec sed -i "/ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER/d" \{} \; # shellcheck disable=SC1083 -find ./ -name '*collabora-deployment.yaml*' -exec sed -i "s/- args:/- args: \{\{ .Values.ADDITIONAL_COLLABORA_OPTIONS \}\}/" \{} \; +find ./ -name '*collabora-deployment.yaml*' -exec sed -i "s/- args:/- args: \{\{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson \}\}/" \{} \; cat << EOL > /tmp/security.conf # The items below only work in container context From 7e3b07e7820f66ab0a8c4159227fb179c828badd Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Feb 2025 14:29:40 +0100 Subject: [PATCH 0103/1064] update OO Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index 3289e1b1..321cf5b4 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:8.3.0.1 +FROM onlyoffice/documentserver:8.3.1.1 # USER root is probably used From 91aeae98254258750479d009e7a339eaa2312ef8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Feb 2025 14:30:25 +0100 Subject: [PATCH 0104/1064] increase to 10.7.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 0a6b1452..6f007751 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.6.1

    +

    Nextcloud AIO v10.7.0

    {# Add 2nd tab warning #} From ace709c485e13bddc0bfd14328b75a23b8b4515b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Feb 2025 14:46:12 +0100 Subject: [PATCH 0105/1064] aio-interface: fix broken link Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 6f007751..1124c51a 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -484,7 +484,7 @@

    Be aware that this solution does not backup files and folders that are mounted into Nextcloud using the external storage app, but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.

    For information about backup retention, see this.

    Daily backups can be enabled after the initial backup is done. Enabling this also allows you to enable an option to update all containers, Nextcloud, and its apps automatically.

    -

    For further documentation and options on this backup solution refer to this section and below.

    +

    For further documentation and options on this backup solution refer to this section and below.

    {% if isApacheStarting != true %}

    Backup creation

    From 68ffa35d6f151499132b163153a47542f1924b86 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Feb 2025 14:49:35 +0100 Subject: [PATCH 0106/1064] Enable whiteboard by default Signed-off-by: Simon L. --- php/src/Data/ConfigurationManager.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 2c0b79a8..038e9e10 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -170,10 +170,10 @@ class ConfigurationManager public function isWhiteboardEnabled() : bool { $config = $this->GetConfig(); - if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 1) { - return true; - } else { + if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 0) { return false; + } else { + return true; } } From de053c9b7d5fd38ff50ab67c17ee1abdef47df84 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Feb 2025 15:14:22 +0100 Subject: [PATCH 0107/1064] DockerActionManager: fix setting CMD options for collabora Signed-off-by: Simon L. --- php/src/Data/ConfigurationManager.php | 4 ---- php/src/Docker/DockerActionManager.php | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 038e9e10..60a95761 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -976,10 +976,6 @@ class ConfigurationManager return $config['collabora_additional_options']; } - public function GetAdditionalCollaboraOptionsArray() : array { - return explode(' ', $this->GetAdditionalCollaboraOptions()); - } - public function DeleteAdditionalCollaboraOptions() : void { $config = $this->GetConfig(); $config['collabora_additional_options'] = ''; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index d3eace3d..48903d54 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -581,7 +581,7 @@ readonly class DockerActionManager { // Special things for the collabora container which should not be exposed in the containers.json } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') { if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') { - $requestBody['HostConfig']['Config']['Cmd'] = $this->configurationManager->GetAdditionalCollaboraOptionsArray(); + $requestBody['Cmd'] = [$this->configurationManager->GetAdditionalCollaboraOptions()]; } } From 0e88a15edb51990340322bca6146b05789350309 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Sat, 1 Mar 2025 20:57:21 +0100 Subject: [PATCH 0108/1064] Add container state component for improved status display and hide password by default Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- php/templates/components/container-state.twig | 23 +++++++++++++ php/templates/containers.twig | 34 +------------------ 2 files changed, 24 insertions(+), 33 deletions(-) create mode 100644 php/templates/components/container-state.twig diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig new file mode 100644 index 00000000..cdf70016 --- /dev/null +++ b/php/templates/components/container-state.twig @@ -0,0 +1,23 @@ +{# @var c \App\Containers\Container #} +
  • + {% if c.GetStartingState().value == 'starting' %} + + {% elseif c.GetRunningState().value == 'running' %} + + {% else %} + + {% endif %} + + {{ c.GetDisplayName() }} + (Stopped) + {% if c.GetDocumentation() != '' %} + (docs) + {% endif %} + + {% if c.GetUiSecret() != '' %} +
    + Show password +

    {{ c.GetUiSecret() }}

    +
    + {% endif %} +
    • \ No newline at end of file diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 1124c51a..96687dac 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -275,39 +275,7 @@ {# @var containers \AIO\Container\Container[] #} {% for container in containers %} {% if container.GetDisplayName() != '' %} -
  • - {% if container.GetStartingState().value == 'starting' %} - - {{ container.GetDisplayName() }} (Starting) - {% if container.GetDocumentation() != '' %} - (docs) - {% endif %} - {% if container.GetUiSecret() != '' %} - (password: {{ container.GetUiSecret() }}) - {% endif %} - - {% elseif container.GetRunningState().value == 'running' %} - - {{ container.GetDisplayName() }} (Running) - {% if container.GetDocumentation() != '' %} - (docs) - {% endif %} - {% if container.GetUiSecret() != '' %} - (password: {{ container.GetUiSecret() }}) - {% endif %} - - {% else %} - - {{ container.GetDisplayName() }} (Stopped) - {% if container.GetDocumentation() != '' %} - (docs) - {% endif %} - {% if container.GetUiSecret() != '' %} - (password: {{ container.GetUiSecret() }}) - {% endif %} - - {% endif %} -
    • + {% include 'components/container-state.twig' with {'c': container} only %} {% endif %} {% endfor %} From bf4636e8d636da72be047d7cd888e420512f78af Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Mar 2025 05:07:02 +0000 Subject: [PATCH 0109/1064] build(deps): bump clamav/clamav in /Containers/clamav Bumps clamav/clamav from 1.4.2-28 to 1.4.2-29. --- updated-dependencies: - dependency-name: clamav/clamav dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 19ac5176..22227b71 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.2-28 +FROM clamav/clamav:1.4.2-29 COPY clamav.conf /clamav.conf COPY --chmod=775 start.script /start.script From a7861f2dca405e6787fcdbab24789ee4b90dd663 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Mar 2025 04:16:08 +0000 Subject: [PATCH 0110/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.12.4.1 to 24.04.13.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index e9ca4d01..c4d76b3b 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker -FROM collabora/code:24.04.12.4.1 +FROM collabora/code:24.04.13.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 4893a0dfc1c70c1ddea33d08086228df03ea9324 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Mar 2025 04:59:57 +0000 Subject: [PATCH 0111/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.17.2 to 8.17.3. --- updated-dependencies: - dependency-name: elasticsearch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 96da0281..8cdaef6a 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.17.2 +FROM elasticsearch:8.17.3 USER root From 0a4eac4d4b68947b9347bd21694f4e0d27eba892 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Mar 2025 05:00:04 +0000 Subject: [PATCH 0112/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.24.0-alpine3.21 to 1.24.1-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index dfa97d11..9d2fd11d 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.0-alpine3.21 AS go +FROM golang:1.24.1-alpine3.21 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From c2ac5c64d61f282662fe81b97f52091c1305fce2 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 5 Mar 2025 11:21:32 +0100 Subject: [PATCH 0113/1064] helm-chart: add docs that ingress is not built-in Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md index 061a7073..edf6c779 100755 --- a/nextcloud-aio-helm-chart/readme.md +++ b/nextcloud-aio-helm-chart/readme.md @@ -3,6 +3,9 @@ > [!NOTE] > For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/). +> [!IMPORTANT] +> This Helm-Chart is not intended to be used with Ingress as it handles TLS itself via the built-in apache container and exposes a Loadbalancer port itself on the Cluster. See the [apache service](https://github.com/nextcloud/all-in-one/blob/main/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml). However if the Cluster is used behind NAT, you can adjust `APACHE_PORT` to a different one than 443 and do the TLS offloading on an external Reverse Proxy that forwards the traffic to the configured port via http. If you really need the Ingress feature, please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/) as we offer an enterprise-ready and scalable deployment method based on Helm Charts that also allows Ingress to be used. + You can run the containers that are build for AIO with Kubernetes using this Helm chart. This comes with a few downsides, that are discussed below. ### Advantages From 88127f607b1f90315e63316240f4a2ecf453a003 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 5 Mar 2025 12:03:06 +0000 Subject: [PATCH 0114/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 8bd74ba9..6d56b219 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -557,16 +557,16 @@ }, { "name": "php-di/php-di", - "version": "7.0.8", + "version": "7.0.9", "source": { "type": "git", "url": "https://github.com/PHP-DI/PHP-DI.git", - "reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a" + "reference": "d8480267f5cf239650debba704f3ecd15b638cde" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/98ddc81f8f768a2ad39e4cbe737285eaeabe577a", - "reference": "98ddc81f8f768a2ad39e4cbe737285eaeabe577a", + "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/d8480267f5cf239650debba704f3ecd15b638cde", + "reference": "d8480267f5cf239650debba704f3ecd15b638cde", "shasum": "" }, "require": { @@ -583,7 +583,7 @@ "friendsofphp/proxy-manager-lts": "^1", "mnapoli/phpunit-easymock": "^1.3", "phpunit/phpunit": "^9.6", - "vimeo/psalm": "^4.6" + "vimeo/psalm": "^5|^6" }, "suggest": { "friendsofphp/proxy-manager-lts": "Install it if you want to use lazy injection (version ^1)" @@ -614,7 +614,7 @@ ], "support": { "issues": "https://github.com/PHP-DI/PHP-DI/issues", - "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.8" + "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.9" }, "funding": [ { @@ -626,7 +626,7 @@ "type": "tidelift" } ], - "time": "2025-01-28T21:02:46+00:00" + "time": "2025-02-28T12:46:35+00:00" }, { "name": "php-di/slim-bridge", From f55ef08c7333b97e713a6ed775aa9a325fccdafa Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 5 Mar 2025 12:04:12 +0000 Subject: [PATCH 0115/1064] talk-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 2b3045b6..5058d449 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.3 AS janus -ARG JANUS_VERSION=v1.3.0 +ARG JANUS_VERSION=v1.3.1 WORKDIR /src RUN set -ex; \ apk add --no-cache \ From a03622ce0a5ccc542532c7cc33d350d73fea0db5 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 6 Mar 2025 09:37:11 +0000 Subject: [PATCH 0116/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 2 +- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 2 +- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 2 +- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 2 +- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 2 +- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index a66038f9..a1bdc687 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.6.1 +version: 10.7.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index df7a6f0b..8c67e748 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: nextcloud/aio-apache:20250225_125724 + image: nextcloud/aio-apache:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index ef33fcce..8ed76d31 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-clamav:20250225_125724 + image: nextcloud/aio-clamav:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 64e1347a..08140b21 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: nextcloud/aio-collabora:20250225_125724 + image: nextcloud/aio-collabora:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 7ff15db8..b96ddbb1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-postgresql:20250225_125724 + image: nextcloud/aio-postgresql:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 8a7f661b..3df053ec 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: nextcloud/aio-fulltextsearch:20250225_125724 + image: nextcloud/aio-fulltextsearch:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 0ba476bf..ed389199 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-imaginary:20250225_125724 + image: nextcloud/aio-imaginary:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index d07960e3..d2bd1318 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -180,7 +180,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: nextcloud/aio-nextcloud:20250225_125724 + image: nextcloud/aio-nextcloud:20250306_093458 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 2121d95c..baab420b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-notify-push:20250225_125724 + image: nextcloud/aio-notify-push:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 7ef6cc79..c04fd568 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-onlyoffice:20250225_125724 + image: nextcloud/aio-onlyoffice:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 72346b86..e7a757fb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-redis:20250225_125724 + image: nextcloud/aio-redis:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index ac514adc..e379d8f2 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk:20250225_125724 + image: nextcloud/aio-talk:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index b34b3f71..920cae8c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk-recording:20250225_125724 + image: nextcloud/aio-talk-recording:20250306_093458 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 49f0e836..c6b25598 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-whiteboard:20250225_125724 + image: nextcloud/aio-whiteboard:20250306_093458 readinessProbe: exec: command: From 0615fe22504ae47178d49ee9f20a684551cbf40e Mon Sep 17 00:00:00 2001 From: Richard Steinmetz Date: Thu, 6 Mar 2025 12:40:10 +0100 Subject: [PATCH 0117/1064] fix: handle custom database users in the notify_push container Signed-off-by: Richard Steinmetz --- Containers/notify-push/start.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index eda094d1..d93be21c 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -60,8 +60,13 @@ elif [ "$DATABASE_TYPE" != postgres ] && [ "$DATABASE_TYPE" != mysql ]; then exit 1 fi +# Use the correct Postgres username +if [ "$POSTGRES_USER" = nextcloud ]; then + POSTGRES_USER="oc_$POSTGRES_USER" +fi + # Set sensitive values as env -export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" +export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX" # Run it From 30b9a05263d44eac0bdc0310df5cfe392447237f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 6 Mar 2025 14:00:17 +0100 Subject: [PATCH 0118/1064] adjust detail Signed-off-by: Simon L. --- Containers/notify-push/start.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index d93be21c..e1bbf974 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -63,6 +63,7 @@ fi # Use the correct Postgres username if [ "$POSTGRES_USER" = nextcloud ]; then POSTGRES_USER="oc_$POSTGRES_USER" + export POSTGRES_USER fi # Set sensitive values as env From 06b31c5680d1204e4c6c142deb21e84fee3e27bb Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 6 Mar 2025 15:54:53 +0100 Subject: [PATCH 0119/1064] Update php/templates/components/container-state.twig Co-authored-by: Simon L. Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- php/templates/components/container-state.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig index cdf70016..a79db31e 100644 --- a/php/templates/components/container-state.twig +++ b/php/templates/components/container-state.twig @@ -16,7 +16,7 @@ {% if c.GetUiSecret() != '' %}
    - Show password + Show password for {{ c.GetDisplayName() }}

    {{ c.GetUiSecret() }}

    {% endif %} From e6bf224a9a38c704c1136f470d220cc51c0ca468 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 6 Mar 2025 16:00:39 +0100 Subject: [PATCH 0120/1064] Fix request Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- php/templates/components/container-state.twig | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig index a79db31e..8bc8c559 100644 --- a/php/templates/components/container-state.twig +++ b/php/templates/components/container-state.twig @@ -1,15 +1,19 @@ {# @var c \App\Containers\Container #}
  • - {% if c.GetStartingState().value == 'starting' %} - - {% elseif c.GetRunningState().value == 'running' %} - - {% else %} - - {% endif %} - {{ c.GetDisplayName() }} - (Stopped) + {% if c.GetRunningState().value == 'running' %} + + {{ c.GetDisplayName() }} + (Running) + {% elseif c.GetStartingState().value == 'starting' %} + + {{ c.GetDisplayName() }} + (Starting) + {% else %} + + {{ c.GetDisplayName() }} + (Stopped) + {% endif %} {% if c.GetDocumentation() != '' %} (docs) {% endif %} @@ -17,7 +21,7 @@ {% if c.GetUiSecret() != '' %}
    Show password for {{ c.GetDisplayName() }} -

    {{ c.GetUiSecret() }}

    +
    {% endif %}
    • \ No newline at end of file From 9e95d966569b8b2b3e9c2d4db28e2fb900fbb56c Mon Sep 17 00:00:00 2001 From: Zoey Date: Thu, 6 Mar 2025 16:00:53 +0100 Subject: [PATCH 0121/1064] Merge pull request #6094 from nextcloud/clamav-alpine-aarch64 clamav: build the container also for aarch64/arm64 by using the alpine package --- Containers/clamav/Dockerfile | 37 +++++++++---------- Containers/clamav/clamav.conf | 5 --- Containers/clamav/healthcheck.sh | 9 +++++ Containers/clamav/start.script | 4 -- Containers/clamav/start.sh | 5 +++ Containers/clamav/supervisord.conf | 21 +++++++++++ Containers/whiteboard/Dockerfile | 3 +- manual-install/readme.md | 6 +-- manual-install/update-yaml.sh | 2 +- php/containers.json | 11 +++--- php/public/index.php | 1 - php/src/Data/ConfigurationManager.php | 8 +--- .../includes/optional-containers.twig | 6 +-- readme.md | 2 +- 14 files changed, 69 insertions(+), 51 deletions(-) delete mode 100644 Containers/clamav/clamav.conf create mode 100644 Containers/clamav/healthcheck.sh delete mode 100644 Containers/clamav/start.script create mode 100644 Containers/clamav/start.sh create mode 100644 Containers/clamav/supervisord.conf diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 22227b71..9f86f5f9 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,28 +1,25 @@ # syntax=docker/dockerfile:latest -# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile -FROM clamav/clamav:1.4.2-29 - -COPY clamav.conf /clamav.conf -COPY --chmod=775 start.script /start.script +FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache tzdata bash; \ - mkdir -p /var/run/clamav /run/lock; \ - chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \ - chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp; \ - sed -i "/^set -eu/r /start.script" /init-unprivileged; \ - rm /start.script; \ - grep -q 'clamd --foreground &' /init-unprivileged; \ - sed -i "s|clamd --foreground \&|clamd --foreground --config-file /tmp/clamd.conf \&|" /init-unprivileged; \ - cat /init-unprivileged + apk add --no-cache tzdata clamav supervisord; \ + mkdir /run/clamav; \ + chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \ + sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \ + freshclam --foreground --stdout -VOLUME /var/lib/clamav +COPY --chmod=775 start.sh /start.sh +COPY --chmod=775 healthcheck.sh /healthcheck.sh +COPY --chmod=664 supervisord.conf /supervisord.conf USER 100 - +VOLUME /var/lib/clamav +ENTRYPOINT ["/start.sh"] +CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] LABEL com.centurylinklabs.watchtower.enable="false" - -HEALTHCHECK --start-period=60s --retries=9 CMD clamdcheck.sh - -ENTRYPOINT ["/init-unprivileged"] +HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh diff --git a/Containers/clamav/clamav.conf b/Containers/clamav/clamav.conf deleted file mode 100644 index b32636ba..00000000 --- a/Containers/clamav/clamav.conf +++ /dev/null @@ -1,5 +0,0 @@ -# AIO settings -MaxDirectoryRecursion 30 -MaxFileSize 16G -PCREMaxFileSize 16G -StreamMaxLength 16G diff --git a/Containers/clamav/healthcheck.sh b/Containers/clamav/healthcheck.sh new file mode 100644 index 00000000..cef67500 --- /dev/null +++ b/Containers/clamav/healthcheck.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env sh + +if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then + echo "ERROR: Unable to contact server" + exit 1 +fi + +echo "Clamd is up" +exit 0 diff --git a/Containers/clamav/start.script b/Containers/clamav/start.script deleted file mode 100644 index da228462..00000000 --- a/Containers/clamav/start.script +++ /dev/null @@ -1,4 +0,0 @@ -# Adjust settings -cat /etc/clamav/clamd.conf > /tmp/clamd.conf -CLAMAV_FILE="$(sed "s|16G|$MAX_SIZE|" /clamav.conf)" -echo "$CLAMAV_FILE" >> /tmp/clamd.conf diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh new file mode 100644 index 00000000..fb7c8bd8 --- /dev/null +++ b/Containers/clamav/start.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env sh + +sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf + +exec "$@" diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf new file mode 100644 index 00000000..a5475bce --- /dev/null +++ b/Containers/clamav/supervisord.conf @@ -0,0 +1,21 @@ +[supervisord] +nodaemon=true +nodaemon=true +logfile=/var/log/supervisord/supervisord.log +pidfile=/var/run/supervisord/supervisord.pid +childlogdir=/var/log/supervisord/ +logfile_maxbytes=50MB +logfile_backups=10 +loglevel=error + +[program:freshclam] +stdout_logfile=NONE +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=freshclam --foreground --stdout --daemon + +[program:clamd] +stdout_logfile=NONE +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=clamd --foreground --config-file=/tmp/clamd.conf diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 1000ecbb..c208a403 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -5,7 +5,8 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.5 USER root RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache bash + apk add --no-cache bash; \ + chmod 777 -R /tmp USER 65534 COPY --chmod=775 start.sh /start.sh diff --git a/manual-install/readme.md b/manual-install/readme.md index 9bf34c9c..874a5b4b 100644 --- a/manual-install/readme.md +++ b/manual-install/readme.md @@ -24,7 +24,7 @@ First, install docker and docker-compose (v2) if not already done. Then simply r git clone https://github.com/nextcloud/all-in-one.git cd all-in-one/manual-install ``` -Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).
    +Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.
    ⚠️ **Warning**: Do not use the symbols `@` and `:` in your passwords. These symbols are used to build database connection strings. You will experience issues when using these symbols! Also please note that values inside the latest.yaml that are not exposed as variables are not officially supported to be changed. See for example [this report](https://github.com/nextcloud/all-in-one/issues/5612). Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`. @@ -32,9 +32,9 @@ Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml Now you should be ready to go with `sudo docker compose up`. ## Docker profiles -The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64). +The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, talk, whiteboard, talk-recording, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. -For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. (Note: there is no clamav image for arm64). +For a complete all-in-one with collabora use `sudo docker compose --profile collabora --profile talk --profile talk-recording --profile clamav --profile imaginary --profile fulltextsearch --profile whiteboard up`. ## How to update? Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers. diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index dc5e13f1..70d14b4e 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -75,7 +75,7 @@ do done sed -i 's|_ENABLED=|_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf -sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: arm64 has no clamav support|' sample.conf +sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no" # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" # You can change this in order to enable other dictionaries for collabora|' sample.conf diff --git a/php/containers.json b/php/containers.json index cc60249a..4f218af2 100644 --- a/php/containers.json +++ b/php/containers.json @@ -642,7 +642,7 @@ "init": false, "healthcheck": { "start_period": "60s", - "test": "clamdcheck.sh", + "test": "/healthcheck.sh", "interval": "30s", "timeout": "30s", "start_interval": "5s", @@ -654,8 +654,7 @@ "internal_port": "3310", "environment": [ "TZ=%TIMEZONE%", - "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%", - "CLAMD_STARTUP_TIMEOUT=90" + "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%" ], "volumes": [ { @@ -670,9 +669,11 @@ ], "read_only": true, "tmpfs": [ - "/var/lock", + "/tmp", "/var/log/clamav", - "/tmp" + "/run/clamav", + "/var/log/supervisord", + "/var/run/supervisord" ], "cap_drop": [ "NET_RAW" diff --git a/php/public/index.php b/php/public/index.php index 5e5c1896..a3ee8f7d 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -102,7 +102,6 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'last_backup_time' => $configurationManager->GetLastBackupTime(), 'backup_times' => $configurationManager->GetBackupTimes(), 'current_channel' => $dockerActionManger->GetCurrentChannel(), - 'is_x64_platform' => $configurationManager->isx64Platform(), 'is_clamav_enabled' => $configurationManager->isClamavEnabled(), 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(), 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 60a95761..7c7039af 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -132,7 +132,7 @@ class ConfigurationManager } } - public function isx64Platform() : bool { + private function isx64Platform() : bool { if (php_uname('m') === 'x86_64') { return true; } else { @@ -140,11 +140,7 @@ class ConfigurationManager } } - public function isClamavEnabled() : bool { - if (!$this->isx64Platform()) { - return false; - } - + public function isClamavEnabled() : bool { $config = $this->GetConfig(); if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) { return true; diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 5b00a769..16fef91f 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -21,7 +21,7 @@ data-initial-state="false" {% endif %} > - +

    Minimal system requirements: When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV, Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see this documentation

    -{% if isAnyRunning == true or is_x64_platform == false %} - -{% endif %} {% if isAnyRunning == true %} + diff --git a/readme.md b/readme.md index b10a262d..0eb92033 100644 --- a/readme.md +++ b/readme.md @@ -351,7 +351,7 @@ If you get an error during the domain validation which states that your ip-addre ### Which CPU architectures are supported? You can check this on Linux by running: `uname -m` - x86_64/x64/amd64 -- aarch64/arm64/armv8 (Note: ClamAV is currently not supported on this CPU architecture) +- aarch64/arm64/armv8 ### Disrecommended VPS providers - *Older* Strato VPS using Virtuozzo caused problems though ones from Q3 2023 and later should work. From 945f1341fd3df195e42d9aed378689ae7ccfde16 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 6 Mar 2025 16:14:46 +0100 Subject: [PATCH 0122/1064] increase to 10.8.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 96687dac..1bbfc001 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.7.0

    +

    Nextcloud AIO v10.8.0

    {# Add 2nd tab warning #} From 0b027648974bc48bcc7d89571b816d1dafb816e7 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 6 Mar 2025 16:17:56 +0100 Subject: [PATCH 0123/1064] fix supervisor package name Signed-off-by: Simon L. --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 9f86f5f9..33bc538f 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache tzdata clamav supervisord; \ + apk add --no-cache tzdata clamav supervisor; \ mkdir /run/clamav; \ chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \ sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \ From 405fc57bf45df60aa2c319727ffc451692bd2f52 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 6 Mar 2025 16:20:11 +0100 Subject: [PATCH 0124/1064] fix another detail Signed-off-by: Simon L. --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 33bc538f..672bd7ce 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -4,7 +4,7 @@ FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache tzdata clamav supervisor; \ - mkdir /run/clamav; \ + mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \ chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \ sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \ From fe310624ed00cd1ea6c419105a06833ff381eb0d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 6 Mar 2025 16:50:57 +0100 Subject: [PATCH 0125/1064] Revert "build(deps): bump collabora/code from 24.04.12.4.1 to 24.04.13.1.1 in /Containers/collabora" --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index c4d76b3b..e9ca4d01 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker -FROM collabora/code:24.04.13.1.1 +FROM collabora/code:24.04.12.4.1 USER root ARG DEBIAN_FRONTEND=noninteractive From a661b488c3ab7a4598ff7a7a67881b5229982796 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 6 Mar 2025 16:58:25 +0100 Subject: [PATCH 0126/1064] clamav: adjust a few more things Signed-off-by: Simon L. --- Containers/clamav/Dockerfile | 2 +- Containers/clamav/healthcheck.sh | 2 +- Containers/clamav/start.sh | 4 +++- Containers/clamav/supervisord.conf | 6 ++++-- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 672bd7ce..e79d452d 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache tzdata clamav supervisor; \ + apk add --no-cache tzdata clamav supervisor bash; \ mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \ chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \ sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \ diff --git a/Containers/clamav/healthcheck.sh b/Containers/clamav/healthcheck.sh index cef67500..fe8b5daa 100644 --- a/Containers/clamav/healthcheck.sh +++ b/Containers/clamav/healthcheck.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/bash if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then echo "ERROR: Unable to contact server" diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh index fb7c8bd8..fa10d0e5 100644 --- a/Containers/clamav/start.sh +++ b/Containers/clamav/start.sh @@ -1,5 +1,7 @@ -#!/usr/bin/env sh +#!/bin/bash sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf +echo "Clamav started" + exec "$@" diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf index a5475bce..8f5c81a1 100644 --- a/Containers/clamav/supervisord.conf +++ b/Containers/clamav/supervisord.conf @@ -9,13 +9,15 @@ logfile_backups=10 loglevel=error [program:freshclam] -stdout_logfile=NONE +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 command=freshclam --foreground --stdout --daemon [program:clamd] -stdout_logfile=NONE +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 command=clamd --foreground --config-file=/tmp/clamd.conf From 8d1a4653a076b33a0b511096e57076ae356f663a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 6 Mar 2025 17:35:44 +0100 Subject: [PATCH 0127/1064] container-state-template: change order to old logic as it is not interchangabel Signed-off-by: Simon L. --- php/templates/components/container-state.twig | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig index 8bc8c559..4cf5dd4e 100644 --- a/php/templates/components/container-state.twig +++ b/php/templates/components/container-state.twig @@ -1,14 +1,14 @@ {# @var c \App\Containers\Container #}
  • - {% if c.GetRunningState().value == 'running' %} - - {{ c.GetDisplayName() }} - (Running) - {% elseif c.GetStartingState().value == 'starting' %} + {% if c.GetStartingState().value == 'starting' %} {{ c.GetDisplayName() }} (Starting) + {% elseif c.GetRunningState().value == 'running' %} + + {{ c.GetDisplayName() }} + (Running) {% else %} {{ c.GetDisplayName() }} From 113cd76c6a330f9cf45a1d25c1bb9c7d75efcba1 Mon Sep 17 00:00:00 2001 From: Zoey Date: Sat, 8 Mar 2025 18:28:07 +0100 Subject: [PATCH 0128/1064] add workarround to NPMplus reverse proxy example to fix collabora #6104 Signed-off-by: Zoey --- reverse-proxy.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 52f917a2..4d47f283 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -478,7 +478,9 @@ Second, see these screenshots for a working config: ![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630) -![grafik](https://github.com/user-attachments/assets/a26c53fd-6cc8-4a6b-a86f-c2f94b70088f) + + +![grafik](https://github.com/user-attachments/assets/8cd25455-51fa-4e47-8af1-362bda8bb902) ![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893) From 47df5053c8dc7c176b73d00155593f329cfade3b Mon Sep 17 00:00:00 2001 From: Zoey Date: Sat, 8 Mar 2025 18:30:29 +0100 Subject: [PATCH 0129/1064] Update reverse-proxy.md Signed-off-by: Zoey --- reverse-proxy.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 4d47f283..a2b00abd 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -478,14 +478,16 @@ Second, see these screenshots for a working config: ![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630) - +![grafik](https://github.com/user-attachments/assets/f14bba5c-69ce-4514-a2ac-5e5d7fb97792) -![grafik](https://github.com/user-attachments/assets/8cd25455-51fa-4e47-8af1-362bda8bb902) + ![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893) ![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041) +`proxy_set_header Accept-Encoding $http_accept_encoding;` + ⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus.
    ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. From be0a738e8ce2569eefe99c8482ff478f2409dff6 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 12 Mar 2025 17:27:28 +0100 Subject: [PATCH 0130/1064] community-containers: add smb-server Signed-off-by: Simon L. --- community-containers/smbserver/readme.md | 15 +++++ community-containers/smbserver/smbserver.json | 60 +++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 community-containers/smbserver/readme.md create mode 100644 community-containers/smbserver/smbserver.json diff --git a/community-containers/smbserver/readme.md b/community-containers/smbserver/readme.md new file mode 100644 index 00000000..d3380415 --- /dev/null +++ b/community-containers/smbserver/readme.md @@ -0,0 +1,15 @@ +## SMB-server +This container bundles an SMB-server and allows to configure it via a graphical shell script. + +### Notes +- This container should only be run in home networks +- This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3 +- After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in bash /smbserver.sh and you will see a graphical UI for configuring the smb-server interactively. +- The config data of SMB-server will be automatically included in AIOs backup solution! +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack + +### Repository +https://github.com/szaimen/aio-smbserver/ + +### Maintainer +https://github.com/szaimen diff --git a/community-containers/smbserver/smbserver.json b/community-containers/smbserver/smbserver.json new file mode 100644 index 00000000..c6269134 --- /dev/null +++ b/community-containers/smbserver/smbserver.json @@ -0,0 +1,60 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-smbserver", + "display_name": "SMB-server", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/smbserver", + "image": "szaimen/aio-smbserver", + "image_tag": "v1", + "internal_port": "5803", + "restart": "unless-stopped", + "ports": [ + { + "ip_binding": "", + "port_number": "5803", + "protocol": "tcp" + }, + { + "ip_binding": "", + "port_number": "445", + "protocol": "tcp" + }, + { + "ip_binding": "", + "port_number": "139", + "protocol": "tcp" + } + ], + "volumes": [ + { + "source": "nextcloud_aio_smbserver", + "destination": "/smbserver", + "writeable": true + }, + { + "source": "%NEXTCLOUD_DATADIR%", + "destination": "/mnt/ncdata", + "writeable": true + }, + { + "source": "%NEXTCLOUD_MOUNT%", + "destination": "/mnt", + "writeable": true + } + ], + "environment": [ + "TZ=%TIMEZONE%", + "WEB_AUTHENTICATION_USERNAME=smbserver", + "WEB_AUTHENTICATION_PASSWORD=%SMBSERVER_PASSWORD%", + "WEB_LISTENING_PORT=5803" + ], + "secrets": [ + "SMBSERVER_PASSWORD" + ], + "ui_secret": "SMBSERVER_PASSWORD", + "backup_volumes": [ + "nextcloud_aio_smbserver" + ] + } + ] +} From a6246f954496db44ef62e452d87fa701dcaad2a1 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 12 Mar 2025 19:12:45 +0100 Subject: [PATCH 0131/1064] Improve small detail Signed-off-by: Simon L. --- community-containers/smbserver/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/smbserver/readme.md b/community-containers/smbserver/readme.md index d3380415..9886f4b2 100644 --- a/community-containers/smbserver/readme.md +++ b/community-containers/smbserver/readme.md @@ -4,7 +4,7 @@ This container bundles an SMB-server and allows to configure it via a graphical ### Notes - This container should only be run in home networks - This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3 -- After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in bash /smbserver.sh and you will see a graphical UI for configuring the smb-server interactively. +- After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in `bash /smbserver.sh` and you will see a graphical UI for configuring the smb-server interactively. - The config data of SMB-server will be automatically included in AIOs backup solution! - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack From e97d4b0a3e42ce4c1f37a711cb1de70b61c1dd47 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 13 Mar 2025 12:55:18 +0100 Subject: [PATCH 0132/1064] Add support for ghcr.io (#6134) Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Signed-off-by: Simon L. Co-authored-by: Simon L. --- .../helloworld/helloworld.json | 12 ++ community-containers/helloworld/readme.md | 8 + php/containers-schema.json | 2 +- php/src/DependencyInjection.php | 9 +- php/src/Docker/DockerActionManager.php | 193 +++++++++--------- .../Docker/GitHubContainerRegistryManager.php | 62 ++++++ 6 files changed, 183 insertions(+), 103 deletions(-) create mode 100644 community-containers/helloworld/helloworld.json create mode 100644 community-containers/helloworld/readme.md create mode 100644 php/src/Docker/GitHubContainerRegistryManager.php diff --git a/community-containers/helloworld/helloworld.json b/community-containers/helloworld/helloworld.json new file mode 100644 index 00000000..fed10008 --- /dev/null +++ b/community-containers/helloworld/helloworld.json @@ -0,0 +1,12 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-helloworld", + "display_name": "Hello world", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/helloworld", + "image": "ghcr.io/docjyj/aio-helloworld", + "image_tag": "%AIO_CHANNEL%", + "restart": "unless-stopped" + } + ] +} diff --git a/community-containers/helloworld/readme.md b/community-containers/helloworld/readme.md new file mode 100644 index 00000000..83c557ac --- /dev/null +++ b/community-containers/helloworld/readme.md @@ -0,0 +1,8 @@ +## Hello World +This container is a template for creating a community container. + +### Repository +https://github.com/docjyj/aio-helloworld + +### Maintainer +https://github.com/docjyj diff --git a/php/containers-schema.json b/php/containers-schema.json index 7a675e60..46782a33 100644 --- a/php/containers-schema.json +++ b/php/containers-schema.json @@ -15,7 +15,7 @@ "image": { "type": "string", "minLength": 1, - "pattern": "^[a-z0-9/-]+$" + "pattern": "^(ghcr.io/)?[a-z0-9/-]+$" }, "expose": { "type": "array", diff --git a/php/src/DependencyInjection.php b/php/src/DependencyInjection.php index e37a0917..1fedada8 100644 --- a/php/src/DependencyInjection.php +++ b/php/src/DependencyInjection.php @@ -4,6 +4,7 @@ namespace AIO; use AIO\Docker\DockerHubManager; use DI\Container; +use AIO\Docker\GitHubContainerRegistryManager; class DependencyInjection { @@ -15,6 +16,11 @@ class DependencyInjection new DockerHubManager() ); + $container->set( + GitHubContainerRegistryManager::class, + new GitHubContainerRegistryManager() + ); + $container->set( \AIO\Data\ConfigurationManager::class, new \AIO\Data\ConfigurationManager() @@ -24,7 +30,8 @@ class DependencyInjection new \AIO\Docker\DockerActionManager( $container->get(\AIO\Data\ConfigurationManager::class), $container->get(\AIO\ContainerDefinitionFetcher::class), - $container->get(DockerHubManager::class) + $container->get(DockerHubManager::class), + $container->get(GitHubContainerRegistryManager::class) ) ); $container->set( diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 48903d54..643b0f0e 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -3,12 +3,12 @@ namespace AIO\Docker; use AIO\Container\Container; -use AIO\Container\VersionState; use AIO\Container\ContainerState; +use AIO\Container\VersionState; +use AIO\ContainerDefinitionFetcher; use AIO\Data\ConfigurationManager; use GuzzleHttp\Client; use GuzzleHttp\Exception\RequestException; -use AIO\ContainerDefinitionFetcher; use http\Env\Response; readonly class DockerActionManager { @@ -16,18 +16,19 @@ readonly class DockerActionManager { private Client $guzzleClient; public function __construct( - private ConfigurationManager $configurationManager, - private ContainerDefinitionFetcher $containerDefinitionFetcher, - private DockerHubManager $dockerHubManager + private ConfigurationManager $configurationManager, + private ContainerDefinitionFetcher $containerDefinitionFetcher, + private DockerHubManager $dockerHubManager, + private GitHubContainerRegistryManager $gitHubContainerRegistryManager ) { $this->guzzleClient = new Client(['curl' => [CURLOPT_UNIX_SOCKET_PATH => '/var/run/docker.sock']]); } - private function BuildApiUrl(string $url) : string { + private function BuildApiUrl(string $url): string { return sprintf('http://127.0.0.1/%s/%s', self::API_VERSION, $url); } - private function BuildImageName(Container $container) : string { + private function BuildImageName(Container $container): string { $tag = $container->GetImageTag(); if ($tag === '%AIO_CHANNEL%') { $tag = $this->GetCurrentChannel(); @@ -35,8 +36,7 @@ readonly class DockerActionManager { return $container->GetContainerName() . ':' . $tag; } - public function GetContainerRunningState(Container $container) : ContainerState - { + public function GetContainerRunningState(Container $container): ContainerState { $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier()))); try { $response = $this->guzzleClient->get($url); @@ -56,8 +56,7 @@ readonly class DockerActionManager { } } - public function GetContainerRestartingState(Container $container) : ContainerState - { + public function GetContainerRestartingState(Container $container): ContainerState { $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier()))); try { $response = $this->guzzleClient->get($url); @@ -77,8 +76,7 @@ readonly class DockerActionManager { } } - public function GetContainerUpdateState(Container $container) : VersionState - { + public function GetContainerUpdateState(Container $container): VersionState { $tag = $container->GetImageTag(); if ($tag === '%AIO_CHANNEL%') { $tag = $this->GetCurrentChannel(); @@ -88,12 +86,12 @@ readonly class DockerActionManager { if ($runningDigests === null) { return VersionState::Different; } - $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag); + $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag); if ($remoteDigest === null) { return VersionState::Equal; } - foreach($runningDigests as $runningDigest) { + foreach ($runningDigests as $runningDigest) { if ($runningDigest === $remoteDigest) { return VersionState::Equal; } @@ -101,8 +99,7 @@ readonly class DockerActionManager { return VersionState::Different; } - public function GetContainerStartingState(Container $container) : ContainerState - { + public function GetContainerStartingState(Container $container): ContainerState { $runningState = $this->GetContainerRunningState($container); if ($runningState === ContainerState::Stopped || $runningState === ContainerState::ImageDoesNotExist) { return $runningState; @@ -110,9 +107,9 @@ readonly class DockerActionManager { $containerName = $container->GetIdentifier(); $internalPort = $container->GetInternalPort(); - if($internalPort === '%APACHE_PORT%') { + if ($internalPort === '%APACHE_PORT%') { $internalPort = $this->configurationManager->GetApachePort(); - } elseif($internalPort === '%TALK_PORT%') { + } elseif ($internalPort === '%TALK_PORT%') { $internalPort = $this->configurationManager->GetTalkPort(); } @@ -129,7 +126,7 @@ readonly class DockerActionManager { } } - public function DeleteContainer(Container $container) : void { + public function DeleteContainer(Container $container): void { $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->GetIdentifier()))); try { $this->guzzleClient->delete($url); @@ -140,8 +137,7 @@ readonly class DockerActionManager { } } - public function GetLogs(string $id) : string - { + public function GetLogs(string $id): string { $url = $this->BuildApiUrl( sprintf( 'containers/%s/logs?stdout=true&stderr=true×tamps=true', @@ -162,7 +158,7 @@ readonly class DockerActionManager { return $response; } - public function StartContainer(Container $container) : void { + public function StartContainer(Container $container): void { $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->GetIdentifier()))); try { $this->guzzleClient->post($url); @@ -171,10 +167,9 @@ readonly class DockerActionManager { } } - public function CreateVolumes(Container $container): void - { + public function CreateVolumes(Container $container): void { $url = $this->BuildApiUrl('volumes/create'); - foreach($container->GetVolumes()->GetVolumes() as $volume) { + foreach ($container->GetVolumes()->GetVolumes() as $volume) { $forbiddenChars = [ '/', ]; @@ -184,7 +179,7 @@ readonly class DockerActionManager { } $firstChar = substr($volume->name, 0, 1); - if(!in_array($firstChar, $forbiddenChars)) { + if (!in_array($firstChar, $forbiddenChars)) { $this->guzzleClient->request( 'POST', $url, @@ -198,7 +193,7 @@ readonly class DockerActionManager { } } - public function CreateContainer(Container $container) : void { + public function CreateContainer(Container $container): void { $volumes = []; foreach ($container->GetVolumes()->GetVolumes() as $volume) { // // NEXTCLOUD_MOUNT gets added via bind-mount later on @@ -226,12 +221,12 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Binds'] = $volumes; } - foreach($container->GetSecrets() as $secret) { + foreach ($container->GetSecrets() as $secret) { $this->configurationManager->GetAndGenerateSecret($secret); } $aioVariables = $container->GetAioVariables()->GetVariables(); - foreach($aioVariables as $variable) { + foreach ($aioVariables as $variable) { $config = $this->configurationManager->GetConfig(); $variableArray = explode('=', $variable); $config[$variableArray[0]] = $variableArray[1]; @@ -244,7 +239,7 @@ readonly class DockerActionManager { if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') { $envs[] = $this->GetAllNextcloudExecCommands(); } - foreach($envs as $key => $env) { + foreach ($envs as $key => $env) { // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs if (str_starts_with($env, 'extra_params=')) { $env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env); @@ -256,12 +251,12 @@ readonly class DockerActionManager { // Original implementation $patterns = ['/%(.*)%/']; - if(preg_match($patterns[0], $env, $out) === 1) { + if (preg_match($patterns[0], $env, $out) === 1) { $replacements = array(); - if($out[1] === 'NC_DOMAIN') { + if ($out[1] === 'NC_DOMAIN') { $replacements[1] = $this->configurationManager->GetDomain(); - } elseif($out[1] === 'NC_BASE_DN') { + } elseif ($out[1] === 'NC_BASE_DN') { $replacements[1] = $this->configurationManager->GetBaseDN(); } elseif ($out[1] === 'AIO_TOKEN') { $replacements[1] = $this->configurationManager->GetToken(); @@ -391,10 +386,10 @@ readonly class DockerActionManager { } else { $replacements[1] = ''; } - // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) + // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) } elseif ($out[1] === 'AIO_DATABASE_HOST') { $replacements[1] = gethostbyname('nextcloud-aio-database'); - // Allow to get local ip-address of caddy container and add it to trusted proxies automatically + // Allow to get local ip-address of caddy container and add it to trusted proxies automatically } elseif ($out[1] === 'CADDY_IP_ADDRESS') { $replacements[1] = ''; $communityContainers = $this->configurationManager->GetEnabledCommunityContainers(); @@ -419,7 +414,7 @@ readonly class DockerActionManager { } } - if(count($envs) > 0) { + if (count($envs) > 0) { $requestBody['Env'] = $envs; } @@ -429,7 +424,7 @@ readonly class DockerActionManager { $exposedPorts = []; if ($container->GetInternalPort() !== 'host') { - foreach($container->GetPorts()->GetPorts() as $value) { + foreach ($container->GetPorts()->GetPorts() as $value) { $port = $value->port; $protocol = $value->protocol; if ($port === '%APACHE_PORT%') { @@ -449,7 +444,7 @@ readonly class DockerActionManager { $requestBody['HostConfig']['NetworkMode'] = 'host'; } - if(count($exposedPorts) > 0) { + if (count($exposedPorts) > 0) { $requestBody['ExposedPorts'] = $exposedPorts; foreach ($container->GetPorts()->GetPorts() as $value) { $port = $value->port; @@ -474,16 +469,16 @@ readonly class DockerActionManager { $portWithProtocol = $port . '/' . $protocol; $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [ [ - 'HostPort' => $port, - 'HostIp' => $ipBinding, + 'HostPort' => $port, + 'HostIp' => $ipBinding, ] ]; } } $devices = []; - foreach($container->GetDevices() as $device) { - if ($device === '/dev/dri' && ! $this->configurationManager->isDriDeviceEnabled()) { + foreach ($container->GetDevices() as $device) { + if ($device === '/dev/dri' && !$this->configurationManager->isDriDeviceEnabled()) { continue; } $devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"]; @@ -510,7 +505,7 @@ readonly class DockerActionManager { } $tmpfs = []; - foreach($container->GetTmpfs() as $tmp) { + foreach ($container->GetTmpfs() as $tmp) { $mode = ""; if (str_contains($tmp, ':')) { $mode = explode(':', $tmp)[1]; @@ -519,7 +514,7 @@ readonly class DockerActionManager { $tmpfs[$tmp] = $mode; } if (count($tmpfs) > 0) { - $requestBody['HostConfig']['Tmpfs'] = $tmpfs; + $requestBody['HostConfig']['Tmpfs'] = $tmpfs; } $requestBody['HostConfig']['Init'] = $container->GetInit(); @@ -563,22 +558,22 @@ readonly class DockerActionManager { } } } - // Special things for the talk container which should not be exposed in the containers.json + // Special things for the talk container which should not be exposed in the containers.json } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') { // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]]; - // // Special things for the nextcloud container which should not be exposed in the containers.json - // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') { - // foreach ($container->GetVolumes()->GetVolumes() as $volume) { - // if ($volume->name !== $this->configurationManager->GetNextcloudMount()) { - // continue; - // } - // $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]]; - // } - // Special things for the caddy community container + // // Special things for the nextcloud container which should not be exposed in the containers.json + // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') { + // foreach ($container->GetVolumes()->GetVolumes() as $volume) { + // if ($volume->name !== $this->configurationManager->GetNextcloudMount()) { + // continue; + // } + // $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]]; + // } + // Special things for the caddy community container } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') { $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway']; - // Special things for the collabora container which should not be exposed in the containers.json + // Special things for the collabora container which should not be exposed in the containers.json } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') { if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') { $requestBody['Cmd'] = [$this->configurationManager->GetAdditionalCollaboraOptions()]; @@ -604,13 +599,13 @@ readonly class DockerActionManager { } - public function isDockerHubReachable(Container $container) : bool { + public function isDockerHubReachable(Container $container): bool { $tag = $container->GetImageTag(); if ($tag === '%AIO_CHANNEL%') { $tag = $this->GetCurrentChannel(); } - $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag); + $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag); if ($remoteDigest === null) { return false; @@ -619,8 +614,7 @@ readonly class DockerActionManager { } } - public function PullImage(Container $container) : void - { + public function PullImage(Container $container): void { $imageName = $this->BuildImageName($container); $encodedImageName = urlencode($imageName); $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName)); @@ -643,8 +637,7 @@ readonly class DockerActionManager { } } - private function isContainerUpdateAvailable(string $id) : string - { + private function isContainerUpdateAvailable(string $id): string { $container = $this->containerDefinitionFetcher->GetContainerById($id); $updateAvailable = ""; @@ -657,7 +650,7 @@ readonly class DockerActionManager { return $updateAvailable; } - public function isAnyUpdateAvailable() : bool { + public function isAnyUpdateAvailable(): bool { // return early if instance is not installed if (!$this->configurationManager->wasStartButtonClicked()) { return false; @@ -671,8 +664,7 @@ readonly class DockerActionManager { } } - private function getBackupVolumes(string $id) : string - { + private function getBackupVolumes(string $id): string { $container = $this->containerDefinitionFetcher->GetContainerById($id); $backupVolumes = ''; @@ -685,14 +677,13 @@ readonly class DockerActionManager { return $backupVolumes; } - private function getAllBackupVolumes() : array { + private function getAllBackupVolumes(): array { $id = 'nextcloud-aio-apache'; $backupVolumesArray = explode(' ', $this->getBackupVolumes($id)); return array_unique($backupVolumesArray); } - private function GetNextcloudExecCommands(string $id) : string - { + private function GetNextcloudExecCommands(string $id): string { $container = $this->containerDefinitionFetcher->GetContainerById($id); $nextcloudExecCommands = ''; @@ -705,13 +696,12 @@ readonly class DockerActionManager { return $nextcloudExecCommands; } - private function GetAllNextcloudExecCommands() : string - { + private function GetAllNextcloudExecCommands(): string { $id = 'nextcloud-aio-apache'; return 'NEXTCLOUD_EXEC_COMMANDS=' . $this->GetNextcloudExecCommands($id); } - private function GetRepoDigestsOfContainer(string $containerName) : ?array { + private function GetRepoDigestsOfContainer(string $containerName): ?array { try { $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName)); $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true); @@ -732,7 +722,7 @@ readonly class DockerActionManager { $repoDigestArray = []; $oneDigestGiven = false; - foreach($imageOutput['RepoDigests'] as $repoDigest) { + foreach ($imageOutput['RepoDigests'] as $repoDigest) { $digestPosition = strpos($repoDigest, '@'); if ($digestPosition === false) { error_log('Somehow the RepoDigest of ' . $containerName . ' does not contain a @.'); @@ -752,10 +742,10 @@ readonly class DockerActionManager { } } - public function GetCurrentChannel() : string { + public function GetCurrentChannel(): string { $cacheKey = 'aio-ChannelName'; $channelName = apcu_fetch($cacheKey); - if($channelName !== false && is_string($channelName)) { + if ($channelName !== false && is_string($channelName)) { return $channelName; } @@ -765,7 +755,7 @@ readonly class DockerActionManager { $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true); $containerChecksum = $output['Image']; $tagArray = explode(':', $output['Config']['Image']); - if (count($tagArray) === 2) { + if (count($tagArray) === 2) { $tag = $tagArray[1]; } else { error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'."); @@ -780,8 +770,7 @@ readonly class DockerActionManager { return 'latest'; } - public function IsMastercontainerUpdateAvailable() : bool - { + public function IsMastercontainerUpdateAvailable(): bool { $imageName = 'nextcloud/all-in-one'; $containerName = 'nextcloud-aio-mastercontainer'; @@ -791,7 +780,7 @@ readonly class DockerActionManager { if ($runningDigests === null) { return true; } - $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag); + $remoteDigest = $this->GetLatestDigestOfTag($imageName, $tag); if ($remoteDigest === null) { return false; } @@ -804,8 +793,7 @@ readonly class DockerActionManager { return true; } - public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh') : void - { + public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh'): void { if ($this->GetContainerStartingState($container) === ContainerState::Running) { $containerName = $container->GetIdentifier(); @@ -849,8 +837,7 @@ readonly class DockerActionManager { } } - private function DisconnectContainerFromBridgeNetwork(string $id) : void - { + private function DisconnectContainerFromBridgeNetwork(string $id): void { $url = $this->BuildApiUrl( sprintf('networks/%s/disconnect', 'bridge') @@ -870,8 +857,7 @@ readonly class DockerActionManager { } } - private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio', bool $createNetwork = true, string $alias = '') : void - { + private function ConnectContainerIdToNetwork(string $id, string $internalPort, string $network = 'nextcloud-aio', bool $createNetwork = true, string $alias = ''): void { if ($internalPort === 'host') { return; } @@ -902,9 +888,9 @@ readonly class DockerActionManager { $url = $this->BuildApiUrl( sprintf('networks/%s/connect', $network) ); - $jsonPayload = [ 'Container' => $id ]; - if ($alias !== '' ) { - $jsonPayload['EndpointConfig'] = ['Aliases' => [ $alias ]]; + $jsonPayload = ['Container' => $id]; + if ($alias !== '') { + $jsonPayload['EndpointConfig'] = ['Aliases' => [$alias]]; } try { @@ -923,15 +909,13 @@ readonly class DockerActionManager { } } - public function ConnectMasterContainerToNetwork() : void - { + public function ConnectMasterContainerToNetwork(): void { $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', ''); // Don't disconnect here since it slows down the initial login by a lot. Is getting done during cron.sh instead. // $this->DisconnectContainerFromBridgeNetwork('nextcloud-aio-mastercontainer'); } - public function ConnectContainerToNetwork(Container $container) : void - { + public function ConnectContainerToNetwork(Container $container): void { // Add a secondary alias for domaincheck container, to keep it as similar to actual apache controller as possible. // If a reverse-proxy is relying on container name as hostname this allows it to operate as usual and still validate the domain // The domaincheck container and apache container are never supposed to be active at the same time because they use the same APACHE_PORT anyway, so this doesn't add any new constraints. @@ -947,7 +931,7 @@ readonly class DockerActionManager { } } - public function StopContainer(Container $container) : void { + public function StopContainer(Container $container): void { $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $container->GetMaxShutdownTime())); try { $this->guzzleClient->post($url); @@ -958,8 +942,7 @@ readonly class DockerActionManager { } } - public function GetBackupcontainerExitCode() : int - { + public function GetBackupcontainerExitCode(): int { $containerName = 'nextcloud-aio-borgbackup'; $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName))); try { @@ -981,8 +964,7 @@ readonly class DockerActionManager { } } - public function GetDatabasecontainerExitCode() : int - { + public function GetDatabasecontainerExitCode(): int { $containerName = 'nextcloud-aio-database'; $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName))); try { @@ -1004,7 +986,7 @@ readonly class DockerActionManager { } } - public function isLoginAllowed() : bool { + public function isLoginAllowed(): bool { $id = 'nextcloud-aio-apache'; $apacheContainer = $this->containerDefinitionFetcher->GetContainerById($id); if ($this->GetContainerStartingState($apacheContainer) === ContainerState::Running) { @@ -1013,7 +995,7 @@ readonly class DockerActionManager { return true; } - public function isBackupContainerRunning() : bool { + public function isBackupContainerRunning(): bool { $id = 'nextcloud-aio-borgbackup'; $backupContainer = $this->containerDefinitionFetcher->GetContainerById($id); if ($this->GetContainerRunningState($backupContainer) === ContainerState::Running) { @@ -1022,7 +1004,7 @@ readonly class DockerActionManager { return false; } - private function GetCreatedTimeOfNextcloudImage() : ?string { + private function GetCreatedTimeOfNextcloudImage(): ?string { $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel(); try { $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName)); @@ -1039,11 +1021,11 @@ readonly class DockerActionManager { } } - public function GetAndGenerateSecretWrapper(string $secretId) : string { + public function GetAndGenerateSecretWrapper(string $secretId): string { return $this->configurationManager->GetAndGenerateSecret($secretId); } - public function isNextcloudImageOutdated() : bool { + public function isNextcloudImageOutdated(): bool { $createdTime = $this->GetCreatedTimeOfNextcloudImage(); if ($createdTime === null) { @@ -1057,4 +1039,13 @@ readonly class DockerActionManager { return false; } + + public function GetLatestDigestOfTag(string $imageName, string $tag): ?string { + $prefix = 'ghcr.io/'; + if (str_starts_with($imageName, $prefix)) { + return $this->gitHubContainerRegistryManager->GetLatestDigestOfTag(str_replace($prefix, '', $imageName), $tag); + } else { + return $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag); + } + } } diff --git a/php/src/Docker/GitHubContainerRegistryManager.php b/php/src/Docker/GitHubContainerRegistryManager.php new file mode 100644 index 00000000..d885ae09 --- /dev/null +++ b/php/src/Docker/GitHubContainerRegistryManager.php @@ -0,0 +1,62 @@ +guzzleClient = new Client(); + } + + public function GetLatestDigestOfTag(string $name, string $tag): ?string + { + $cacheKey = 'ghcr-manifest-' . $name . $tag; + + $cachedVersion = apcu_fetch($cacheKey); + if ($cachedVersion !== false && is_string($cachedVersion)) { + return $cachedVersion; + } + + // If one of the links below should ever become outdated, we can still upgrade the mastercontainer via the webinterface manually by opening '/api/docker/getwatchtower' + + try { + $authTokenRequest = $this->guzzleClient->request( + 'GET', + 'https://ghcr.io/token?scope=repository:' . $name . ':pull' + ); + $body = $authTokenRequest->getBody()->getContents(); + $decodedBody = json_decode($body, true); + if (isset($decodedBody['token'])) { + $authToken = $decodedBody['token']; + $manifestRequest = $this->guzzleClient->request( + 'HEAD', + 'https://ghcr.io/v2/' . $name . '/manifests/' . $tag, + [ + 'headers' => [ + 'Accept' => 'application/vnd.oci.image.index.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.docker.distribution.manifest.v2+json', + 'Authorization' => 'Bearer ' . $authToken, + ], + ] + ); + $responseHeaders = $manifestRequest->getHeader('docker-content-digest'); + if (count($responseHeaders) === 1) { + $latestVersion = $responseHeaders[0]; + apcu_add($cacheKey, $latestVersion, 600); + return $latestVersion; + } + } + + error_log('Could not get digest of container ' . $name . ':' . $tag); + return null; + } catch (\Exception $e) { + error_log('Could not get digest of container ' . $name . ':' . $tag . ' ' . $e->getMessage()); + return null; + } + } +} From 016dde1e47751cba0b823d6ec6fcfbf9371f5986 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 13 Mar 2025 13:02:19 +0100 Subject: [PATCH 0133/1064] Update docjyJ's community container images (#6157) Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/nocodb/nocodb.json | 4 ++-- community-containers/nocodb/readme.md | 2 +- community-containers/stalwart/stalwart.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/community-containers/nocodb/nocodb.json b/community-containers/nocodb/nocodb.json index a5d56e13..7ef4cc5c 100644 --- a/community-containers/nocodb/nocodb.json +++ b/community-containers/nocodb/nocodb.json @@ -4,8 +4,8 @@ "container_name": "nextcloud-aio-nocodb", "display_name": "NocoDB", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb", - "image": "docjyj/aio-nocodb", - "image_tag": "%AIO_CHANNEL%", + "image": "nocodb/nocodb", + "image_tag": "latest", "internal_port": "10028", "restart": "unless-stopped", "ports": [ diff --git a/community-containers/nocodb/readme.md b/community-containers/nocodb/readme.md index 748c8585..4c1281b5 100644 --- a/community-containers/nocodb/readme.md +++ b/community-containers/nocodb/readme.md @@ -22,7 +22,7 @@ This is an alternative of **Airtable**. - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository -https://github.com/docjyJ/aio-nocodb +https://github.com/nocodb/nocodb ### Maintainer https://github.com/docjyJ diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json index 7858327c..1a5ffd41 100644 --- a/community-containers/stalwart/stalwart.json +++ b/community-containers/stalwart/stalwart.json @@ -4,7 +4,7 @@ "container_name": "nextcloud-aio-stalwart", "display_name": "Stalwart", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart", - "image": "docjyj/aio-stalwart", + "image": "ghcr.io/docjyj/aio-stalwart", "image_tag": "%AIO_CHANNEL%", "internal_port": "10003", "restart": "unless-stopped", From af4700d86321cfaecafcf9c202f3df30a96cc697 Mon Sep 17 00:00:00 2001 From: Zoey Date: Thu, 13 Mar 2025 15:38:04 +0100 Subject: [PATCH 0134/1064] pull npmplus from ghcr Signed-off-by: Zoey --- community-containers/npmplus/npmplus.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/npmplus/npmplus.json b/community-containers/npmplus/npmplus.json index 24f1c381..4b666c03 100644 --- a/community-containers/npmplus/npmplus.json +++ b/community-containers/npmplus/npmplus.json @@ -4,7 +4,7 @@ "container_name": "nextcloud-aio-npmplus", "display_name": "NPMplus", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus", - "image": "zoeyvid/npmplus", + "image": "ghcr.io/zoeyvid/npmplus", "image_tag": "latest", "internal_port": "host", "restart": "unless-stopped", From 4b644d2fe7ab4e4b3902867a1801f4e4a3ff725a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 13 Mar 2025 17:02:19 +0100 Subject: [PATCH 0135/1064] update Nextcloud to 30.0.7 Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 9af52cd8..1c74e213 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=30.0.6 +ENV NEXTCLOUD_VERSION=30.0.7 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 36dc60e9d212c4b33409c5c78cec03403a4e677f Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 13 Mar 2025 17:45:35 +0100 Subject: [PATCH 0136/1064] Update stalwart.json Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/stalwart/stalwart.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json index 1a5ffd41..e2061688 100644 --- a/community-containers/stalwart/stalwart.json +++ b/community-containers/stalwart/stalwart.json @@ -5,7 +5,7 @@ "display_name": "Stalwart", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart", "image": "ghcr.io/docjyj/aio-stalwart", - "image_tag": "%AIO_CHANNEL%", + "image_tag": "v3", "internal_port": "10003", "restart": "unless-stopped", "ports": [ From 5004a46e2a251d738f57a80ef435f8efeedecc65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 04:43:29 +0000 Subject: [PATCH 0137/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.12.4.1 to 24.04.13.2.1. --- updated-dependencies: - dependency-name: collabora/code dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index e9ca4d01..d9c487a4 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker -FROM collabora/code:24.04.12.4.1 +FROM collabora/code:24.04.13.2.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 8fe6821038fb1a2a53111d54524be4956cc2d7b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 04:43:55 +0000 Subject: [PATCH 0138/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.3.17-fpm-alpine3.21 to 8.3.19-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 6379ba85..dca0a070 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:28.0.1-cli AS docker FROM caddy:2.9.1-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile -FROM php:8.3.17-fpm-alpine3.21 +FROM php:8.3.19-fpm-alpine3.21 EXPOSE 80 EXPOSE 8080 From fbb71586e8a7f6c2359dba0e7305b5290d4d22bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 04:44:11 +0000 Subject: [PATCH 0139/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.17-fpm-alpine3.21 to 8.3.19-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 1c74e213..0f86cde2 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.17-fpm-alpine3.21 +FROM php:8.3.19-fpm-alpine3.21 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From d164eea1ee84e57842c5a1c2dcd717ff43bb4df7 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sun, 16 Mar 2025 14:05:12 +0100 Subject: [PATCH 0140/1064] nextcloud-entrypoint: output error message if touch failed Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index c97a56f9..e8992086 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -33,7 +33,7 @@ while ! nc -z "$REDIS_HOST" "6379"; do done # Check permissions in ncdata -touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null +touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then echo "The www-data user doesn't seem to have access rights in the datadir. Most likely are the files located on a drive that does not follow linux permissions. From 63d9343972cba7974f07dc15455e27a9b687aaea Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 17 Mar 2025 11:15:23 +0100 Subject: [PATCH 0141/1064] update Github Actions to use commit hashes for 3rd party actions instead of version tags Signed-off-by: Simon L. --- .github/workflows/codespell.yml | 2 +- .github/workflows/dependency-updates.yml | 4 ++-- .github/workflows/helm-release.yml | 6 +++--- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/lint-helm.yml | 2 +- .github/workflows/lock-threads.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 4 ++-- .github/workflows/shellcheck.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- 14 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index eeaeb427..51548e24 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -14,7 +14,7 @@ jobs: - name: Check out code uses: actions/checkout@v4 - name: Check spelling - uses: codespell-project/actions-codespell@v2 + uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2 with: check_filenames: true check_hidden: true diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index b131ab58..189ea516 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v4 - - uses: shivammathur/setup-php@v2 + - uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 with: php-version: 8.3 extensions: apcu @@ -44,7 +44,7 @@ jobs: )" sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 with: commit-message: php dependency updates signoff: true diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index baacd7de..28946230 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v4 - name: Turnstyle - uses: softprops/turnstyle@v2 + uses: softprops/turnstyle@25dcee5c3fcb84375f3a3f93a3c97ed0d42cfcdc # v2 with: continue-after-seconds: 180 env: @@ -32,7 +32,7 @@ jobs: # See https://github.com/helm/chart-releaser-action/issues/6 - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4 with: version: v3.6.3 @@ -41,7 +41,7 @@ jobs: helm lint ./nextcloud-aio-helm-chart - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.7.0 + uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 with: mark_as_latest: false charts_dir: . diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index 85c64a6e..707a4d7d 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -22,7 +22,7 @@ jobs: sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 with: commit-message: imaginary-update automated change signoff: true diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml index 41779d5c..476c1925 100644 --- a/.github/workflows/lint-helm.yml +++ b/.github/workflows/lint-helm.yml @@ -16,7 +16,7 @@ jobs: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4 with: version: v3.11.1 diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml index e4e2cc32..be8273d5 100644 --- a/.github/workflows/lock-threads.yml +++ b/.github/workflows/lock-threads.yml @@ -14,7 +14,7 @@ jobs: action: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v5 + - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5 with: issue-inactive-days: '14' process-only: 'issues' diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index e4750c2a..914a4435 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -85,7 +85,7 @@ jobs: fi - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 with: commit-message: nextcloud-update automated change signoff: true diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index aed16094..dd8b0a02 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index f4bf7198..2b42c4ff 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 with: php-version: 8.3 extensions: apcu @@ -30,7 +30,7 @@ jobs: continue-on-error: true - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: Update psalm baseline diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 697b1807..d474d95f 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -17,7 +17,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Run Shellcheck - uses: ludeeus/action-shellcheck@2.0.0 + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 with: check_together: 'yes' env: diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index 674d6db8..1b541dd4 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -45,7 +45,7 @@ jobs: sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 with: commit-message: talk-update automated change signoff: true diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 4544f993..59c5d4f1 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 43b37c8f..3065c4a9 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -20,7 +20,7 @@ jobs: sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG" fi - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 with: commit-message: Helm Chart updates signoff: true diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index 93a560fc..dca81879 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -16,7 +16,7 @@ jobs: run: | sudo bash manual-install/update-yaml.sh - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 with: commit-message: Yaml updates signoff: true From 1b6524b904485f52d376966813b66cfac08def01 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 17 Mar 2025 13:06:18 +0100 Subject: [PATCH 0142/1064] Update dependabot.yml Signed-off-by: Simon L. --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8afcc4e4..38d4ad6d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,7 @@ version: 2 updates: - package-ecosystem: "github-actions" - directory: "/" + directory: ".github/workflows" schedule: interval: "daily" time: "12:00" From ccc64878772646d40914afac0b77df11ad5ddab9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Mar 2025 12:09:48 +0000 Subject: [PATCH 0143/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.30.0 to 2.32.0. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/a4e22b60bbb9c1021113f2860347b0759f66fe5d...9e72090525849c5e82e596468b86eb55e9cc5401) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 189ea516..017828d6 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v4 - - uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 + - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 69db96dd..9f17d7fa 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 + uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index dd8b0a02..50e57bc3 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 + uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 2b42c4ff..9e77421c 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 + uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index e4775674..a4a5cfdf 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php - uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 + uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 59c5d4f1..7f0d3671 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2 + uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 with: php-version: 8.3 extensions: apcu From c525f802d5860dfa940a964420b0af861af3885e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 18 Mar 2025 22:34:50 +0100 Subject: [PATCH 0144/1064] Update Bug_report.md Signed-off-by: Simon L. --- .github/ISSUE_TEMPLATE/Bug_report.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md index c4d25e6d..66681d2e 100644 --- a/.github/ISSUE_TEMPLATE/Bug_report.md +++ b/.github/ISSUE_TEMPLATE/Bug_report.md @@ -5,8 +5,10 @@ labels: 0. Needs triage --- From 38a11c462426dab7f24f4a1ed0347f66d6495a03 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 18 Mar 2025 22:39:17 +0100 Subject: [PATCH 0145/1064] Update config.yml Signed-off-by: Simon L. --- .github/ISSUE_TEMPLATE/config.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index e50507ae..af96f3c6 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,5 +1,7 @@ blank_issues_enabled: false contact_links: + - name: 📘 Documentation on Nextcloud AIO + url: https://github.com/nextcloud/all-in-one#faq - name: ⛑️ General questions and support url: https://help.nextcloud.com/tag/aio about: For general questions, support and help @@ -11,4 +13,4 @@ contact_links: about: For questions specifically about AIO - name: 💼 Nextcloud Enterprise url: https://portal.nextcloud.com/ - about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly \ No newline at end of file + about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly From 7062b6aa9007d884628989af0935064b5a8a21ab Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 18 Mar 2025 23:44:03 +0100 Subject: [PATCH 0146/1064] add about info to documentation about aio section Signed-off-by: Simon L. --- .github/ISSUE_TEMPLATE/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index af96f3c6..bbeee846 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -2,6 +2,7 @@ blank_issues_enabled: false contact_links: - name: 📘 Documentation on Nextcloud AIO url: https://github.com/nextcloud/all-in-one#faq + about: Please read the docs first before submitting any report or request! - name: ⛑️ General questions and support url: https://help.nextcloud.com/tag/aio about: For general questions, support and help From f90631125e0ad0dec7f9e836319826b596d2a7da Mon Sep 17 00:00:00 2001 From: Richard Steinmetz Date: Wed, 19 Mar 2025 14:46:41 +0100 Subject: [PATCH 0147/1064] test: prepare for e2e tests Signed-off-by: Richard Steinmetz --- php/src/Data/ConfigurationManager.php | 2 +- php/templates/containers.twig | 6 +++--- php/templates/setup.twig | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 7c7039af..e2291a76 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -900,7 +900,7 @@ class ConfigurationManager } public function shouldDomainValidationBeSkipped() : bool { - if (getenv('SKIP_DOMAIN_VALIDATION') !== false) { + if (getenv('SKIP_DOMAIN_VALIDATION') === 'true') { return true; } return false; diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 1bbfc001..92cfbde8 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -106,7 +106,7 @@

    Please note: The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!

    {% endif %}
    - + @@ -195,9 +195,9 @@ if stored remotely; and the encryption password of the backup archive below:

    -
    +

    -
    +
    diff --git a/php/templates/setup.twig b/php/templates/setup.twig index ac8063a2..f1d4d1dc 100644 --- a/php/templates/setup.twig +++ b/php/templates/setup.twig @@ -10,7 +10,7 @@

    All-in-One setup

    The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.

    ⚠️ Please note down the passphrase to access the AIO interface and don't lose it!

    - Passphrase
    {{ password }}
    + Passphrase
    {{ password }}
    Open Nextcloud AIO login ↗
    • {% endblock %} From 80ae73663351a084f822d3ca5ee43e96212e412a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Mar 2025 04:31:25 +0000 Subject: [PATCH 0148/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.10.26-scratch to 2.11.0-scratch. --- updated-dependencies: - dependency-name: nats dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 5058d449..915b4789 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.10.26-scratch AS nats +FROM nats:2.11.0-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.3 AS janus From 38254f76ab8671b2348dce35479849896a69f409 Mon Sep 17 00:00:00 2001 From: Richard Steinmetz Date: Thu, 20 Mar 2025 10:52:38 +0100 Subject: [PATCH 0149/1064] test: add more ids for e2e tests Signed-off-by: Richard Steinmetz --- php/templates/containers.twig | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 92cfbde8..96623fc4 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -241,9 +241,9 @@

    Initial Nextcloud username: admin

    {% if hasBackupLocation %} {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #} -

    Initial Nextcloud password: {{ nextcloud_password }}

    +

    Initial Nextcloud password: {{ nextcloud_password }}

    {% else %} -

    Initial Nextcloud password: {{ nextcloud_password }}

    +

    Initial Nextcloud password: {{ nextcloud_password }}

    {% endif %}

    Open your Nextcloud ↗

    {% if not hasBackupLocation %} @@ -370,7 +370,7 @@ remote borg repo url.

    -
    +

    @@ -408,7 +408,7 @@ To try again, click Create backup.

    {% endif %} - +

    You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on Create Backup to test the new value.


    @@ -433,7 +433,7 @@ Click here to reveal all backup options (including an option for automatic updates) {% endif %}

    Backup information

    -

    This is your encryption password for backups: {{ borgbackup_password }}

    +

    This is your encryption password for backups: {{ borgbackup_password }}

    Please save this password in a safe place. You won't be able to restore from backup if you lose this password!

    All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.

    The backup uses a tool called BorgBackup, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.

    From a4aa1baf54b710a923c25048ac000e1d779223f0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 10:54:34 +0100 Subject: [PATCH 0150/1064] update OO Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index 321cf5b4..ef21bb22 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:8.3.1.1 +FROM onlyoffice/documentserver:8.3.2.1 # USER root is probably used From e37611a75929fff6545dc8877de9d62e33d497b7 Mon Sep 17 00:00:00 2001 From: Richard Steinmetz Date: Wed, 19 Mar 2025 12:54:34 +0100 Subject: [PATCH 0151/1064] test: add e2e tests via playwright Signed-off-by: Richard Steinmetz --- .github/workflows/playwright.yml | 77 +++++++++++++++++++ php/tests/.gitignore | 7 ++ php/tests/package-lock.json | 97 ++++++++++++++++++++++++ php/tests/package.json | 8 ++ php/tests/playwright.config.js | 29 +++++++ php/tests/tests/initial-setup.spec.js | 95 +++++++++++++++++++++++ php/tests/tests/restore-instance.spec.js | 79 +++++++++++++++++++ 7 files changed, 392 insertions(+) create mode 100644 .github/workflows/playwright.yml create mode 100644 php/tests/.gitignore create mode 100644 php/tests/package-lock.json create mode 100644 php/tests/package.json create mode 100644 php/tests/playwright.config.js create mode 100644 php/tests/tests/initial-setup.spec.js create mode 100644 php/tests/tests/restore-instance.spec.js diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml new file mode 100644 index 00000000..dfa6ad7e --- /dev/null +++ b/.github/workflows/playwright.yml @@ -0,0 +1,77 @@ +name: Playwright Tests + +on: + workflow_dispatch: + +env: + BASE_URL: https://localhost:8080 + +jobs: + test: + timeout-minutes: 60 + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-node@v4 + with: + node-version: lts/* + + - name: Install dependencies + run: cd php/tests && npm ci + + - name: Install Playwright Browsers + run: cd php/tests && npx playwright install --with-deps chromium + + - name: Start fresh development server + run: | + docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true + docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true + docker pull nextcloud/all-in-one:develop + docker run \ + -d \ + --init \ + --name nextcloud-aio-mastercontainer \ + --restart always \ + --publish 8080:8080 \ + --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ + --volume /var/run/docker.sock:/var/run/docker.sock:ro \ + --env SKIP_DOMAIN_VALIDATION=true \ + --env APACHE_PORT=11000 \ + nextcloud/all-in-one:develop + echo Waiting for 10 seconds for the development container to start ... + sleep 10 + + - name: Run Playwright tests for initial setup + run: cd php/tests && DEBUG=pw:api npx playwright test tests/initial-setup.spec.js + + - name: Start fresh development server + run: | + docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true + docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true + docker run \ + -d \ + --init \ + --name nextcloud-aio-mastercontainer \ + --restart always \ + --publish 8080:8080 \ + --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ + --volume /var/run/docker.sock:/var/run/docker.sock:ro \ + --env SKIP_DOMAIN_VALIDATION=false \ + --env APACHE_PORT=11000 \ + nextcloud/all-in-one:develop + echo Waiting for 10 seconds for the development container to start ... + sleep 10 + + - name: Run Playwright tests for backup restore + run: cd php/tests && DEBUG=pw:api npx playwright test tests/restore-instance.spec.js + + - uses: actions/upload-artifact@v4 + if: ${{ !cancelled() }} + with: + name: playwright-report + path: php/tests/playwright-report/ + retention-days: 14 + overwrite: true diff --git a/php/tests/.gitignore b/php/tests/.gitignore new file mode 100644 index 00000000..58786aac --- /dev/null +++ b/php/tests/.gitignore @@ -0,0 +1,7 @@ + +# Playwright +node_modules/ +/test-results/ +/playwright-report/ +/blob-report/ +/playwright/.cache/ diff --git a/php/tests/package-lock.json b/php/tests/package-lock.json new file mode 100644 index 00000000..ea2b4296 --- /dev/null +++ b/php/tests/package-lock.json @@ -0,0 +1,97 @@ +{ + "name": "e2e", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "e2e", + "version": "1.0.0", + "license": "ISC", + "devDependencies": { + "@playwright/test": "^1.51.1", + "@types/node": "^22.13.10" + } + }, + "node_modules/@playwright/test": { + "version": "1.51.1", + "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.51.1.tgz", + "integrity": "sha512-nM+kEaTSAoVlXmMPH10017vn3FSiFqr/bh4fKg9vmAdMfd9SDqRZNvPSiAHADc/itWak+qPvMPZQOPwCBW7k7Q==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "playwright": "1.51.1" + }, + "bin": { + "playwright": "cli.js" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@types/node": { + "version": "22.13.10", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.10.tgz", + "integrity": "sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==", + "dev": true, + "license": "MIT", + "dependencies": { + "undici-types": "~6.20.0" + } + }, + "node_modules/fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/playwright": { + "version": "1.51.1", + "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.1.tgz", + "integrity": "sha512-kkx+MB2KQRkyxjYPc3a0wLZZoDczmppyGJIvQ43l+aZihkaVvmu/21kiyaHeHjiFxjxNNFnUncKmcGIyOojsaw==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "playwright-core": "1.51.1" + }, + "bin": { + "playwright": "cli.js" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "fsevents": "2.3.2" + } + }, + "node_modules/playwright-core": { + "version": "1.51.1", + "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.1.tgz", + "integrity": "sha512-/crRMj8+j/Nq5s8QcvegseuyeZPxpQCZb6HNk3Sos3BlZyAknRjoyJPFWkpNn8v0+P3WiwqFF8P+zQo4eqiNuw==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "playwright-core": "cli.js" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/undici-types": { + "version": "6.20.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz", + "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==", + "dev": true, + "license": "MIT" + } + } +} diff --git a/php/tests/package.json b/php/tests/package.json new file mode 100644 index 00000000..ebfa99ec --- /dev/null +++ b/php/tests/package.json @@ -0,0 +1,8 @@ +{ + "name": "nextcloud-aio-mastercontainer-tests", + "version": "1.0.0", + "license": "AGPL-3.0-or-later", + "devDependencies": { + "@playwright/test": "^1.51.1" + } +} diff --git a/php/tests/playwright.config.js b/php/tests/playwright.config.js new file mode 100644 index 00000000..191a7f59 --- /dev/null +++ b/php/tests/playwright.config.js @@ -0,0 +1,29 @@ +import { defineConfig, devices } from '@playwright/test' + +/** + * @see https://playwright.dev/docs/test-configuration + */ +export default defineConfig({ + testDir: './tests', + fullyParallel: false, + forbidOnly: !!process.env.CI, + retries: 0, + workers: 1, + reporter: [ + ['list'], + ['html'], + ], + use: { + baseURL: process.env.BASE_URL ?? 'http://localhost:8080', + trace: 'on', + }, + projects: [ + { + name: 'chromium', + use: { + ...devices['Desktop Chrome'], + ignoreHTTPSErrors: true, + }, + }, + ], +}) diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js new file mode 100644 index 00000000..6e990767 --- /dev/null +++ b/php/tests/tests/initial-setup.spec.js @@ -0,0 +1,95 @@ +import { test, expect } from '@playwright/test'; +import { writeFileSync } from 'node:fs' + +test('Initial setup', async ({ page: setupPage }) => { + test.setTimeout(10 * 60 * 1000) + + // Extract initial password + await setupPage.goto('./setup'); + const password = await setupPage.locator('#initial-password').innerText() + const containersPagePromise = setupPage.waitForEvent('popup'); + await setupPage.getByRole('link', { name: 'Open Nextcloud AIO login ↗' }).click(); + const containersPage = await containersPagePromise; + + // Log in and wait for redirect + await containersPage.locator('#master-password').click(); + await containersPage.locator('#master-password').fill(password); + await containersPage.getByRole('button', { name: 'Log in' }).click(); + await containersPage.waitForURL('./containers'); + + // Reject IP addresses + await containersPage.locator('#domain').click(); + await containersPage.locator('#domain').fill('1.1.1.1'); + await containersPage.getByRole('button', { name: 'Submit domain' }).click(); + await expect(containersPage.locator('body')).toContainText('Please enter a domain and not an IP-address!'); + + // Accept example.com (requires disabled domain validation) + await containersPage.locator('#domain').click(); + await containersPage.locator('#domain').fill('example.com'); + await containersPage.getByRole('button', { name: 'Submit domain' }).click(); + + // Disable all additional containers + await containersPage.locator('#talk').uncheck(); + await containersPage.getByRole('checkbox', { name: 'Whiteboard' }).uncheck(); + await containersPage.getByRole('checkbox', { name: 'Imaginary' }).uncheck(); + await containersPage.getByRole('checkbox', { name: 'Collabora' }).uncheck(); + await containersPage.getByRole('button', { name: 'Save changes' }).click(); + await expect(containersPage.locator('#talk')).not.toBeChecked() + await expect(containersPage.getByRole('checkbox', { name: 'Whiteboard' })).not.toBeChecked() + await expect(containersPage.getByRole('checkbox', { name: 'Imaginary' })).not.toBeChecked() + await expect(containersPage.getByRole('checkbox', { name: 'Collabora' })).not.toBeChecked() + + // Reject invalid time zones + await containersPage.locator('#timezone').click(); + await containersPage.locator('#timezone').fill('Invalid time zone'); + containersPage.once('dialog', dialog => { + console.log(`Dialog message: ${dialog.message()}`) + dialog.accept() + }); + await containersPage.getByRole('button', { name: 'Submit timezone' }).click(); + await expect(containersPage.locator('body')).toContainText('The entered timezone does not seem to be a valid timezone!') + + // Accept valid time zone + await containersPage.locator('#timezone').click(); + await containersPage.locator('#timezone').fill('Europe/Berlin'); + containersPage.once('dialog', dialog => { + console.log(`Dialog message: ${dialog.message()}`) + dialog.accept() + }); + await containersPage.getByRole('button', { name: 'Submit timezone' }).click(); + + // Start containers and wait for starting message + await containersPage.getByRole('button', { name: 'Download and start containers' }).click(); + await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 5 * 60 * 1000 }); + await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toHaveAttribute('href', 'https://example.com'); + + // Extract initial nextcloud password + await expect(containersPage.getByRole('main')).toContainText('Initial Nextcloud password:') + const initialNextcloudPassword = await containersPage.locator('#initial-nextcloud-password').innerText(); + + // Set backup location and create backup + const borgBackupLocation = `/mnt/test/aio-${Math.floor(Math.random() * 2147483647)}` + await containersPage.locator('#borg_backup_host_location').click(); + await containersPage.locator('#borg_backup_host_location').fill(borgBackupLocation); + await containersPage.getByRole('button', { name: 'Submit backup location' }).click(); + containersPage.once('dialog', dialog => { + console.log(`Dialog message: ${dialog.message()}`) + dialog.accept() + }); + await containersPage.getByRole('button', { name: 'Create backup' }).click(); + await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 3 * 60 * 1000 }); + await expect(containersPage.getByRole('main')).toContainText('Last backup successful on', { timeout: 3 * 60 * 1000 }); + await containersPage.getByText('Click here to reveal all backup options').click(); + await expect(containersPage.locator('#borg-backup-password')).toBeVisible(); + const borgBackupPassword = await containersPage.locator('#borg-backup-password').innerText(); + + // Assert that all containers are stopped + await expect(containersPage.getByRole('button', { name: 'Start containers' })).toBeVisible(); + + // Save passwords for restore backup test + writeFileSync('test_data.json', JSON.stringify({ + initialNextcloudPassword, + borgBackupLocation, + borgBackupPassword, + })) +}); diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js new file mode 100644 index 00000000..fef4ec01 --- /dev/null +++ b/php/tests/tests/restore-instance.spec.js @@ -0,0 +1,79 @@ +import { test, expect } from '@playwright/test'; +import { readFileSync } from 'node:fs'; + +test('Restore instance', async ({ page: setupPage }) => { + test.setTimeout(10 * 60 * 1000) + + // Load passwords from previous test + const { + initialNextcloudPassword, + borgBackupLocation, + borgBackupPassword, + } = JSON.parse(readFileSync('test_data.json')) + + // Extract initial password + await setupPage.goto('./setup'); + const password = await setupPage.locator('#initial-password').innerText() + const containersPagePromise = setupPage.waitForEvent('popup'); + await setupPage.getByRole('link', { name: 'Open Nextcloud AIO login ↗' }).click(); + const containersPage = await containersPagePromise; + + // Log in and wait for redirect + await containersPage.locator('#master-password').click(); + await containersPage.locator('#master-password').fill(password); + await containersPage.getByRole('button', { name: 'Log in' }).click(); + await containersPage.waitForURL('./containers'); + + // Reject example.com (requires enabled domain validation) + await containersPage.locator('#domain').click(); + await containersPage.locator('#domain').fill('example.com'); + await containersPage.getByRole('button', { name: 'Submit domain' }).click(); + await expect(containersPage.locator('body')).toContainText('Domain does not point to this server or the reverse proxy is not configured correctly.'); + + // Reject invalid backup location + await containersPage.locator('#borg_restore_host_location').click(); + await containersPage.locator('#borg_restore_host_location').fill('/mnt/foobar'); + await containersPage.locator('#borg_restore_password').click(); + await containersPage.locator('#borg_restore_password').fill('foobar'); + await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click() + await containersPage.getByRole('button', { name: 'Test path and encryption' }).click(); + await expect(containersPage.getByRole('main')).toContainText('Last test failed!', { timeout: 60 * 1000 }); + + // Reject invalid backup password + await containersPage.locator('#borg_restore_host_location').click(); + await containersPage.locator('#borg_restore_host_location').fill('/mnt/backup'); + await containersPage.locator('#borg_restore_password').click(); + await containersPage.locator('#borg_restore_password').fill('foobar'); + await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click() + await containersPage.getByRole('button', { name: 'Test path and encryption' }).click(); + await expect(containersPage.getByRole('main')).toContainText('Last test failed!', { timeout: 60 * 1000 }); + + // Accept correct backup location and password + await containersPage.locator('#borg_restore_host_location').click(); + await containersPage.locator('#borg_restore_host_location').fill(borgBackupLocation); + await containersPage.locator('#borg_restore_password').click(); + await containersPage.locator('#borg_restore_password').fill(borgBackupPassword); + await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click() + await containersPage.getByRole('button', { name: 'Test path and encryption' }).click(); + + // Check integrity and restore backup + await containersPage.getByRole('button', { name: 'Check backup integrity' }).click(); + await expect(containersPage.getByRole('main')).toContainText('Last check successful!', { timeout: 5 * 60 * 1000 }); + await containersPage.getByRole('button', { name: 'Restore selected backup' }).click(); + await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:'); + + // Verify a successful backup restore + await expect(containersPage.getByRole('main')).toContainText('Last restore successful!', { timeout: 3 * 60 * 1000 }); + await expect(containersPage.getByRole('main')).toContainText('⚠️ Container updates are available. Click on Stop containers and Start and update containers to update them. You should consider creating a backup first.'); + containersPage.once('dialog', dialog => { + console.log(`Dialog message: ${dialog.message()}`) + dialog.accept() + }); + await containersPage.getByRole('button', { name: 'Start and update containers' }).click(); + await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 5 * 60 * 1000 }); + await expect(containersPage.getByRole('main')).toContainText(initialNextcloudPassword); + + // Verify that containers are all stopped + await containersPage.getByRole('button', { name: 'Stop containers' }).click(); + await expect(containersPage.getByRole('button', { name: 'Start containers' })).toBeVisible({ timeout: 60 * 1000 }); +}); \ No newline at end of file From c1b60f9a514dcce6f9e942979f4509e5a1f7aa9b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 12:12:57 +0100 Subject: [PATCH 0152/1064] Dockerfile: remove tests subfolder Signed-off-by: Simon L. --- Containers/mastercontainer/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index dca0a070..41fbae75 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -66,6 +66,7 @@ RUN set -ex; \ cd /var/www/docker-aio; \ git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \ find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \ + rm -r ./php/test; \ chown www-data:www-data -R /var/www/docker-aio; \ cd php; \ sudo -u www-data composer install --no-dev; \ From f876b23c0b057c37489c8783789854677422e239 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 12:23:33 +0100 Subject: [PATCH 0153/1064] develop.md: add note how to run E2EE tests Signed-off-by: Simon L. --- develop.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/develop.md b/develop.md index 08aa9e8a..133185a6 100644 --- a/develop.md +++ b/develop.md @@ -27,6 +27,8 @@ Before testing, make sure that at least the amd64 containers are built successfu There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details. +Additionally, there are now E2EE tests available that can be run via https://github.com/nextcloud/all-in-one/actions/workflows/playwright.yml + ## How to promote builds from develop to beta 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml, click on `Run workflow`. From 6d1f1c1aeb9d46919db697c4fb0d2c1fc8409a57 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 12:36:57 +0100 Subject: [PATCH 0154/1064] nextcloud: update to 30.0.8 Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 0f86cde2..f9332b35 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=30.0.7 +ENV NEXTCLOUD_VERSION=30.0.8 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From b1f2d6f6912ff3427eca4ddfed68f47c9fdd3173 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 12:42:03 +0100 Subject: [PATCH 0155/1064] increase to 10.9.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 96623fc4..b1f1901c 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.8.0

    +

    Nextcloud AIO v10.9.0

    {# Add 2nd tab warning #} From 8ddd123568e8df71e6184ae0d75bd530253ce3e7 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 12:45:05 +0100 Subject: [PATCH 0156/1064] fix removing tests from aio-interface Signed-off-by: Simon L. --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 41fbae75..40204b72 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -66,7 +66,7 @@ RUN set -ex; \ cd /var/www/docker-aio; \ git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \ find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \ - rm -r ./php/test; \ + rm -r ./php/tests; \ chown www-data:www-data -R /var/www/docker-aio; \ cd php; \ sudo -u www-data composer install --no-dev; \ From 7eabc593289cf2410bcbcf131bb138ee06139542 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 13:08:54 +0100 Subject: [PATCH 0157/1064] adjust some details to actually do what the test is intended to do Signed-off-by: Simon L. --- php/tests/tests/restore-instance.spec.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js index fef4ec01..189acd0e 100644 --- a/php/tests/tests/restore-instance.spec.js +++ b/php/tests/tests/restore-instance.spec.js @@ -32,16 +32,16 @@ test('Restore instance', async ({ page: setupPage }) => { // Reject invalid backup location await containersPage.locator('#borg_restore_host_location').click(); - await containersPage.locator('#borg_restore_host_location').fill('/mnt/foobar'); + await containersPage.locator('#borg_restore_host_location').fill('/mnt/test/aio-incorrect-path'); await containersPage.locator('#borg_restore_password').click(); - await containersPage.locator('#borg_restore_password').fill('foobar'); + await containersPage.locator('#borg_restore_password').fill(borgBackupPassword); await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click() await containersPage.getByRole('button', { name: 'Test path and encryption' }).click(); await expect(containersPage.getByRole('main')).toContainText('Last test failed!', { timeout: 60 * 1000 }); // Reject invalid backup password await containersPage.locator('#borg_restore_host_location').click(); - await containersPage.locator('#borg_restore_host_location').fill('/mnt/backup'); + await containersPage.locator('#borg_restore_host_location').fill(borgBackupLocation); await containersPage.locator('#borg_restore_password').click(); await containersPage.locator('#borg_restore_password').fill('foobar'); await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click() From 0ed524baba7449c38d6732d7dd502a0648f3d825 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 13:13:09 +0100 Subject: [PATCH 0158/1064] modify two details in initial-setup test Signed-off-by: Simon L. --- php/tests/tests/initial-setup.spec.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js index 6e990767..ca8bc077 100644 --- a/php/tests/tests/initial-setup.spec.js +++ b/php/tests/tests/initial-setup.spec.js @@ -60,7 +60,8 @@ test('Initial setup', async ({ page: setupPage }) => { // Start containers and wait for starting message await containersPage.getByRole('button', { name: 'Download and start containers' }).click(); - await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 5 * 60 * 1000 }); + await expect(containersPage.getByRole('main')).toContainText('Containers are currently starting.', { timeout: 3 * 60 * 1000 }); + await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 2 * 60 * 1000 }); await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toHaveAttribute('href', 'https://example.com'); // Extract initial nextcloud password From 6b9e68d55f6559a2a3f067d62e3983121dbbe968 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 13:19:49 +0100 Subject: [PATCH 0159/1064] fix typo Signed-off-by: Simon L. --- develop.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/develop.md b/develop.md index 133185a6..8bb21a2f 100644 --- a/develop.md +++ b/develop.md @@ -27,7 +27,7 @@ Before testing, make sure that at least the amd64 containers are built successfu There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details. -Additionally, there are now E2EE tests available that can be run via https://github.com/nextcloud/all-in-one/actions/workflows/playwright.yml +Additionally, there are now E2E tests available that can be run via https://github.com/nextcloud/all-in-one/actions/workflows/playwright.yml ## How to promote builds from develop to beta 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml From 91e99dcba9fa235b7dd7396b0c8d3aefc4a92add Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 17:30:49 +0100 Subject: [PATCH 0160/1064] Update develop.md Signed-off-by: Simon L. --- develop.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/develop.md b/develop.md index 8bb21a2f..a35a521c 100644 --- a/develop.md +++ b/develop.md @@ -19,6 +19,9 @@ It will now also select the developer channel for all other containers automatic ## How to publish new releases? Simply use https://github.com/nextcloud/all-in-one/issues/180 as template. +## How to update existing instances to a new major Nextcloud version? +Simply use https://github.com/nextcloud/all-in-one/issues/6198 as template. + ## How to build new containers Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`. From b9a04858ca1e8fcc4c7fd2783df9e9c80148ba82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 04:25:41 +0000 Subject: [PATCH 0161/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.1.5-alpine to 3.1.6-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 79bd22ac..a01a7485 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.1.5-alpine +FROM haproxy:3.1.6-alpine # hadolint ignore=DL3002 USER root From 9b8a9de56586408659daecf0dde1ad64abba61dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 04:26:03 +0000 Subject: [PATCH 0162/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.0.1-cli to 28.0.2-cli. --- updated-dependencies: - dependency-name: docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 40204b72..12e4aaa2 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.0.1-cli AS docker +FROM docker:28.0.2-cli AS docker # Caddy is a requirement FROM caddy:2.9.1-alpine AS caddy From 4c14fa9b131f019f57a4506ac118a78cdcee35b7 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 21 Mar 2025 10:06:41 +0100 Subject: [PATCH 0163/1064] nextcloud: adjust `default_socket_timeout` to `${PHP_MAX_TIME}` in order to make it configurable Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index f9332b35..4ee8d0e2 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -142,7 +142,7 @@ RUN set -ex; \ echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ echo 'max_execution_time=${PHP_MAX_TIME}'; \ echo 'max_input_time=${PHP_MAX_TIME}'; \ - echo 'default_socket_timeout=600'; \ + echo 'default_socket_timeout=${PHP_MAX_TIME}'; \ } > /usr/local/etc/php/conf.d/nextcloud.ini; \ \ { \ From 167c2dc38979a7ba8a6eda2ef7092ca751e1492f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 21 Mar 2025 12:03:18 +0000 Subject: [PATCH 0164/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index c16aee79..3d104f43 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -341,7 +341,7 @@ services: init: false healthcheck: start_period: 60s - test: clamdcheck.sh + test: /healthcheck.sh interval: 30s timeout: 30s start_interval: 5s @@ -351,7 +351,6 @@ services: environment: - TZ=${TIMEZONE} - MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT} - - CLAMD_STARTUP_TIMEOUT=90 volumes: - nextcloud_aio_clamav:/var/lib/clamav:rw restart: unless-stopped @@ -359,9 +358,11 @@ services: - clamav read_only: true tmpfs: - - /var/lock - - /var/log/clamav - /tmp + - /var/log/clamav + - /run/clamav + - /var/log/supervisord + - /var/run/supervisord cap_drop: - NET_RAW From 348a08a720c5785ee03d8c0189af0d4ebc413c6b Mon Sep 17 00:00:00 2001 From: Oleksander Piskun Date: Fri, 21 Mar 2025 18:45:00 +0200 Subject: [PATCH 0165/1064] more strict rules for the container creation Signed-off-by: Oleksander Piskun --- Containers/docker-socket-proxy/haproxy.cfg | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg index 601b465f..defccda5 100644 --- a/Containers/docker-socket-proxy/haproxy.cfg +++ b/Containers/docker-socket-proxy/haproxy.cfg @@ -13,7 +13,7 @@ frontend http bind :::2375 v4v6 http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER } # docker system _ping - http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_GET + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET # container inspect: GET containers/%s/json http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET # container inspect: GET containers/%s/logs @@ -38,19 +38,19 @@ frontend http # ACL to deny if there are any binds acl binds_present req.body -m reg -i "\"HostConfig\"\s*:.*\"Binds\"\s*:" # ACL to restrict the type of Mounts to volume - acl type_not_volume req.body -m reg -i "\"Mounts\":\s*\[[^\]]*(\"Type\":\s*\"(?!volume\b)\w+\"[^\]]*)+\]" + acl type_not_volume req.body -m reg -i "\"Mounts\"\s*:\s*\[[^\]]*(\"Type\"\s*:\s*\"(?!volume\b)\w+\"[^\]]*)+\]" http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST - # ACL to restrict container creation, that it has HostConfig.Privileged not set - acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\"" + # ACL to restrict container creation, that it has HostConfig.Privileged(by searching for "Privileged" word in all payload) + acl no_privileged_flag req.body -m reg -i "\"Privileged\"" # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data - acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\"" + acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\"\s*:\s*\[\s*{[^}]*\"Source\"\s*:\s*\"nc_app_[a-zA-Z0-9_.-]+_data\"" http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !no_privileged_flag nc_app_volume_data_only METH_POST # end of container create # volume create: POST volumes/create # restrict name - acl nc_app_volume_data req.body -m reg -i "\"Name\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\"" + acl nc_app_volume_data req.body -m reg -i "\"Name\"\s*:\s*\"nc_app_[a-zA-Z0-9_.-]+_data\"" # do not allow to use "device" word e.g., "--opt device=:/path/to/dir" acl volume_no_device req.body -m reg -i "\"device\"" http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } nc_app_volume_data !volume_no_device METH_POST From 4669ad430c84467a42d6df6f1de43a5777d01706 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 20 Mar 2025 16:36:21 +0100 Subject: [PATCH 0166/1064] helm: allow to set the skeleton directory Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 7 +++++++ nextcloud-aio-helm-chart/update-helm.sh | 3 +++ 2 files changed, 10 insertions(+) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index e8992086..e84636dc 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -535,6 +535,13 @@ php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https: php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log" php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log" php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater" +if [ -n "$NEXTCLOUD_SKELETON_DIRECTORY" ]; then + if [ "$NEXTCLOUD_SKELETON_DIRECTORY" = "empty" ]; then + php /var/www/html/occ config:system:set skeletondirectory --value="" + else + php /var/www/html/occ config:system:set skeletondirectory --value="$NEXTCLOUD_SKELETON_DIRECTORY" + fi +fi if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN" fi diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 3c976773..5ac19095 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -302,6 +302,8 @@ cat << EOL > /tmp/additional.config value: "{{ .Values.SERVERINFO_TOKEN }}" - name: NEXTCLOUD_DEFAULT_QUOTA value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}" + - name: NEXTCLOUD_SKELETON_DIRECTORY + value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}" - name: NEXTCLOUD_MAINTENANCE_WINDOW value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}" EOL @@ -414,6 +416,7 @@ APPS_ALLOWLIST: # This allows to configure allowed apps that will be show ADDITIONAL_TRUSTED_PROXY: # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here. ADDITIONAL_TRUSTED_DOMAIN: # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it NEXTCLOUD_DEFAULT_QUOTA: "10 GB" # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited +NEXTCLOUD_SKELETON_DIRECTORY: # Allows to adjust the sekeleton dir for Nextcloud. Setting it to "empty" will set the value to an empty string "" which will turn off the setting for new users in Nextcloud. NEXTCLOUD_MAINTENANCE_WINDOW: # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values SMTP_HOST: # (empty by default): The hostname of the SMTP server. SMTP_SECURE: # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS. From 630a0dc6aa6412a260030e2449fa14c6acc833a3 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 17 Mar 2025 14:57:39 +0100 Subject: [PATCH 0167/1064] database-import: update logic to consider wrong lin endings Signed-off-by: Simon L. --- Containers/postgresql/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh index 10e46550..dbb74196 100644 --- a/Containers/postgresql/start.sh +++ b/Containers/postgresql/start.sh @@ -99,7 +99,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO fi # Get the Owner - DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | head -1 | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')" + DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | head -1 | grep -oP 'Owner:.*$' | sed 's|Owner:||;s|[[:space:]]||g')" if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER" echo "It is not possible to import a database dump from this database owner." From 5d090018f98c19b353d7e68ef15423ba0cc1be19 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Mar 2025 09:13:06 +0100 Subject: [PATCH 0168/1064] move images to ghcr.io Signed-off-by: Simon L. --- .github/workflows/playwright.yml | 6 ++--- .github/workflows/update-helm.yml | 3 ++- Containers/mastercontainer/start.sh | 6 ++--- develop.md | 2 +- php/containers.json | 34 +++++++++++++------------- php/src/Docker/DockerActionManager.php | 30 +++++++++++++++++++++-- 6 files changed, 54 insertions(+), 27 deletions(-) diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index dfa6ad7e..67653783 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -29,7 +29,7 @@ jobs: run: | docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true - docker pull nextcloud/all-in-one:develop + docker pull ghcr.io/nextcloud-releases/all-in-one:develop docker run \ -d \ --init \ @@ -40,7 +40,7 @@ jobs: --volume /var/run/docker.sock:/var/run/docker.sock:ro \ --env SKIP_DOMAIN_VALIDATION=true \ --env APACHE_PORT=11000 \ - nextcloud/all-in-one:develop + ghcr.io/nextcloud-releases/all-in-one:develop echo Waiting for 10 seconds for the development container to start ... sleep 10 @@ -61,7 +61,7 @@ jobs: --volume /var/run/docker.sock:/var/run/docker.sock:ro \ --env SKIP_DOMAIN_VALIDATION=false \ --env APACHE_PORT=11000 \ - nextcloud/all-in-one:develop + ghcr.io/nextcloud-releases/all-in-one:develop echo Waiting for 10 seconds for the development container to start ... sleep 10 diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 3065c4a9..83c35135 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -14,7 +14,8 @@ jobs: uses: actions/checkout@v4 - name: update helm chart run: | - DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" + GHCR_TOKEN="$(curl https://ghcr.io/token\?scope\="repository:nextcloud-releases/all-in-one:pull" | jq '.token')" + DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" export DOCKER_TAG if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG" diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index bca074ae..1a455626 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -283,10 +283,10 @@ if [ "$?" = 6 ]; then exit 1 fi -# Check if auth.docker.io is reachable +# Check if ghcr.io is reachable # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268 -if ! curl https://auth.docker.io/token 2>&1 | grep -q token; then - print_red "Could not reach https://auth.docker.io." +if ! curl https://ghcr.io 2>&1; then + print_red "Could not reach https://ghcr.io." echo "Most likely is something blocking access to it." echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install" exit 1 diff --git a/develop.md b/develop.md index a35a521c..6f84b2d4 100644 --- a/develop.md +++ b/develop.md @@ -11,7 +11,7 @@ sudo docker run \ --publish 8443:8443 \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ -nextcloud/all-in-one:develop +ghcr.io/nextcloud-releases/all-in-one:develop ``` And you are done :) It will now also select the developer channel for all other containers automatically. diff --git a/php/containers.json b/php/containers.json index 4f218af2..d87fe9ca 100644 --- a/php/containers.json +++ b/php/containers.json @@ -13,7 +13,7 @@ "nextcloud-aio-whiteboard" ], "display_name": "Apache", - "image": "nextcloud/aio-apache", + "image": "ghcr.io/nextcloud-releases/aio-apache", "user": "33", "init": true, "healthcheck": { @@ -84,7 +84,7 @@ "container_name": "nextcloud-aio-database", "image_tag": "%AIO_CHANNEL%", "display_name": "Database", - "image": "nextcloud/aio-postgresql", + "image": "ghcr.io/nextcloud-releases/aio-postgresql", "user": "999", "init": true, "healthcheck": { @@ -149,7 +149,7 @@ "nextcloud-aio-docker-socket-proxy" ], "display_name": "Nextcloud", - "image": "nextcloud/aio-nextcloud", + "image": "ghcr.io/nextcloud-releases/aio-nextcloud", "init": true, "healthcheck": { "start_period": "0s", @@ -271,7 +271,7 @@ "container_name": "nextcloud-aio-notify-push", "image_tag": "%AIO_CHANNEL%", "display_name": "Notify Push", - "image": "nextcloud/aio-notify-push", + "image": "ghcr.io/nextcloud-releases/aio-notify-push", "user": "33", "init": true, "healthcheck": { @@ -319,7 +319,7 @@ "container_name": "nextcloud-aio-redis", "image_tag": "%AIO_CHANNEL%", "display_name": "Redis", - "image": "nextcloud/aio-redis", + "image": "ghcr.io/nextcloud-releases/aio-redis", "user": "999", "init": true, "healthcheck": { @@ -361,7 +361,7 @@ "image_tag": "%AIO_CHANNEL%", "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358", "display_name": "Collabora", - "image": "nextcloud/aio-collabora", + "image": "ghcr.io/nextcloud-releases/aio-collabora", "init": true, "healthcheck": { "start_period": "60s", @@ -404,7 +404,7 @@ "image_tag": "%AIO_CHANNEL%", "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358", "display_name": "Talk", - "image": "nextcloud/aio-talk", + "image": "ghcr.io/nextcloud-releases/aio-talk", "user": "1000", "init": true, "healthcheck": { @@ -466,7 +466,7 @@ "container_name": "nextcloud-aio-talk-recording", "image_tag": "%AIO_CHANNEL%", "display_name": "Talk Recording", - "image": "nextcloud/aio-talk-recording", + "image": "ghcr.io/nextcloud-releases/aio-talk-recording", "user": "122", "init": true, "healthcheck": { @@ -518,7 +518,7 @@ { "container_name": "nextcloud-aio-borgbackup", "image_tag": "%AIO_CHANNEL%", - "image": "nextcloud/aio-borgbackup", + "image": "ghcr.io/nextcloud-releases/aio-borgbackup", "init": true, "environment": [ "BORG_REMOTE_REPO=%BORGBACKUP_REMOTE_REPO%", @@ -586,7 +586,7 @@ { "container_name": "nextcloud-aio-watchtower", "image_tag": "%AIO_CHANNEL%", - "image": "nextcloud/aio-watchtower", + "image": "ghcr.io/nextcloud-releases/aio-watchtower", "init": true, "environment": [ "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer" @@ -606,7 +606,7 @@ { "container_name": "nextcloud-aio-domaincheck", "image_tag": "%AIO_CHANNEL%", - "image": "nextcloud/aio-domaincheck", + "image": "ghcr.io/nextcloud-releases/aio-domaincheck", "init": true, "ports": [ { @@ -637,7 +637,7 @@ "container_name": "nextcloud-aio-clamav", "image_tag": "%AIO_CHANNEL%", "display_name": "ClamAV", - "image": "nextcloud/aio-clamav", + "image": "ghcr.io/nextcloud-releases/aio-clamav", "user": "100", "init": false, "healthcheck": { @@ -683,7 +683,7 @@ "container_name": "nextcloud-aio-onlyoffice", "image_tag": "%AIO_CHANNEL%", "display_name": "OnlyOffice", - "image": "nextcloud/aio-onlyoffice", + "image": "ghcr.io/nextcloud-releases/aio-onlyoffice", "init": true, "healthcheck": { "start_period": "60s", @@ -729,7 +729,7 @@ "container_name": "nextcloud-aio-imaginary", "image_tag": "%AIO_CHANNEL%", "display_name": "Imaginary", - "image": "nextcloud/aio-imaginary", + "image": "ghcr.io/nextcloud-releases/aio-imaginary", "user": "65534", "init": true, "healthcheck": { @@ -771,7 +771,7 @@ "image_tag": "%AIO_CHANNEL%", "documentation": "https://github.com/nextcloud/all-in-one/discussions/1709", "display_name": "Fulltextsearch", - "image": "nextcloud/aio-fulltextsearch", + "image": "ghcr.io/nextcloud-releases/aio-fulltextsearch", "init": false, "healthcheck": { "start_period": "60s", @@ -819,7 +819,7 @@ "container_name": "nextcloud-aio-docker-socket-proxy", "image_tag": "%AIO_CHANNEL%", "display_name": "Docker Socket Proxy", - "image": "nextcloud/aio-docker-socket-proxy", + "image": "ghcr.io/nextcloud-releases/aio-docker-socket-proxy", "init": true, "internal_port": "2375", "environment": [ @@ -845,7 +845,7 @@ "container_name": "nextcloud-aio-whiteboard", "image_tag": "%AIO_CHANNEL%", "display_name": "Whiteboard", - "image": "nextcloud/aio-whiteboard", + "image": "ghcr.io/nextcloud-releases/aio-whiteboard", "user": "65534", "init": true, "healthcheck": { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 643b0f0e..bbcd4b77 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -742,6 +742,33 @@ readonly class DockerActionManager { } } + private function GetCurrentImageName(): string { + $cacheKey = 'aio-image-name'; + $imageName = apcu_fetch($cacheKey); + if ($imageName !== false && is_string($imageName)) { + return $imageName; + } + + $containerName = 'nextcloud-aio-mastercontainer'; + $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName)); + try { + $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true); + $imageNameArray = explode(':', $output['Config']['Image']); + if (count($imageNameArray) === 2) { + $imageName = $imageNameArray[0]; + } else { + error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the imageName to the default " . $output['Config']['Image']); + $imageName = $output['Config']['Image']; + } + apcu_add($cacheKey, $imageName); + return $imageName; + } catch (\Exception $e) { + error_log('Could not get current imageName ' . $e->getMessage()); + } + + return 'nextcloud/all-in-one'; + } + public function GetCurrentChannel(): string { $cacheKey = 'aio-ChannelName'; $channelName = apcu_fetch($cacheKey); @@ -753,7 +780,6 @@ readonly class DockerActionManager { $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName)); try { $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true); - $containerChecksum = $output['Image']; $tagArray = explode(':', $output['Config']['Image']); if (count($tagArray) === 2) { $tag = $tagArray[1]; @@ -771,7 +797,7 @@ readonly class DockerActionManager { } public function IsMastercontainerUpdateAvailable(): bool { - $imageName = 'nextcloud/all-in-one'; + $imageName = $this->GetCurrentImageName(); $containerName = 'nextcloud-aio-mastercontainer'; $tag = $this->GetCurrentChannel(); From ac2c97a08ee41b539785f31815bddb4c37cec6c4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Mar 2025 10:45:35 +0100 Subject: [PATCH 0169/1064] Revert changes to helm-chart updates Signed-off-by: Simon L. --- .github/workflows/update-helm.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 83c35135..3065c4a9 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -14,8 +14,7 @@ jobs: uses: actions/checkout@v4 - name: update helm chart run: | - GHCR_TOKEN="$(curl https://ghcr.io/token\?scope\="repository:nextcloud-releases/all-in-one:pull" | jq '.token')" - DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" + DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" export DOCKER_TAG if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG" From 7f76f622e13661f8b2a86d6317a0f8223c5534ea Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 25 Mar 2025 09:46:29 +0000 Subject: [PATCH 0170/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 8 +++----- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 2 +- .../nextcloud-aio-fulltextsearch-deployment.yaml | 2 +- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 2 +- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 2 +- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 16 insertions(+), 18 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index a1bdc687..a9de2ae8 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.7.0 +version: 10.9.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 8c67e748..b4e9e01c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: nextcloud/aio-apache:20250306_093458 + image: nextcloud/aio-apache:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 8ed76d31..e1921203 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -55,17 +55,15 @@ spec: {{- end }} containers: - env: - - name: CLAMD_STARTUP_TIMEOUT - value: "90" - name: MAX_SIZE value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-clamav:20250306_093458 + image: nextcloud/aio-clamav:20250325_084656 readinessProbe: exec: command: - - clamdcheck.sh + - /healthcheck.sh failureThreshold: 9 initialDelaySeconds: 60 periodSeconds: 30 @@ -73,7 +71,7 @@ spec: livenessProbe: exec: command: - - clamdcheck.sh + - /healthcheck.sh failureThreshold: 9 initialDelaySeconds: 60 periodSeconds: 30 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 08140b21..38d34bd0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: nextcloud/aio-collabora:20250306_093458 + image: nextcloud/aio-collabora:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index b96ddbb1..4d400202 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-postgresql:20250306_093458 + image: nextcloud/aio-postgresql:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 3df053ec..0de772be 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: nextcloud/aio-fulltextsearch:20250306_093458 + image: nextcloud/aio-fulltextsearch:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index ed389199..5c922d36 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-imaginary:20250306_093458 + image: nextcloud/aio-imaginary:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index d2bd1318..496cfed1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -180,7 +180,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: nextcloud/aio-nextcloud:20250306_093458 + image: nextcloud/aio-nextcloud:20250325_084656 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index baab420b..b02d5d85 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-notify-push:20250306_093458 + image: nextcloud/aio-notify-push:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index c04fd568..2a9db83a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-onlyoffice:20250306_093458 + image: nextcloud/aio-onlyoffice:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index e7a757fb..439ab944 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-redis:20250306_093458 + image: nextcloud/aio-redis:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index e379d8f2..755a2f6a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk:20250306_093458 + image: nextcloud/aio-talk:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 920cae8c..1967ff34 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk-recording:20250306_093458 + image: nextcloud/aio-talk-recording:20250325_084656 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index c6b25598..7d51f181 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-whiteboard:20250306_093458 + image: nextcloud/aio-whiteboard:20250325_084656 readinessProbe: exec: command: From c65eb16a151099f34da46602264baa0bf8335b35 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Mar 2025 10:47:12 +0100 Subject: [PATCH 0171/1064] Revert "Revert changes to helm-chart updates" This reverts commit ac2c97a08ee41b539785f31815bddb4c37cec6c4. --- .github/workflows/update-helm.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 3065c4a9..83c35135 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -14,7 +14,8 @@ jobs: uses: actions/checkout@v4 - name: update helm chart run: | - DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" + GHCR_TOKEN="$(curl https://ghcr.io/token\?scope\="repository:nextcloud-releases/all-in-one:pull" | jq '.token')" + DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" export DOCKER_TAG if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG" From a4fa22ec221c53253bee620f8077b0d1ae5a053d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Mar 2025 10:49:03 +0100 Subject: [PATCH 0172/1064] increase to 10.10.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index b1f1901c..ce8a59cb 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.9.0

    +

    Nextcloud AIO v10.10.0

    {# Add 2nd tab warning #} From 13e9829a850ae27258b7e05f54849a3d33371cdb Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Mar 2025 11:01:42 +0100 Subject: [PATCH 0173/1064] fix detail Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 1a455626..dff289d3 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -285,7 +285,7 @@ fi # Check if ghcr.io is reachable # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268 -if ! curl https://ghcr.io 2>&1; then +if ! curl https://ghcr.io &>/dev/null; then print_red "Could not reach https://ghcr.io." echo "Most likely is something blocking access to it." echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install" From f7183b8d32b57cdd873b84c52d7c815503398e3d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Mar 2025 12:13:31 +0100 Subject: [PATCH 0174/1064] aio-interface: rename `isDockerHubReachable` to `isRegistryReachable` Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 6 +++--- php/src/Docker/DockerActionManager.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index ee439824..6c55b3da 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -41,12 +41,12 @@ readonly class DockerController { } } - // Check if docker hub is reachable in order to make sure that we do not try to pull an image if it is down + // Check if registry is reachable in order to make sure that we do not try to pull an image if it is down // and try to mitigate issues that are arising due to that if ($pullImage) { - if (!$this->dockerActionManager->isDockerHubReachable($container)) { + if (!$this->dockerActionManager->isRegistryReachable($container)) { $pullImage = false; - error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because docker hub does not seem to be reachable.'); + error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.'); } } diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index bbcd4b77..71242d92 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -599,7 +599,7 @@ readonly class DockerActionManager { } - public function isDockerHubReachable(Container $container): bool { + public function isRegistryReachable(Container $container): bool { $tag = $container->GetImageTag(); if ($tag === '%AIO_CHANNEL%') { $tag = $this->GetCurrentChannel(); From 328a85511f1bbbfc954e27da944e5dc5d0eb321c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Mar 2025 09:08:01 +0100 Subject: [PATCH 0175/1064] docs: nextcloud/all-in-one moved to ghcr.io Signed-off-by: Simon L. --- community-containers/readme.md | 2 +- compose.yaml | 2 +- manual-upgrade.md | 4 ++-- multiple-instances.md | 2 +- php/README.md | 2 +- readme.md | 44 +++++++++++++++++----------------- reverse-proxy.md | 10 ++++---- 7 files changed, 33 insertions(+), 33 deletions(-) diff --git a/community-containers/readme.md b/community-containers/readme.md index 0c82d6fe..07ba7602 100644 --- a/community-containers/readme.md +++ b/community-containers/readme.md @@ -7,7 +7,7 @@ All containers that are in this directory are community maintained so the respon ## How to use this? Before adding any additional container, make sure to create a backup via the AIO interface! -Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it. +Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it. ## How to add containers? Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json. diff --git a/compose.yaml b/compose.yaml index a72fbf50..a2836446 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,6 +1,6 @@ services: nextcloud-aio-mastercontainer: - image: nextcloud/all-in-one:latest + image: ghcr.io/nextcloud-releases/all-in-one:latest init: true restart: always container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly diff --git a/manual-upgrade.md b/manual-upgrade.md index 43aaebb2..c1478953 100644 --- a/manual-upgrade.md +++ b/manual-upgrade.md @@ -41,7 +41,7 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d - e.g. `nextcloud/aio-nextcloud:php8.0-latest` or `nextcloud/aio-nextcloud:php8.0-latest-arm64` - - However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags) + - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) - Using nano and the arrow keys to navigate: - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit. 6. Next, stop and remove the current container: @@ -95,7 +95,7 @@ Make **note** of the version which is compatible, rounding down to 1 digit after ##### 5. Find the correct container version In general it should be ```nextcloud/aio-nextcloud:php8.x-latest-arm64``` or `nextcloud/aio-nextcloud:php8.x-latest` replacing `x` with the version you require. -However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags) +However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) ##### 6. Replace the container - Navigate to the ```nextcloud-aio-nextcloud``` container within portainer diff --git a/multiple-instances.md b/multiple-instances.md index f98f867a..00386e1b 100644 --- a/multiple-instances.md +++ b/multiple-instances.md @@ -149,7 +149,7 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi --env TALK_PORT=3478 \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ - nextcloud/all-in-one:latest + ghcr.io/nextcloud-releases/all-in-one:latest ``` The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM. diff --git a/php/README.md b/php/README.md index 29ade4ae..af824818 100644 --- a/php/README.md +++ b/php/README.md @@ -34,7 +34,7 @@ docker run \ --name nextcloud-aio-mastercontainer \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock \ -nextcloud/all-in-one:latest +ghcr.io/nextcloud-releases/all-in-one:latest ``` ### 4. Start your server diff --git a/readme.md b/readme.md index 0eb92033..6e3a215c 100644 --- a/readme.md +++ b/readme.md @@ -111,7 +111,7 @@ curl -fsSL https://get.docker.com | sudo sh --publish 8443:8443 \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ - nextcloud/all-in-one:latest + ghcr.io/nextcloud-releases/all-in-one:latest ```
    Explanation of the command @@ -126,7 +126,7 @@ curl -fsSL https://get.docker.com | sudo sh - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then. - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on. - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install. - - `nextcloud/all-in-one:latest` This is the docker container image that is used. + - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used. - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
    @@ -331,7 +331,7 @@ Now that this is out of the way, the recommended way how to access Nextcloud loc Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole ### How to skip the domain validation? -If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). +If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). ### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others? It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running: @@ -344,7 +344,7 @@ Afterwards it should work.
    See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it ### What can I do to fix the internal or reserved ip-address error? -If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation. +If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation. ## Infrastructure @@ -377,7 +377,7 @@ Yes. If SELinux is enabled, you might need to add the `--security-opt label:disa > [!WARNING] > Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it. -You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container. +You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container. - An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using an external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696. - On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"` @@ -408,7 +408,7 @@ You can move the whole docker library and all its files including all Nextcloud This should solve the problem. ### How to allow the Nextcloud container to access directories on the host? -By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. +By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. - Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`. - On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"` @@ -425,29 +425,29 @@ Be aware though that these locations will not be covered by the built-in backup > If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required. ### How to adjust the Talk port? -By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517 +By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517 ### How to adjust the upload limit for Nextcloud? -By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`. +By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`. ### How to adjust the max execution time for Nextcloud? -By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`. +By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`. ### How to adjust the PHP memory limit for Nextcloud? -By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`. +By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`. ### How to change the Nextcloud apps that are installed on the first startup? -You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`. +You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`. ### How to add OS packages permanently to the Nextcloud container? Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. -You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well. +You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well. ### How to add PHP extensions permanently to the Nextcloud container? Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. -You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well. +You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well. ### What about the pdlib PHP extension for the facerecognition app? The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition. @@ -464,7 +464,7 @@ A list of supported device can be fond in [MESA 3D documentation](https://docs.m This method use the [Direct Rendering Infrastructure](https://dri.freedesktop.org/wiki/) with the access to the `/dev/dri` device. -In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. +In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. #### With proprietary drivers for Nvidia :warning: BETA @@ -476,19 +476,19 @@ In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` t This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) with the nvidia runtime. -In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime. +In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime. If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2). ### How to keep disabled apps? -In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). +In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). > [!WARNING] > Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example. ### How to trust user-defined Certification Authorities (CA)? For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization. -You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted. +You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted. When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`. @@ -521,7 +521,7 @@ docker run ^ --publish 8443:8443 ^ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^ --volume //var/run/docker.sock:/var/run/docker.sock:ro ^ -nextcloud/all-in-one:latest +ghcr.io/nextcloud-releases/all-in-one:latest ``` Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it. @@ -530,7 +530,7 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files > Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work. ### How to run AIO on Synology DSM -On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command. +On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command. > [!NOTE] > It is possible that the docker socket on your Synology is located in `/var/run/docker.sock` like the default on Linux. Then you can just use the Linux command without having to change anything - you will notice this when you try to start the container and it says that the bind mount failed. E.g. `docker: Error response from daemon: Bind mount failed: '/volume1/docker/docker.sock' does not exists.` @@ -576,7 +576,7 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. ### How to switch the channel? -You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `nextcloud/all-in-one:latest` to `nextcloud/all-in-one:beta` and vice versa. +You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ### How to update the containers? If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. @@ -785,7 +785,7 @@ Be aware that this solution does not back up files and folders that are mounted Backed up will get all important data of your Nextcloud AIO instance required to restore the instance, like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order). ### How to adjust borgs retention policy? -The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out! +The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out! ### How to migrate from AIO to AIO? If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on `/mnt/datadir`, you can adjust the steps if it's elsewhere. @@ -1037,7 +1037,7 @@ One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextclo > None of the option returns error codes. So you need to check for the correct result yourself. ### How to disable the backup section? -If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). +If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). ## Addons diff --git a/reverse-proxy.md b/reverse-proxy.md index a2b00abd..5835b283 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -26,7 +26,7 @@ sudo docker run \ --env SKIP_DOMAIN_VALIDATION=false \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ -nextcloud/all-in-one:latest +ghcr.io/nextcloud-releases/all-in-one:latest ```
    @@ -45,7 +45,7 @@ nextcloud/all-in-one:latest - `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#6-how-to-debug-things). - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on. - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install. -- `nextcloud/all-in-one:latest` This is the docker container image that is used. +- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used. - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
    @@ -231,7 +231,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it. You also need to adjust `` and `` to match your case. -1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`) which will disable the domain validation (because it is known that the domain validation will not work when using the DNS-challenge since no port is publicly opened). +1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`) which will disable the domain validation (because it is known that the domain validation will not work when using the DNS-challenge since no port is publicly opened). **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server. @@ -845,7 +845,7 @@ sudo docker run \ --env SKIP_DOMAIN_VALIDATION=false \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ -nextcloud/all-in-one:latest +ghcr.io/nextcloud-releases/all-in-one:latest ``` Note: you may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it. @@ -873,7 +873,7 @@ docker run ^ --env SKIP_DOMAIN_VALIDATION=false ^ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^ --volume //var/run/docker.sock:/var/run/docker.sock:ro ^ -nextcloud/all-in-one:latest +ghcr.io/nextcloud-releases/all-in-one:latest ``` Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it. From 23d0fd0cef46676b5351416b0f55b54ac2b2362d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Mar 2025 15:15:21 +0100 Subject: [PATCH 0176/1064] move szaimens community containers to ghcr.io Signed-off-by: Simon L. --- community-containers/borgbackup-viewer/borgbackup-viewer.json | 2 +- community-containers/caddy/caddy.json | 2 +- community-containers/fail2ban/fail2ban.json | 2 +- community-containers/libretranslate/libretranslate.json | 2 +- community-containers/local-ai/local-ai.json | 2 +- community-containers/scrutiny/scrutiny.json | 2 +- community-containers/smbserver/smbserver.json | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/community-containers/borgbackup-viewer/borgbackup-viewer.json b/community-containers/borgbackup-viewer/borgbackup-viewer.json index 9b5c58e5..7f9bb0a0 100644 --- a/community-containers/borgbackup-viewer/borgbackup-viewer.json +++ b/community-containers/borgbackup-viewer/borgbackup-viewer.json @@ -5,7 +5,7 @@ "image_tag": "v1", "display_name": "Borg Backup Viewer", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer", - "image": "szaimen/aio-borgbackup-viewer", + "image": "ghcr.io/szaimen/aio-borgbackup-viewer", "internal_port": "5801", "ports": [ { diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json index 47fef1db..d5f72cb8 100644 --- a/community-containers/caddy/caddy.json +++ b/community-containers/caddy/caddy.json @@ -4,7 +4,7 @@ "container_name": "nextcloud-aio-caddy", "display_name": "Caddy with geoblocking", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy", - "image": "szaimen/aio-caddy", + "image": "ghcr.io/szaimen/aio-caddy", "image_tag": "v2", "internal_port": "443", "restart": "unless-stopped", diff --git a/community-containers/fail2ban/fail2ban.json b/community-containers/fail2ban/fail2ban.json index dbc733d4..78bf0a85 100644 --- a/community-containers/fail2ban/fail2ban.json +++ b/community-containers/fail2ban/fail2ban.json @@ -4,7 +4,7 @@ "container_name": "nextcloud-aio-fail2ban", "display_name": "Fail2ban", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban", - "image": "szaimen/aio-fail2ban", + "image": "ghcr.io/szaimen/aio-fail2ban", "image_tag": "v1", "internal_port": "host", "restart": "unless-stopped", diff --git a/community-containers/libretranslate/libretranslate.json b/community-containers/libretranslate/libretranslate.json index 80312a9a..98970db4 100644 --- a/community-containers/libretranslate/libretranslate.json +++ b/community-containers/libretranslate/libretranslate.json @@ -4,7 +4,7 @@ "container_name": "nextcloud-aio-libretranslate", "display_name": "LibreTranslate", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/libretranslate", - "image": "szaimen/aio-libretranslate", + "image": "ghcr.io/szaimen/aio-libretranslate", "image_tag": "v1", "internal_port": "5000", "restart": "unless-stopped", diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json index 6242a3b9..8e2aedb3 100644 --- a/community-containers/local-ai/local-ai.json +++ b/community-containers/local-ai/local-ai.json @@ -4,7 +4,7 @@ "container_name": "nextcloud-aio-local-ai", "display_name": "Local AI", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai", - "image": "szaimen/aio-local-ai", + "image": "ghcr.io/szaimen/aio-local-ai", "image_tag": "v2", "internal_port": "8080", "restart": "unless-stopped", diff --git a/community-containers/scrutiny/scrutiny.json b/community-containers/scrutiny/scrutiny.json index 7fe369c5..4b368291 100644 --- a/community-containers/scrutiny/scrutiny.json +++ b/community-containers/scrutiny/scrutiny.json @@ -4,7 +4,7 @@ "container_name": "nextcloud-aio-scrutiny", "display_name": "Scrutiny", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny", - "image": "szaimen/aio-scrutiny", + "image": "ghcr.io/szaimen/aio-scrutiny", "image_tag": "v1", "internal_port": "8000", "init": false, diff --git a/community-containers/smbserver/smbserver.json b/community-containers/smbserver/smbserver.json index c6269134..d095eb7a 100644 --- a/community-containers/smbserver/smbserver.json +++ b/community-containers/smbserver/smbserver.json @@ -4,7 +4,7 @@ "container_name": "nextcloud-aio-smbserver", "display_name": "SMB-server", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/smbserver", - "image": "szaimen/aio-smbserver", + "image": "ghcr.io/szaimen/aio-smbserver", "image_tag": "v1", "internal_port": "5803", "restart": "unless-stopped", From 627c2d3192feba2f4ba562cb5f62e20ad0408aaa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Mar 2025 04:38:04 +0000 Subject: [PATCH 0177/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.17.3 to 8.17.4. --- updated-dependencies: - dependency-name: elasticsearch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 8cdaef6a..2299f0f5 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.17.3 +FROM elasticsearch:8.17.4 USER root From d3ac48f352340a928c903ee3fa176ec77547340a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Mar 2025 10:45:15 +0100 Subject: [PATCH 0178/1064] add a note to `NEXTCLOUD_TRUSTED_CACERTS_DIR` Signed-off-by: Simon L. --- readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/readme.md b/readme.md index 0eb92033..2b0f731a 100644 --- a/readme.md +++ b/readme.md @@ -486,6 +486,9 @@ In certain situations you might want to keep Nextcloud apps that are disabled in > Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example. ### How to trust user-defined Certification Authorities (CA)? +> [!NOTE] +> Please note, that this feature is only intended to make LDAPS connections with self-signed certificates work. It will not make other interconnectivity between the different containers work, as they expect a valid publicly trusted certificate like one from Let's Encrypt. + For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization. You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted. From 9e0f5b31d202930f64d7c76af40f5ceae398a700 Mon Sep 17 00:00:00 2001 From: Zoey Date: Wed, 26 Mar 2025 12:21:45 +0100 Subject: [PATCH 0179/1064] fix #6230 Signed-off-by: Zoey --- Containers/clamav/supervisord.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf index 8f5c81a1..8f53856a 100644 --- a/Containers/clamav/supervisord.conf +++ b/Containers/clamav/supervisord.conf @@ -13,7 +13,7 @@ stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 -command=freshclam --foreground --stdout --daemon +command=freshclam --foreground --stdout --daemon --daemon-notify=/tmp/clamd.conf [program:clamd] stdout_logfile=/dev/stdout From ca151e86ac2b40b34abdd601ac47eff0d4b8043e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Mar 2025 18:27:44 +0100 Subject: [PATCH 0180/1064] watchtower: install from github repo to fix some security issues Signed-off-by: Simon L. --- Containers/watchtower/Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 8bd5da34..a6940d40 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,14 +1,18 @@ # syntax=docker/dockerfile:latest -# From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained -FROM containrrr/watchtower:1.7.1 AS watchtower +FROM golang:1.24.1-alpine3.21 AS go + +RUN set -ex; \ + apk add --no-cache \ + build-base; \ + go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b; FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache bash + apk add --no-cache bash ca-certificates tzdata -COPY --from=watchtower /watchtower /watchtower +COPY --from=go /go/bin/watchtower /usr/local/bin/watchtower COPY --chmod=775 start.sh /start.sh From c5a9da8bb37c131cbbd2d71529345c7fc3123663 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Mar 2025 18:39:32 +0100 Subject: [PATCH 0181/1064] run apk upgrade everywhere Signed-off-by: Simon L. --- Containers/imaginary/Dockerfile | 3 ++- Containers/talk/Dockerfile | 1 + Containers/watchtower/Dockerfile | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 9d2fd11d..cb6dbbe5 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,9 +1,10 @@ # syntax=docker/dockerfile:latest FROM golang:1.24.1-alpine3.21 AS go -ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 +ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 RUN set -ex; \ + apk upgrade --no-cache -a; \ apk add --no-cache \ vips-dev \ vips-magick \ diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 915b4789..00d2153f 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -7,6 +7,7 @@ FROM alpine:3.21.3 AS janus ARG JANUS_VERSION=v1.3.1 WORKDIR /src RUN set -ex; \ + apk upgrade --no-cache -a; \ apk add --no-cache \ ca-certificates \ git \ diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index a6940d40..aad4f935 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -2,6 +2,7 @@ FROM golang:1.24.1-alpine3.21 AS go RUN set -ex; \ + apk upgrade --no-cache -a; \ apk add --no-cache \ build-base; \ go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b; From 80920778fbc5a5cf08e279ab228b9bc1e3be0790 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Mar 2025 18:55:50 +0100 Subject: [PATCH 0182/1064] update update-helm with correct syntax Signed-off-by: Simon L. --- .github/workflows/update-helm.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 83c35135..0a97ee87 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -14,9 +14,11 @@ jobs: uses: actions/checkout@v4 - name: update helm chart run: | - GHCR_TOKEN="$(curl https://ghcr.io/token\?scope\="repository:nextcloud-releases/all-in-one:pull" | jq '.token')" + set -x + GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')" DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" export DOCKER_TAG + set +x if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG" fi From 25c580bca370eaead5f1fad9d3842a9c49562dff Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Mar 2025 19:00:31 +0100 Subject: [PATCH 0183/1064] fix update-helm by removing spaces Signed-off-by: Simon L. --- .github/workflows/update-helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 0a97ee87..75aaceb5 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -16,7 +16,7 @@ jobs: run: | set -x GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')" - DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" + DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" export DOCKER_TAG set +x if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then From f415bba72b4e83e9c76524858d465035802c688e Mon Sep 17 00:00:00 2001 From: Zoey Date: Wed, 26 Mar 2025 21:28:05 +0100 Subject: [PATCH 0184/1064] link to borg logs while borg is running Not sure if mastercontainer is wanted, but I think it should link to borgs logs Signed-off-by: Zoey --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index ce8a59cb..42860e6d 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -60,7 +60,7 @@ {% endfor %} {% if is_daily_backup_running == true %} -

    Daily backup currently running. (Logs)

    +

    Daily backup currently running. (Logs)

    {% if automatic_updates == true %}

    This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.

    {% if is_mastercontainer_update_available == true %} From 9a9ea694b2685d864aea5586b1d360bb72348e51 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Mar 2025 23:38:00 +0100 Subject: [PATCH 0185/1064] helm-chart: move alpine init-container image to containers folder Signed-off-by: Simon L. --- Containers/alpine/Dockerfile | 5 +++++ nextcloud-aio-helm-chart/update-helm.sh | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) create mode 100644 Containers/alpine/Dockerfile diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile new file mode 100644 index 00000000..48f2b46a --- /dev/null +++ b/Containers/alpine/Dockerfile @@ -0,0 +1,5 @@ +# syntax=docker/dockerfile:latest +FROM alpine:3.21 + +RUN set -ex; \ + apk upgrade --no-cache -a diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 5ac19095..02a2c17d 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -72,7 +72,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio cat << EOL > /tmp/initcontainers initContainers: - name: init-volumes - image: "alpine:3.20" + image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG" command: - chmod - "777" @@ -81,7 +81,7 @@ EOL cat << EOL > /tmp/initcontainers.database initContainers: - name: init-subpath - image: "alpine:3.20" + image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG" command: - mkdir - "-p" @@ -94,7 +94,7 @@ EOL cat << EOL > /tmp/initcontainers.clamav initContainers: - name: init-subpath - image: "alpine:3.20" + image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG" command: - mkdir - "-p" @@ -108,7 +108,7 @@ cat << EOL > /tmp/initcontainers.nextcloud # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: "alpine:3.20" + image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG" command: - chmod - "777" From 62b03a1de20f451f940117d15599a14be0e2d718 Mon Sep 17 00:00:00 2001 From: Zoey Date: Thu, 27 Mar 2025 06:29:03 +0100 Subject: [PATCH 0186/1064] Apply suggestion Co-authored-by: Simon L. Signed-off-by: Zoey --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 42860e6d..66ebb121 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -60,7 +60,7 @@ {% endfor %} {% if is_daily_backup_running == true %} -

    Daily backup currently running. (Logs)

    +

    Daily backup currently running. (Mastercontainer logs) (Borg backup container logs)

    {% if automatic_updates == true %}

    This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.

    {% if is_mastercontainer_update_available == true %} From 0f92f8e40cbff12043b28b6f703319f619bc165a Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 27 Mar 2025 12:03:21 +0000 Subject: [PATCH 0187/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 3d104f43..a8bdb0be 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -19,7 +19,7 @@ services: nextcloud-aio-whiteboard: condition: service_started required: false - image: nextcloud/aio-apache:latest + image: ghcr.io/nextcloud-releases/aio-apache:latest user: "33" init: true healthcheck: @@ -60,7 +60,7 @@ services: - NET_RAW nextcloud-aio-database: - image: nextcloud/aio-postgresql:latest + image: ghcr.io/nextcloud-releases/aio-postgresql:latest user: "999" init: true healthcheck: @@ -110,7 +110,7 @@ services: nextcloud-aio-imaginary: condition: service_started required: false - image: nextcloud/aio-nextcloud:latest + image: ghcr.io/nextcloud-releases/aio-nextcloud:latest init: true healthcheck: start_period: 0s @@ -185,7 +185,7 @@ services: - NET_RAW nextcloud-aio-notify-push: - image: nextcloud/aio-notify-push:latest + image: ghcr.io/nextcloud-releases/aio-notify-push:latest user: "33" init: true healthcheck: @@ -216,7 +216,7 @@ services: - NET_RAW nextcloud-aio-redis: - image: nextcloud/aio-redis:latest + image: ghcr.io/nextcloud-releases/aio-redis:latest user: "999" init: true healthcheck: @@ -240,7 +240,7 @@ services: nextcloud-aio-collabora: command: ${ADDITIONAL_COLLABORA_OPTIONS} - image: nextcloud/aio-collabora:latest + image: ghcr.io/nextcloud-releases/aio-collabora:latest init: true healthcheck: start_period: 60s @@ -268,7 +268,7 @@ services: - NET_RAW nextcloud-aio-talk: - image: nextcloud/aio-talk:latest + image: ghcr.io/nextcloud-releases/aio-talk:latest user: "1000" init: true healthcheck: @@ -306,7 +306,7 @@ services: - NET_RAW nextcloud-aio-talk-recording: - image: nextcloud/aio-talk-recording:latest + image: ghcr.io/nextcloud-releases/aio-talk-recording:latest user: "122" init: true healthcheck: @@ -336,7 +336,7 @@ services: - NET_RAW nextcloud-aio-clamav: - image: nextcloud/aio-clamav:latest + image: ghcr.io/nextcloud-releases/aio-clamav:latest user: "100" init: false healthcheck: @@ -367,7 +367,7 @@ services: - NET_RAW nextcloud-aio-onlyoffice: - image: nextcloud/aio-onlyoffice:latest + image: ghcr.io/nextcloud-releases/aio-onlyoffice:latest init: true healthcheck: start_period: 60s @@ -392,7 +392,7 @@ services: - NET_RAW nextcloud-aio-imaginary: - image: nextcloud/aio-imaginary:latest + image: ghcr.io/nextcloud-releases/aio-imaginary:latest user: "65534" init: true healthcheck: @@ -419,7 +419,7 @@ services: - /tmp nextcloud-aio-fulltextsearch: - image: nextcloud/aio-fulltextsearch:latest + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:latest init: false healthcheck: start_period: 60s @@ -450,7 +450,7 @@ services: - NET_RAW nextcloud-aio-whiteboard: - image: nextcloud/aio-whiteboard:latest + image: ghcr.io/nextcloud-releases/aio-whiteboard:latest user: "65534" init: true healthcheck: From 55f77ade815f524838e404d9b7a83e70a55a059b Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 27 Mar 2025 12:12:18 +0000 Subject: [PATCH 0188/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 4ee8d0e2..7383256b 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -14,7 +14,7 @@ ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! # Define the commit hash for imagick as a variable -ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58 +ARG IMAGICK_COMMIT_HASH=ffa23eb0bc6796349dce12a984b3b70079e7bdd3 COPY --chmod=775 *.sh / COPY --chmod=774 upgrade.exclude /upgrade.exclude @@ -84,7 +84,7 @@ RUN set -ex; \ pecl install -o igbinary-3.2.16; \ pecl install APCu-5.1.24; \ pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \ - pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \ + pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \ # pecl install -o imagick-3.7.0; \ # Begin workaround -> # The master version on the imagick repository is compatible with PHP 8.3. However, the PECL version is not updated yet. From dbe73ab0db8bc0d6144a4bad7429cba52c57b8c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 04:19:42 +0000 Subject: [PATCH 0189/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.0.2-cli to 28.0.4-cli. --- updated-dependencies: - dependency-name: docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 12e4aaa2..394359b7 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.0.2-cli AS docker +FROM docker:28.0.4-cli AS docker # Caddy is a requirement FROM caddy:2.9.1-alpine AS caddy From 19ab4ae3087a3e4de542b95c19c50bd7dffc889b Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Sat, 29 Mar 2025 12:02:52 +0000 Subject: [PATCH 0190/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 58 +++++++++++++++++++++++------------------------ 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 6d56b219..8df472da 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -8,16 +8,16 @@ "packages": [ { "name": "guzzlehttp/guzzle", - "version": "7.9.2", + "version": "7.9.3", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "d281ed313b989f213357e3be1a179f02196ac99b" + "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/d281ed313b989f213357e3be1a179f02196ac99b", - "reference": "d281ed313b989f213357e3be1a179f02196ac99b", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77", + "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77", "shasum": "" }, "require": { @@ -114,7 +114,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.9.2" + "source": "https://github.com/guzzle/guzzle/tree/7.9.3" }, "funding": [ { @@ -130,20 +130,20 @@ "type": "tidelift" } ], - "time": "2024-07-24T11:22:20+00:00" + "time": "2025-03-27T13:37:11+00:00" }, { "name": "guzzlehttp/promises", - "version": "2.0.4", + "version": "2.2.0", "source": { "type": "git", "url": "https://github.com/guzzle/promises.git", - "reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455" + "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/promises/zipball/f9c436286ab2892c7db7be8c8da4ef61ccf7b455", - "reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455", + "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c", + "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c", "shasum": "" }, "require": { @@ -197,7 +197,7 @@ ], "support": { "issues": "https://github.com/guzzle/promises/issues", - "source": "https://github.com/guzzle/promises/tree/2.0.4" + "source": "https://github.com/guzzle/promises/tree/2.2.0" }, "funding": [ { @@ -213,20 +213,20 @@ "type": "tidelift" } ], - "time": "2024-10-17T10:06:22+00:00" + "time": "2025-03-27T13:27:01+00:00" }, { "name": "guzzlehttp/psr7", - "version": "2.7.0", + "version": "2.7.1", "source": { "type": "git", "url": "https://github.com/guzzle/psr7.git", - "reference": "a70f5c95fb43bc83f07c9c948baa0dc1829bf201" + "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/a70f5c95fb43bc83f07c9c948baa0dc1829bf201", - "reference": "a70f5c95fb43bc83f07c9c948baa0dc1829bf201", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16", + "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16", "shasum": "" }, "require": { @@ -313,7 +313,7 @@ ], "support": { "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/2.7.0" + "source": "https://github.com/guzzle/psr7/tree/2.7.1" }, "funding": [ { @@ -329,7 +329,7 @@ "type": "tidelift" } ], - "time": "2024-07-18T11:15:46+00:00" + "time": "2025-03-27T12:30:47+00:00" }, { "name": "http-interop/http-factory-guzzle", @@ -391,16 +391,16 @@ }, { "name": "laravel/serializable-closure", - "version": "v2.0.3", + "version": "v2.0.4", "source": { "type": "git", "url": "https://github.com/laravel/serializable-closure.git", - "reference": "f379c13663245f7aa4512a7869f62eb14095f23f" + "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/f379c13663245f7aa4512a7869f62eb14095f23f", - "reference": "f379c13663245f7aa4512a7869f62eb14095f23f", + "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b352cf0534aa1ae6b4d825d1e762e35d43f8a841", + "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841", "shasum": "" }, "require": { @@ -448,7 +448,7 @@ "issues": "https://github.com/laravel/serializable-closure/issues", "source": "https://github.com/laravel/serializable-closure" }, - "time": "2025-02-11T15:03:05+00:00" + "time": "2025-03-19T13:51:03+00:00" }, { "name": "nikic/fast-route", @@ -2939,16 +2939,16 @@ }, { "name": "symfony/console", - "version": "v6.4.17", + "version": "v6.4.20", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "799445db3f15768ecc382ac5699e6da0520a0a04" + "reference": "2e4af9c952617cc3f9559ff706aee420a8464c36" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/799445db3f15768ecc382ac5699e6da0520a0a04", - "reference": "799445db3f15768ecc382ac5699e6da0520a0a04", + "url": "https://api.github.com/repos/symfony/console/zipball/2e4af9c952617cc3f9559ff706aee420a8464c36", + "reference": "2e4af9c952617cc3f9559ff706aee420a8464c36", "shasum": "" }, "require": { @@ -3013,7 +3013,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.17" + "source": "https://github.com/symfony/console/tree/v6.4.20" }, "funding": [ { @@ -3029,7 +3029,7 @@ "type": "tidelift" } ], - "time": "2024-12-07T12:07:30+00:00" + "time": "2025-03-03T17:16:38+00:00" }, { "name": "symfony/filesystem", From 0852b00cc8bda91aa3e5cc8d0c9277e849a77342 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sun, 30 Mar 2025 17:53:42 +0200 Subject: [PATCH 0191/1064] borg: exclude lost+found directory from backup Signed-off-by: Simon L. --- Containers/borgbackup/backupscript.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh index 5c6ddd99..602ec586 100644 --- a/Containers/borgbackup/backupscript.sh +++ b/Containers/borgbackup/backupscript.sh @@ -191,7 +191,7 @@ if [ "$BORG_MODE" = backup ]; then fi # Exclude the nextcloud log and audit log for GDPR reasons - BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log") + BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/lost+found") BORG_INCLUDE=() # Exclude datadir if .noaiobackup file was found @@ -405,6 +405,7 @@ if [ "$BORG_MODE" = restore ]; then --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \ --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \ --exclude "nextcloud_aio_mastercontainer/session/**" \ + --exclude "nextcloud_aio_nextcloud_data/lost+found" \ "${ADDITIONAL_RSYNC_EXCLUDES[@]}" \ /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes/; then RESTORE_FAILED=1 @@ -459,6 +460,7 @@ if [ "$BORG_MODE" = restore ]; then -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_running \ -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/session_date_file \ -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg*" \ + -o -path "nextcloud_aio_nextcloud_data/lost+found" \ "${ADDITIONAL_FIND_EXCLUDES[@]}" \ \) \ | LC_ALL=C sort \ From 33fac7d67abc6ebec7cb37d3b7eb954c8536816d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 10:45:29 +0200 Subject: [PATCH 0192/1064] fix update-helm workflow Signed-off-by: Simon L. --- .github/workflows/update-helm.yml | 2 +- nextcloud-aio-helm-chart/update-helm.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 75aaceb5..acce2637 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -16,7 +16,7 @@ jobs: run: | set -x GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')" - DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" + DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g;s|,||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" export DOCKER_TAG set +x if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 5ac19095..3e546856 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -505,7 +505,7 @@ cat << EOL > /tmp/security.conf {{- end }} # AIO-config - do not change this comment! EOL # shellcheck disable=SC1083 -find ./ -name '*nextcloud-deployment.yaml*' -exec sed -i "/nextcloud\/aio-nextcloud:.*/r /tmp/security.conf" \{} \; +find ./ -name '*nextcloud-deployment.yaml*' -exec sed -i "/image: .*nextcloud.*aio-nextcloud:.*/r /tmp/security.conf" \{} \; chmod 777 -R ./ From f88b123cc3c8ccff4e9ff6964e93060bf8f32157 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 31 Mar 2025 08:46:12 +0000 Subject: [PATCH 0193/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 2 +- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 2 +- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 2 +- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 +++- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 2 +- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- nextcloud-aio-helm-chart/values.yaml | 1 + 15 files changed, 17 insertions(+), 14 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index a9de2ae8..8fd3a53d 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.9.0 +version: 10.10.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index b4e9e01c..ea4393f7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: nextcloud/aio-apache:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-apache:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index e1921203..9c55ce9d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-clamav:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-clamav:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 38d34bd0..4a904d2a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: nextcloud/aio-collabora:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-collabora:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 4d400202..cf138dd0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-postgresql:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 0de772be..e081ffd5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: nextcloud/aio-fulltextsearch:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 5c922d36..2a53ffdb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-imaginary:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 496cfed1..f664091c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -80,6 +80,8 @@ spec: value: "{{ .Values.SERVERINFO_TOKEN }}" - name: NEXTCLOUD_DEFAULT_QUOTA value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}" + - name: NEXTCLOUD_SKELETON_DIRECTORY + value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}" - name: NEXTCLOUD_MAINTENANCE_WINDOW value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}" - name: ADDITIONAL_APKS @@ -180,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: nextcloud/aio-nextcloud:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250331_082515 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index b02d5d85..fb5412fe 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-notify-push:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 2a9db83a..483b6250 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-onlyoffice:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 439ab944..fc8eb5ed 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-redis:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-redis:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 755a2f6a..dc61ebd5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-talk:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 1967ff34..98f9e38c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-talk-recording:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 7d51f181..a319522a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: nextcloud/aio-whiteboard:20250325_084656 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250331_082515 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml index f0897240..5bd7e582 100755 --- a/nextcloud-aio-helm-chart/values.yaml +++ b/nextcloud-aio-helm-chart/values.yaml @@ -60,6 +60,7 @@ APPS_ALLOWLIST: # This allows to configure allowed apps that will be show ADDITIONAL_TRUSTED_PROXY: # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here. ADDITIONAL_TRUSTED_DOMAIN: # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it NEXTCLOUD_DEFAULT_QUOTA: "10 GB" # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited +NEXTCLOUD_SKELETON_DIRECTORY: # Allows to adjust the sekeleton dir for Nextcloud. Setting it to "empty" will set the value to an empty string "" which will turn off the setting for new users in Nextcloud. NEXTCLOUD_MAINTENANCE_WINDOW: # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values SMTP_HOST: # (empty by default): The hostname of the SMTP server. SMTP_SECURE: # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS. From 1a5efefd6258428f07bd60302dc90ff972f3e707 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 10:49:29 +0200 Subject: [PATCH 0194/1064] revert imagick commit hash Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 7383256b..ca56945d 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -14,7 +14,7 @@ ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! # Define the commit hash for imagick as a variable -ARG IMAGICK_COMMIT_HASH=ffa23eb0bc6796349dce12a984b3b70079e7bdd3 +ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58 COPY --chmod=775 *.sh / COPY --chmod=774 upgrade.exclude /upgrade.exclude From 242179f079232b99745e7b102643aad7a00fa8f2 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 10:58:22 +0200 Subject: [PATCH 0195/1064] alpine dockerfile: change tag to 3.21.2 and add dependabot Signed-off-by: Simon L. --- .github/dependabot.yml | 1 + Containers/alpine/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 38d4ad6d..0caaabfb 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -22,6 +22,7 @@ updates: - dependencies - package-ecosystem: "docker" directories: + - "/Containers/alpine" - "/Containers/apache" - "/Containers/borgbackup" - "/Containers/clamav" diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile index 48f2b46a..86948845 100644 --- a/Containers/alpine/Dockerfile +++ b/Containers/alpine/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21 +FROM alpine:3.21.2 RUN set -ex; \ apk upgrade --no-cache -a From 95491af7bd53955256dba7622abed51062623ae9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 09:00:37 +0000 Subject: [PATCH 0196/1064] build(deps): bump alpine from 3.21.2 to 3.21.3 in /Containers/alpine Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/alpine/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile index 86948845..b690b530 100644 --- a/Containers/alpine/Dockerfile +++ b/Containers/alpine/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21.2 +FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a From 496365e107d26c90d22afb407fee2fa3bac28e68 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 11:01:20 +0200 Subject: [PATCH 0197/1064] also use ghcr image for vaultwarden Signed-off-by: Simon L. --- community-containers/vaultwarden/vaultwarden.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/vaultwarden/vaultwarden.json b/community-containers/vaultwarden/vaultwarden.json index 15f2114d..b94996fc 100644 --- a/community-containers/vaultwarden/vaultwarden.json +++ b/community-containers/vaultwarden/vaultwarden.json @@ -4,7 +4,7 @@ "container_name": "nextcloud-aio-vaultwarden", "display_name": "Vaultwarden", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden", - "image": "vaultwarden/server", + "image": "ghcr.io/dani-garcia/vaultwarden", "image_tag": "alpine", "internal_port": "8812", "restart": "unless-stopped", From 631253ef71c7353586f79378b1fd116f0f4b1e68 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 11:03:43 +0200 Subject: [PATCH 0198/1064] fix detail Signed-off-by: Simon L. --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index aad4f935..1b83fe17 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -13,7 +13,7 @@ RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache bash ca-certificates tzdata -COPY --from=go /go/bin/watchtower /usr/local/bin/watchtower +COPY --from=go /go/bin/watchtower /watchtower COPY --chmod=775 start.sh /start.sh From c0835f49a975730e9042090032f0a4a4cd11da80 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 11:47:04 +0200 Subject: [PATCH 0199/1064] increase to 10.11.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 66ebb121..a92d1e08 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.10.0

    +

    Nextcloud AIO v10.11.0

    {# Add 2nd tab warning #} From d04d7c9fab979a4ffd1a5453d0a9803f188cd64f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 31 Mar 2025 12:03:03 +0000 Subject: [PATCH 0200/1064] imaginary-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index cb6dbbe5..70c21702 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM golang:1.24.1-alpine3.21 AS go -ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 +ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 RUN set -ex; \ apk upgrade --no-cache -a; \ From ae5f4b7999e4b8ca596e22218b7e9a805cfafd59 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 14:37:14 +0200 Subject: [PATCH 0201/1064] collabora: fix permissions for /etc/coolwsd/coolwsd.xml file Signed-off-by: Simon L. --- Containers/collabora/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index d9c487a4..c6b65ff8 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -14,7 +14,9 @@ RUN set -ex; \ # # tzdata \ netcat-openbsd \ ; \ - rm -rf /var/lib/apt/lists/*; + rm -rf /var/lib/apt/lists/*; \ +# Fix permissions for coolwsd.xml file. See https://github.com/CollaboraOnline/online/issues/11345 + chmod +r /etc/coolwsd/coolwsd.xml COPY --chmod=775 healthcheck.sh /healthcheck.sh From d501b7cfcbe07ba627adca571a2541a572f09ff8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 14:42:41 +0200 Subject: [PATCH 0202/1064] fix detail in update helm script Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index e9e8a476..7bf6d48a 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -72,7 +72,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio cat << EOL > /tmp/initcontainers initContainers: - name: init-volumes - image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG" + image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG" command: - chmod - "777" @@ -81,7 +81,7 @@ EOL cat << EOL > /tmp/initcontainers.database initContainers: - name: init-subpath - image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG" + image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG" command: - mkdir - "-p" @@ -94,7 +94,7 @@ EOL cat << EOL > /tmp/initcontainers.clamav initContainers: - name: init-subpath - image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG" + image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG" command: - mkdir - "-p" @@ -108,7 +108,7 @@ cat << EOL > /tmp/initcontainers.nextcloud # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: "ghcr.io/nextcloud-releases/alpine:$DOCKER_TAG" + image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG" command: - chmod - "777" From f0fd6bb44599715aedbd795937197d1efeb2aceb Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 15:11:03 +0200 Subject: [PATCH 0203/1064] collabora: fix permissions correctly Signed-off-by: Simon L. --- Containers/collabora/Dockerfile | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index c6b65ff8..26e9aa97 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker +# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile FROM collabora/code:24.04.13.2.1 USER root @@ -10,17 +10,13 @@ RUN set -ex; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ -# # Disable because seems to be failing currently -# # tzdata \ netcat-openbsd \ ; \ - rm -rf /var/lib/apt/lists/*; \ -# Fix permissions for coolwsd.xml file. See https://github.com/CollaboraOnline/online/issues/11345 - chmod +r /etc/coolwsd/coolwsd.xml + rm -rf /var/lib/apt/lists/*; COPY --chmod=775 healthcheck.sh /healthcheck.sh -USER 100 +USER 1001 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" From c01148811109daa5e139229830c3348cfb45842e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 31 Mar 2025 16:02:30 +0200 Subject: [PATCH 0204/1064] mastercontainer: remove check for nextcloud.com as we check for ghcr.io instead Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index dff289d3..f361cdcc 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -272,17 +272,6 @@ It is set to '$AIO_COMMUNITY_CONTAINERS'." fi fi -# Check DNS resolution -# Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565 -curl https://nextcloud.com &>/dev/null -if [ "$?" = 6 ]; then - print_red "Could not resolve the host nextcloud.com." - echo "Most likely the DNS resolving does not work." - echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html" - echo "Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065" - exit 1 -fi - # Check if ghcr.io is reachable # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268 if ! curl https://ghcr.io &>/dev/null; then From 3dd5407301464e447cf9f39516de1d7408cd2152 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 1 Apr 2025 22:25:34 +0200 Subject: [PATCH 0205/1064] mastercontainer: improve check for ghcr.io Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index dff289d3..0c815464 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -285,10 +285,11 @@ fi # Check if ghcr.io is reachable # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268 -if ! curl https://ghcr.io &>/dev/null; then +if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then print_red "Could not reach https://ghcr.io." echo "Most likely is something blocking access to it." - echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install" + echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html" + echo "Another solution is using https://github.com/nextcloud/all-in-one/tree/main/manual-install" exit 1 fi From 855a1d00dca20f463832ed541d1fce438e783a81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Apr 2025 04:38:53 +0000 Subject: [PATCH 0206/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.24.1-alpine3.21 to 1.24.2-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 70c21702..08b03bd7 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.1-alpine3.21 AS go +FROM golang:1.24.2-alpine3.21 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From df402362179eade787248bafe6ed6f16f0cf8538 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Apr 2025 04:39:41 +0000 Subject: [PATCH 0207/1064] build(deps): bump golang in /Containers/watchtower Bumps golang from 1.24.1-alpine3.21 to 1.24.2-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 1b83fe17..2f204010 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.1-alpine3.21 AS go +FROM golang:1.24.2-alpine3.21 AS go RUN set -ex; \ apk upgrade --no-cache -a; \ From 6dac9179368260afb99a522b70059b31590f5780 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 3 Apr 2025 11:09:06 +0200 Subject: [PATCH 0208/1064] libretranslate-cc: add warning that it is deprecated Signed-off-by: Simon L. --- community-containers/libretranslate/readme.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/community-containers/libretranslate/readme.md b/community-containers/libretranslate/readme.md index ffab72ab..f9893f34 100644 --- a/community-containers/libretranslate/readme.md +++ b/community-containers/libretranslate/readme.md @@ -1,6 +1,11 @@ ## LibreTranslate This container bundles LibreTranslate and auto-configures it for you. +> [!WARNING] +> The LibreTranslate container and app is deprecated! +> Please use the [translate2 app](https://apps.nextcloud.com/apps/translate2) instead. +> You can activate it by first enabling the Docker-Socket-Proxy in the AIO-interface and then heading over to `https://your-nc-domain.com/settings/apps/tools` and installing and enabling the `Local Machine Translation` app. + ### Notes - After the initial startup is done, you might want to change the default language to translate from and to via: ```bash From a5c44aae9a7c718d80d6afb0f25f97f44f110d59 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 7 Apr 2025 19:07:34 +0200 Subject: [PATCH 0209/1064] rp-docs: fix apache config Signed-off-by: Simon L. --- reverse-proxy.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 5835b283..f3c11cfb 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -139,7 +139,8 @@ Add this as a new Apache site config: RequestHeader set X-Real-IP %{REMOTE_ADDR}s AllowEncodedSlashes NoDecode - ProxyPass / http://localhost:11000/ nocanon # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below + # Adjust the value below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below + ProxyPass / http://localhost:11000/ nocanon ProxyPassReverse / http://localhost:11000/ # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below RewriteCond %{HTTP:Upgrade} websocket [NC] From 3345e9a357347eb305c8e4a90cd28e89e206f367 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 7 Apr 2025 19:24:06 +0200 Subject: [PATCH 0210/1064] rp-docs-apache: adjust comment Signed-off-by: Simon L. --- reverse-proxy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index f3c11cfb..ea9ac15a 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -139,9 +139,9 @@ Add this as a new Apache site config: RequestHeader set X-Real-IP %{REMOTE_ADDR}s AllowEncodedSlashes NoDecode - # Adjust the value below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below + # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below ProxyPass / http://localhost:11000/ nocanon - ProxyPassReverse / http://localhost:11000/ # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below + ProxyPassReverse / http://localhost:11000/ RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] From 4eed6b6f384cde5faa6371ffa4be2d1398e3b422 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 8 Apr 2025 08:20:51 +0000 Subject: [PATCH 0211/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 8fd3a53d..2ba246ce 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.10.0 +version: 10.11.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index ea4393f7..53439546 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-apache:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 9c55ce9d..f06a63ce 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: "alpine:3.20" + image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-clamav:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 4a904d2a..25061be0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-collabora:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index cf138dd0..92eb8d4a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: "alpine:3.20" + image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index e081ffd5..5a72365b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: "alpine:3.20" + image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 2a53ffdb..b5955c9f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index f664091c..459dd03e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: "alpine:3.20" + image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" command: - chmod - "777" @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250408_081359 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index fb5412fe..6cca990d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 483b6250..f7599ca9 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: "alpine:3.20" + image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index fc8eb5ed..57db6a8c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-redis:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index dc61ebd5..5b56aec0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-talk:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 98f9e38c..dc43a31b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250408_081359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index a319522a..a86d8f63 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250331_082515 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250408_081359 readinessProbe: exec: command: From 7ce74e36e661a55b9138a7435d1e59a3fdada2e9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 8 Apr 2025 10:30:33 +0200 Subject: [PATCH 0212/1064] fix detail with new aio-alpine syntax Signed-off-by: Simon L. --- .../templates/nextcloud-aio-clamav-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 2 +- .../nextcloud-aio-fulltextsearch-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 2 +- nextcloud-aio-helm-chart/update-helm.sh | 8 ++++---- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index f06a63ce..064d1a57 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" + image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 command: - mkdir - "-p" diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 92eb8d4a..1321b9cd 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" + image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 command: - mkdir - "-p" diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 5a72365b..b877358e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" + image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 command: - chmod - "777" diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 459dd03e..793f3be3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" + image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 command: - chmod - "777" diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index f7599ca9..20d0d426 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: "ghcr.io/nextcloud-releases/aio-alpine:20250408_081359" + image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 command: - chmod - "777" diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 7bf6d48a..b7da966f 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -72,7 +72,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio cat << EOL > /tmp/initcontainers initContainers: - name: init-volumes - image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG" + image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG command: - chmod - "777" @@ -81,7 +81,7 @@ EOL cat << EOL > /tmp/initcontainers.database initContainers: - name: init-subpath - image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG" + image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG command: - mkdir - "-p" @@ -94,7 +94,7 @@ EOL cat << EOL > /tmp/initcontainers.clamav initContainers: - name: init-subpath - image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG" + image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG command: - mkdir - "-p" @@ -108,7 +108,7 @@ cat << EOL > /tmp/initcontainers.nextcloud # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG" + image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG command: - chmod - "777" From 25c31323c647c0d05127258aadb91cbe6b58dd56 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 8 Apr 2025 12:03:09 +0000 Subject: [PATCH 0213/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 8df472da..7e683c8b 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -2210,26 +2210,29 @@ }, { "name": "doctrine/deprecations", - "version": "1.1.4", + "version": "1.1.5", "source": { "type": "git", "url": "https://github.com/doctrine/deprecations.git", - "reference": "31610dbb31faa98e6b5447b62340826f54fbc4e9" + "reference": "459c2f5dd3d6a4633d3b5f46ee2b1c40f57d3f38" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/deprecations/zipball/31610dbb31faa98e6b5447b62340826f54fbc4e9", - "reference": "31610dbb31faa98e6b5447b62340826f54fbc4e9", + "url": "https://api.github.com/repos/doctrine/deprecations/zipball/459c2f5dd3d6a4633d3b5f46ee2b1c40f57d3f38", + "reference": "459c2f5dd3d6a4633d3b5f46ee2b1c40f57d3f38", "shasum": "" }, "require": { "php": "^7.1 || ^8.0" }, + "conflict": { + "phpunit/phpunit": "<=7.5 || >=13" + }, "require-dev": { - "doctrine/coding-standard": "^9 || ^12", - "phpstan/phpstan": "1.4.10 || 2.0.3", + "doctrine/coding-standard": "^9 || ^12 || ^13", + "phpstan/phpstan": "1.4.10 || 2.1.11", "phpstan/phpstan-phpunit": "^1.0 || ^2", - "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5", + "phpunit/phpunit": "^7.5 || ^8.5 || ^9.6 || ^10.5 || ^11.5 || ^12", "psr/log": "^1 || ^2 || ^3" }, "suggest": { @@ -2249,9 +2252,9 @@ "homepage": "https://www.doctrine-project.org/", "support": { "issues": "https://github.com/doctrine/deprecations/issues", - "source": "https://github.com/doctrine/deprecations/tree/1.1.4" + "source": "https://github.com/doctrine/deprecations/tree/1.1.5" }, - "time": "2024-12-07T21:18:45+00:00" + "time": "2025-04-07T20:06:18+00:00" }, { "name": "felixfbecker/advanced-json-rpc", From 9d9ef6e4b8ceb58d2d27a4340b2fe1f4ad62ecfa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Apr 2025 05:00:12 +0000 Subject: [PATCH 0214/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.0-scratch to 2.11.1-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.1-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 00d2153f..ce2b545b 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.0-scratch AS nats +FROM nats:2.11.1-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.3 AS janus From 72fe74da71e772d4164d205e1f1fcb08fcc7d7ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Apr 2025 12:57:07 +0000 Subject: [PATCH 0215/1064] build(deps): bump softprops/turnstyle in /.github/workflows Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/softprops/turnstyle/releases) - [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/turnstyle/compare/25dcee5c3fcb84375f3a3f93a3c97ed0d42cfcdc...f9f8ef3f634144b126a09ea5b3bfe51ddebc700f) --- updated-dependencies: - dependency-name: softprops/turnstyle dependency-version: 2.3.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 28946230..13a69609 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v4 - name: Turnstyle - uses: softprops/turnstyle@25dcee5c3fcb84375f3a3f93a3c97ed0d42cfcdc # v2 + uses: softprops/turnstyle@f9f8ef3f634144b126a09ea5b3bfe51ddebc700f # v2 with: continue-after-seconds: 180 env: From b82943046d29941d9e47bf6f2dd5e304f114637c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 9 Apr 2025 16:32:15 +0200 Subject: [PATCH 0216/1064] daily-backup.sh: connect mastercontainer to nextcloud-aio network Signed-off-by: Simon L. --- Containers/mastercontainer/daily-backup.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index 56302c80..13c0ad85 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -20,6 +20,11 @@ APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | if [ -z "$APACHE_PORT" ]; then echo "APACHE_PORT is not set which is not expected..." else + # Connect mastercontainer to nextcloud-aio network to make sure that nextcloud-aio-apache is reachable + # Prevent issues like https://github.com/nextcloud/all-in-one/discussions/5222 + docker network connect nextcloud-aio nextcloud-aio-mastercontainer &>/dev/null + + # Wait for apache to start while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do echo "Waiting for apache to become available" sleep 30 From b05d22aa8101696a26fd75799c96d8823a69463e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Apr 2025 05:08:57 +0000 Subject: [PATCH 0217/1064] build(deps): bump python in /Containers/talk-recording Bumps python from 3.13.2-alpine3.21 to 3.13.3-alpine3.21. --- updated-dependencies: - dependency-name: python dependency-version: 3.13.3-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk-recording/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index bc971ab4..bfdc1f59 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.13.2-alpine3.21 +FROM python:3.13.3-alpine3.21 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 71b932e910a0e55dd258a8a5dd3e6863ce4f2abb Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 10 Apr 2025 12:45:18 +0200 Subject: [PATCH 0218/1064] aio-interface: daily-backup: remove the pre-filled value Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index a92d1e08..4d20ef7a 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -509,7 +509,7 @@ {% if daily_backup_time == "" %}

    By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. 04:00 will create backups at 4 am UTC and 16:00 at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.

    - +
    From 417af36b5ff11f8b5610febad44450c9d6099cec Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 10 Apr 2025 13:18:16 +0200 Subject: [PATCH 0219/1064] aio-interface: describe that the submit button needs to be pressed in a few places Signed-off-by: Simon L. --- php/templates/containers.twig | 14 +++++++------- php/templates/includes/optional-containers.twig | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 4d20ef7a..7dc7308a 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -101,7 +101,7 @@ {% else %}

    AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.

    {% endif %} -

    Please type the domain that will be used for Nextcloud.

    +

    Please type in the domain that will be used for Nextcloud and submit it.

    {% if skip_domain_validation == true %}

    Please note: The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!

    {% endif %} @@ -192,7 +192,7 @@

    Please enter the location of the backup archive on your host or a remote borg repo url - if stored remotely; and the encryption password of the backup archive below: + if stored remotely; and the encryption password of the backup archive below and submit all values:


    @@ -364,10 +364,10 @@ {% else %} {% if is_backup_container_running == false and not hasBackupLocation and isApacheStarting != true %}

    Backup and restore

    -

    Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.

    +

    Please enter the directory path below where backups will be created on the host system and submit it. It's best to choose a location on a separate drive and not on your root drive.

    To store backups remotely instead, fill in the - remote borg repo url. + remote borg repo url and submit it.


    @@ -507,7 +507,7 @@

    Daily backup and automatic updates

    {% if daily_backup_time == "" %} -

    By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. 04:00 will create backups at 4 am UTC and 16:00 at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.

    +

    By entering a time below and submitting it, you can enable daily backups. It will create them at the entered time in 24h format. E.g. 04:00 will create backups at 4 am UTC and 16:00 at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.

    @@ -531,7 +531,7 @@ {% endif %}

    Back up additional directories and docker volumes of your host

    -

    Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive.

    +

    Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive. Make sure to press the submit button after changing anything.

    @@ -584,7 +584,7 @@ {% else %} {% if timezone == "" %}

    To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.

    -

    You can configure the timezone for Nextcloud below:

    +

    You can configure the timezone for Nextcloud below (Do not forget to submit the value!):

    diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 16fef91f..f206a602 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -184,7 +184,7 @@ {% if collabora_additional_options == "" %}

    You can configure additional options for collabora below.

    -

    (This can be used for configuring the net.content_security_policy and more)

    +

    (This can be used for configuring the net.content_security_policy and more. Make sure to submit the value!)

    From ae0077818080944b302455e344254a501dbe7705 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 10 Apr 2025 13:44:20 +0200 Subject: [PATCH 0220/1064] aio-interface: improve description of daily-backup buttons Signed-off-by: Simon L. --- php/templates/containers.twig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 7dc7308a..95ce7976 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -512,7 +512,7 @@ -
    +

    @@ -526,7 +526,7 @@ - + {% endif %} From 9550135e3ad00cc515dd163449edf6bb8e1789bb Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 11 Apr 2025 11:07:20 +0200 Subject: [PATCH 0221/1064] nextcloud: update to 30.0.9 Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index ca56945d..2b50b4de 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=30.0.8 +ENV NEXTCLOUD_VERSION=30.0.9 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From cc0ff393577d634b6d08c00b9676315c1892f5a6 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 11 Apr 2025 11:14:10 +0200 Subject: [PATCH 0222/1064] increase to 10.12.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 95ce7976..f0926812 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.11.0

    +

    Nextcloud AIO v10.12.0

    {# Add 2nd tab warning #} From 9f5710917d3cdc822333f19854b23f8921b4f4eb Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 11 Apr 2025 12:50:07 +0200 Subject: [PATCH 0223/1064] restore-instance test: try to fix timeout problem Signed-off-by: Simon L. --- php/tests/tests/restore-instance.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js index 189acd0e..217218e5 100644 --- a/php/tests/tests/restore-instance.spec.js +++ b/php/tests/tests/restore-instance.spec.js @@ -60,7 +60,7 @@ test('Restore instance', async ({ page: setupPage }) => { await containersPage.getByRole('button', { name: 'Check backup integrity' }).click(); await expect(containersPage.getByRole('main')).toContainText('Last check successful!', { timeout: 5 * 60 * 1000 }); await containersPage.getByRole('button', { name: 'Restore selected backup' }).click(); - await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:'); + await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 1 * 60 * 1000 }); // Verify a successful backup restore await expect(containersPage.getByRole('main')).toContainText('Last restore successful!', { timeout: 3 * 60 * 1000 }); From 0a5fecad4b97a32d3a7249b48ab3aa1e49f6428d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 04:27:02 +0000 Subject: [PATCH 0224/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.13.2.1 to 24.04.13.3.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 24.04.13.3.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 26e9aa97..098e2cd5 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:24.04.13.2.1 +FROM collabora/code:24.04.13.3.1 USER root ARG DEBIAN_FRONTEND=noninteractive From d55b13f9746b283c432315ee07cd1e46a7a0ca68 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 04:27:32 +0000 Subject: [PATCH 0225/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.3.19-fpm-alpine3.21 to 8.3.20-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.20-fpm-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 394359b7..c387b6e3 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:28.0.4-cli AS docker FROM caddy:2.9.1-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile -FROM php:8.3.19-fpm-alpine3.21 +FROM php:8.3.20-fpm-alpine3.21 EXPOSE 80 EXPOSE 8080 From 0508331fb4a177e97bfc8a1ace1c2b1823281ead Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 04:27:47 +0000 Subject: [PATCH 0226/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.19-fpm-alpine3.21 to 8.3.20-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.20-fpm-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 2b50b4de..f2334407 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.19-fpm-alpine3.21 +FROM php:8.3.20-fpm-alpine3.21 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From 3146735cc09bf4c2667633c5eb04b89dc7e627a8 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 14 Apr 2025 12:03:23 +0000 Subject: [PATCH 0227/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 7e683c8b..e4f08795 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -2580,16 +2580,16 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "5.6.1", + "version": "5.6.2", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8" + "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8", - "reference": "e5e784149a09bd69d9a5e3b01c5cbd2e2bd653d8", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/92dde6a5919e34835c506ac8c523ef095a95ed62", + "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62", "shasum": "" }, "require": { @@ -2638,9 +2638,9 @@ "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "support": { "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues", - "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.1" + "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.2" }, - "time": "2024-12-07T09:39:29+00:00" + "time": "2025-04-13T19:20:35+00:00" }, { "name": "phpdocumentor/type-resolver", From 0c76d14fcb92c7a904e3412a8ddeecf9d3ff3234 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 15 Apr 2025 14:56:16 +0200 Subject: [PATCH 0228/1064] DockerActionManager: fix Nextcloud is oudated notification Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 71242d92..16f28e52 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -1030,8 +1030,8 @@ readonly class DockerActionManager { return false; } - private function GetCreatedTimeOfNextcloudImage(): ?string { - $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel(); + private function GetCreatedTimeOfNextcloudImage(string $imageName): ?string { + $imageName = $imageName . ':' . $this->GetCurrentChannel(); try { $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName)); $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true); @@ -1052,7 +1052,11 @@ readonly class DockerActionManager { } public function isNextcloudImageOutdated(): bool { - $createdTime = $this->GetCreatedTimeOfNextcloudImage(); + $createdTime = $this->GetCreatedTimeOfNextcloudImage('ghcr.io/nextcloud-releases/aio-nextcloud'); + + if ($createdTime === null) { + $createdTime = $this->GetCreatedTimeOfNextcloudImage('nextcloud/aio-nextcloud'); + } if ($createdTime === null) { return false; From 0ec6fd111751c33c2bdbc349f114ec07056b8ef9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Apr 2025 13:13:35 +0000 Subject: [PATCH 0229/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.32.0 to 2.33.0. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/9e72090525849c5e82e596468b86eb55e9cc5401...cf4cade2721270509d5b1c766ab3549210a39a2a) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.33.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 017828d6..8805c146 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v4 - - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 + - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 9f17d7fa..5dc44824 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 + uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index 50e57bc3..9a0995b1 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 + uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 9e77421c..086bc036 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 + uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index a4a5cfdf..f653f81c 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 + uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: php-version: 8.3 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 7f0d3671..4f55c0e0 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 + uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: php-version: 8.3 extensions: apcu From a47be369e9fec58e1146b877a38a5d6fccebae4a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 16 Apr 2025 11:49:21 +0200 Subject: [PATCH 0230/1064] borgbackup: always use the progress option when creating an archive Signed-off-by: Simon L. --- Containers/borgbackup/backupscript.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh index 602ec586..d680071e 100644 --- a/Containers/borgbackup/backupscript.sh +++ b/Containers/borgbackup/backupscript.sh @@ -185,10 +185,7 @@ if [ "$BORG_MODE" = backup ]; then # Borg options # auto,zstd compression seems to has the best ratio based on: # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6 - BORG_OPTS=(-v --stats --compression "auto,zstd") - if [ "$NEW_REPOSITORY" = 1 ]; then - BORG_OPTS+=(--progress) - fi + BORG_OPTS=(-v --stats --compression "auto,zstd" --progress) # Exclude the nextcloud log and audit log for GDPR reasons BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/lost+found") From 1c4fa05601e9c0d586149c3c7c8a739e22640462 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 16 Apr 2025 13:43:21 +0200 Subject: [PATCH 0231/1064] Update update-helm.sh: remove some default Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index b7da966f..01c07bad 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -303,7 +303,7 @@ cat << EOL > /tmp/additional.config - name: NEXTCLOUD_DEFAULT_QUOTA value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}" - name: NEXTCLOUD_SKELETON_DIRECTORY - value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}" + value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}" - name: NEXTCLOUD_MAINTENANCE_WINDOW value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}" EOL From 5b5f49b00bb2a69174962e083d2cc3a3ecacab9e Mon Sep 17 00:00:00 2001 From: Andrey Borysenko Date: Wed, 16 Apr 2025 16:58:02 +0300 Subject: [PATCH 0232/1064] feat: add image inspect rule Signed-off-by: Andrey Borysenko --- Containers/docker-socket-proxy/haproxy.cfg | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg index defccda5..ba0eb75c 100644 --- a/Containers/docker-socket-proxy/haproxy.cfg +++ b/Containers/docker-socket-proxy/haproxy.cfg @@ -14,6 +14,8 @@ frontend http http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER } # docker system _ping http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET + # docker inspect image: GET images/%s/json + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/.*/json } METH_GET # container inspect: GET containers/%s/json http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET # container inspect: GET containers/%s/logs From 7b60313eaaef9562c6f0056d048b3a2e182a912a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 17 Apr 2025 04:42:14 +0000 Subject: [PATCH 0233/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.17.4 to 8.18.0. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.18.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 2299f0f5..48a764f5 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.17.4 +FROM elasticsearch:8.18.0 USER root From ed0365c5977041f8f317f57cef4975f5cb0a1e35 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 17 Apr 2025 10:29:18 +0200 Subject: [PATCH 0234/1064] update OO Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index ef21bb22..b7da779e 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:8.3.2.1 +FROM onlyoffice/documentserver:8.3.3.1 # USER root is probably used From f4b5dbe005b1a26fb4541035845bf7e05261ad4e Mon Sep 17 00:00:00 2001 From: Bastian Derigs <155444921+derigs@users.noreply.github.com> Date: Thu, 17 Apr 2025 10:33:04 +0200 Subject: [PATCH 0235/1064] Update haproxy.cfg Due to some testing its possible to install the agent via occ and the frontend by setting this on 60s. Lower values didn't work in my testing. Signed-off-by: Bastian Derigs <155444921+derigs@users.noreply.github.com> --- Containers/docker-socket-proxy/haproxy.cfg | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg index defccda5..5ee17751 100644 --- a/Containers/docker-socket-proxy/haproxy.cfg +++ b/Containers/docker-socket-proxy/haproxy.cfg @@ -4,9 +4,9 @@ global maxconn 10 defaults - timeout connect 10s - timeout client 10s - timeout server 10s + timeout connect 60s + timeout client 60s + timeout server 60s frontend http mode http From 73197960c3650cbf2db9d29d808b5668802da906 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 17 Apr 2025 10:45:08 +0200 Subject: [PATCH 0236/1064] nextcloud: update imagick to 3.8.0 and revert imagick workaround Signed-off-by: Simon L. --- .github/workflows/nextcloud-update.yml | 6 ------ Containers/nextcloud/Dockerfile | 18 +----------------- 2 files changed, 1 insertion(+), 23 deletions(-) diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index 914a4435..96ecef69 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -60,12 +60,6 @@ jobs: )" sed -i "s|\(pecl install[^;]*imagick-\)[0-9.]*|\1$imagick_version|" ./Containers/nextcloud/Dockerfile - # Imagick git-commit-hash from HEAD - imagick_commit_hash="$( - git ls-remote https://github.com/imagick/imagick.git HEAD | awk '{print $1}' - )" - sed -i "s/\(ARG IMAGICK_COMMIT_HASH=\)[a-fA-F0-9]*$/\1$imagick_commit_hash/" ./Containers/nextcloud/Dockerfile - # Igbinary igbinary_version="$( git ls-remote --tags https://github.com/igbinary/igbinary.git \ diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 2b50b4de..8a1ec4ce 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -13,9 +13,6 @@ ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! -# Define the commit hash for imagick as a variable -ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58 - COPY --chmod=775 *.sh / COPY --chmod=774 upgrade.exclude /upgrade.exclude COPY config/*.php / @@ -85,20 +82,7 @@ RUN set -ex; \ pecl install APCu-5.1.24; \ pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \ pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \ -# pecl install -o imagick-3.7.0; \ -# Begin workaround -> -# The master version on the imagick repository is compatible with PHP 8.3. However, the PECL version is not updated yet. -# As soon as it will get updated, we can switch back to the PECL version, instead of having this workaround. - apk add --no-cache --virtual .git-build-deps git \ - && git clone https://github.com/imagick/imagick.git --depth 1 /tmp/imagick \ - && cd /tmp/imagick \ - && git fetch --depth 1 origin ${IMAGICK_COMMIT_HASH} \ - && git checkout ${IMAGICK_COMMIT_HASH} \ - && sed -i "s/@PACKAGE_VERSION@/git-${IMAGICK_COMMIT_HASH:0:7}/" php_imagick.h \ - && phpize && ./configure && make && make install; \ - apk del .git-build-deps; \ - cd && rm -r /tmp/imagick; \ -# <- End workaround + pecl install -o imagick-3.8.0; \ \ docker-php-ext-enable \ igbinary \ From 3f1c2384b786a8cffec44362a0112defe7030bc5 Mon Sep 17 00:00:00 2001 From: Bastian Derigs <155444921+derigs@users.noreply.github.com> Date: Thu, 17 Apr 2025 10:49:38 +0200 Subject: [PATCH 0237/1064] Update haproxy.cfg And since i forgott the 1800 and went with 30, 30, 30 here now the correct values. Signed-off-by: Bastian Derigs <155444921+derigs@users.noreply.github.com> --- Containers/docker-socket-proxy/haproxy.cfg | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Containers/docker-socket-proxy/haproxy.cfg b/Containers/docker-socket-proxy/haproxy.cfg index 5ee17751..1153a886 100644 --- a/Containers/docker-socket-proxy/haproxy.cfg +++ b/Containers/docker-socket-proxy/haproxy.cfg @@ -4,9 +4,9 @@ global maxconn 10 defaults - timeout connect 60s - timeout client 60s - timeout server 60s + timeout connect 30s + timeout client 30s + timeout server 1800s frontend http mode http From a68223265f577411f9599a34db4c779e9b7b706e Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 17 Apr 2025 08:54:49 +0000 Subject: [PATCH 0238/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 20 insertions(+), 20 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 2ba246ce..2ec3e7fa 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.11.0 +version: 10.12.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 53439546..b13ce4ed 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-apache:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 064d1a57..f4a40e78 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-clamav:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 25061be0..84c6683b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-collabora:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 1321b9cd..def1b838 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index b877358e..88966772 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index b5955c9f..505527af 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 793f3be3..e6b1ea7a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 command: - chmod - "777" @@ -81,7 +81,7 @@ spec: - name: NEXTCLOUD_DEFAULT_QUOTA value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}" - name: NEXTCLOUD_SKELETON_DIRECTORY - value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}" + value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}" - name: NEXTCLOUD_MAINTENANCE_WINDOW value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}" - name: ADDITIONAL_APKS @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250417_082355 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 6cca990d..fe83c87a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 20d0d426..d7c7aca1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 57db6a8c..5b17216d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-redis:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 5b56aec0..6b612f09 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-talk:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index dc43a31b..b7d3430c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250417_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index a86d8f63..65ae1958 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250408_081359 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250417_082355 readinessProbe: exec: command: From c8c150e4cdf853bba871ab54c694d3a12fe918e1 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 17 Apr 2025 11:58:51 +0200 Subject: [PATCH 0239/1064] nextcloud: update to 30.0.10 Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index b01b1cbe..540c4e00 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=30.0.9 +ENV NEXTCLOUD_VERSION=30.0.10 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 0fc19bb19bc52a6188331700f1502085b5383aec Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 17 Apr 2025 17:31:00 +0200 Subject: [PATCH 0240/1064] increase to 10.13.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index f0926812..c3884fa3 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.12.0

    +

    Nextcloud AIO v10.13.0

    {# Add 2nd tab warning #} From bd0ab4c9cc162fb6b84354f0a415b756805092dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Apr 2025 04:35:05 +0000 Subject: [PATCH 0241/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.1.6-alpine to 3.1.7-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.1.7-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index a01a7485..1480d292 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.1.6-alpine +FROM haproxy:3.1.7-alpine # hadolint ignore=DL3002 USER root From 4616ea8cbd31ca2ecb0055195c04504253272fa7 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 18 Apr 2025 14:04:45 +0200 Subject: [PATCH 0242/1064] Update dependency-updates.yml Signed-off-by: Simon L. --- .github/workflows/dependency-updates.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 8805c146..4fc8083f 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -8,7 +8,7 @@ on: jobs: dependency_updates: name: Run dependency update script - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 From 44ca709ac0e6c2179e2c753f5eee95ce9de98011 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Apr 2025 06:00:28 +0000 Subject: [PATCH 0243/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.0.4-cli to 28.1.1-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.1.1-cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index c387b6e3..d6e614d4 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.0.4-cli AS docker +FROM docker:28.1.1-cli AS docker # Caddy is a requirement FROM caddy:2.9.1-alpine AS caddy From 62878cc6943b18971cacf722c4572f8254f2cd93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Apr 2025 04:25:43 +0000 Subject: [PATCH 0244/1064] build(deps): bump caddy in /Containers/apache Bumps caddy from 2.9.1-alpine to 2.10.0-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.10.0-alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/apache/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index 1f866552..aeb3b12d 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM caddy:2.9.1-alpine AS caddy +FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile FROM httpd:2.4.63-alpine3.21 From bc6d37b629dadd63268d8e1e4e936d168746f0ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Apr 2025 04:26:05 +0000 Subject: [PATCH 0245/1064] build(deps): bump caddy in /Containers/mastercontainer Bumps caddy from 2.9.1-alpine to 2.10.0-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.10.0-alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index c387b6e3..72b1dc58 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -3,7 +3,7 @@ FROM docker:28.0.4-cli AS docker # Caddy is a requirement -FROM caddy:2.9.1-alpine AS caddy +FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile FROM php:8.3.20-fpm-alpine3.21 From 2219994176bdcbaeae4cf839b665b9b423bc92f8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 22 Apr 2025 10:17:11 +0200 Subject: [PATCH 0246/1064] aio-interface: adjust addtional collabora options example Signed-off-by: Simon L. --- php/templates/includes/optional-containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index f206a602..53315b1c 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -191,7 +191,7 @@ -

    You need to make sure that the options that you enter are valid. An example is --o:net.content_security_policy="frame-ancestors *.example.com:*;".

    +

    You need to make sure that the options that you enter are valid. An example is --o:net.content_security_policy=frame-ancestors *.example.com:*;.

    {% else %}

    The additioinal options for Collabora are currently set to {{ collabora_additional_options }}. You can reset them again by clicking on the button below.

    From 4862342476a78ea809168d36f9a25b140b6adfdc Mon Sep 17 00:00:00 2001 From: Ben Iofel <1713819+benwaffle@users.noreply.github.com> Date: Wed, 23 Apr 2025 00:59:02 -0400 Subject: [PATCH 0247/1064] Fix typo Signed-off-by: Ben Iofel <1713819+benwaffle@users.noreply.github.com> --- php/templates/includes/aio-config.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/includes/aio-config.twig b/php/templates/includes/aio-config.twig index 981d7997..fbb70230 100644 --- a/php/templates/includes/aio-config.twig +++ b/php/templates/includes/aio-config.twig @@ -16,7 +16,7 @@

    {% if nextcloud_mount == '' %} - The Nextcloud container is confied and local external storage in Nextcloud is disabled. + The Nextcloud container is confined and local external storage in Nextcloud is disabled. {% else %} The Nextcloud container is getting access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled. {% endif %} From 7a92c00bacba5ba1721d51e38091b132a3d9cc91 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 24 Apr 2025 09:33:45 +0000 Subject: [PATCH 0248/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 2ec3e7fa..f0ce6c79 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.12.0 +version: 10.13.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index b13ce4ed..caadb3bb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-apache:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index f4a40e78..a4da3bf9 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-clamav:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 84c6683b..c3711fa7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-collabora:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index def1b838..43263de6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 88966772..b0d04339 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 505527af..384d5b05 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index e6b1ea7a..d0f05f04 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 command: - chmod - "777" @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250424_092733 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index fe83c87a..fcd5618e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index d7c7aca1..c2a3c1be 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 5b17216d..51141e1d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-redis:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 6b612f09..16d52411 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-talk:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index b7d3430c..57515214 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250424_092733 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 65ae1958..d5be0d85 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250417_082355 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250424_092733 readinessProbe: exec: command: From 42c34ca18914dfdcc143f04aa6423c72407d11ae Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 24 Apr 2025 12:03:15 +0000 Subject: [PATCH 0249/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index e4f08795..8f8341f8 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -557,16 +557,16 @@ }, { "name": "php-di/php-di", - "version": "7.0.9", + "version": "7.0.10", "source": { "type": "git", "url": "https://github.com/PHP-DI/PHP-DI.git", - "reference": "d8480267f5cf239650debba704f3ecd15b638cde" + "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/d8480267f5cf239650debba704f3ecd15b638cde", - "reference": "d8480267f5cf239650debba704f3ecd15b638cde", + "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/0d1ed64126577e9a095b3204dcaee58cf76432c2", + "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2", "shasum": "" }, "require": { @@ -582,7 +582,7 @@ "friendsofphp/php-cs-fixer": "^3", "friendsofphp/proxy-manager-lts": "^1", "mnapoli/phpunit-easymock": "^1.3", - "phpunit/phpunit": "^9.6", + "phpunit/phpunit": "^9.6 || ^10 || ^11", "vimeo/psalm": "^5|^6" }, "suggest": { @@ -614,7 +614,7 @@ ], "support": { "issues": "https://github.com/PHP-DI/PHP-DI/issues", - "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.9" + "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.10" }, "funding": [ { @@ -626,7 +626,7 @@ "type": "tidelift" } ], - "time": "2025-02-28T12:46:35+00:00" + "time": "2025-04-22T08:53:15+00:00" }, { "name": "php-di/slim-bridge", From 6bf219de2587759335ecbbe66ac43be1b3d028e8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 24 Apr 2025 15:02:06 +0200 Subject: [PATCH 0250/1064] nextcloud: restart netcat once a day to ensure that it stays reachable Signed-off-by: Simon L. --- Containers/nextcloud/supervisord.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf index 184074af..1db885e9 100644 --- a/Containers/nextcloud/supervisord.conf +++ b/Containers/nextcloud/supervisord.conf @@ -39,5 +39,7 @@ stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 -command=nc -lk 9001 +# Restart the netcat command once a day to ensure that it stays reachable +# See https://github.com/nextcloud/all-in-one/issues/6334 +command=timeout 86400 nc -lk 9001 user=www-data From 498e5a21869022ecfe2e51a972c8c25ff5bdf74a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Apr 2025 04:32:46 +0000 Subject: [PATCH 0251/1064] build(deps): bump redis in /Containers/redis Bumps redis from 7.2.7-alpine to 7.2.8-alpine. --- updated-dependencies: - dependency-name: redis dependency-version: 7.2.8-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/redis/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index 1b774ce5..2181f47a 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile -FROM redis:7.2.7-alpine +FROM redis:7.2.8-alpine COPY --chmod=775 start.sh /start.sh From 75aea9196243cc87c3f6ddb348b0c4a01f196d0f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sun, 27 Apr 2025 19:50:59 +0200 Subject: [PATCH 0252/1064] fail2ban-cc: add example how to unban a specific ip-address Signed-off-by: Simon L. --- community-containers/fail2ban/readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md index 851cb03c..cb78639c 100644 --- a/community-containers/fail2ban/readme.md +++ b/community-containers/fail2ban/readme.md @@ -4,6 +4,7 @@ This container bundles fail2ban and auto-configures it for you in order to block ### Notes - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`. - If you get an error like `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this. +- You can unban ip addresses like so for example: `docker exec -it nextcloud-aio-fail2ban fail2ban-client set nextcloud unbanip 203.113.167.162`. - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository From bbab0cf41c488c4ba4359557e76bba77ad39f6a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Apr 2025 04:55:53 +0000 Subject: [PATCH 0253/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.1-scratch to 2.11.2-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.2-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index ce2b545b..ca4a7a89 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.1-scratch AS nats +FROM nats:2.11.2-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.3 AS janus From 1e7c19bcc60240e37592e66f1c212ae2f0314f82 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 28 Apr 2025 10:52:56 +0200 Subject: [PATCH 0254/1064] manual-upgrade: adjust the docs to mention docker hub as well Signed-off-by: Simon L. --- manual-upgrade.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manual-upgrade.md b/manual-upgrade.md index c1478953..84c742e5 100644 --- a/manual-upgrade.md +++ b/manual-upgrade.md @@ -35,13 +35,13 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d | To change | Replace with | |----------------------------------------|-----------------------------------------------------| -| `nextcloud/aio-nextcloud:latest` | `nextcloud/aio-nextcloud:php{version}-latest` | -| `nextcloud/aio-nextcloud:latest-arm64` | `nextcloud/aio-nextcloud:php{version}-latest-arm64` | +| `ghcr.io/nextcloud-releases/aio-nextcloud:latest` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest` | +| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` | - - e.g. `nextcloud/aio-nextcloud:php8.0-latest` or `nextcloud/aio-nextcloud:php8.0-latest-arm64` - - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) + - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64` + - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php - Using nano and the arrow keys to navigate: - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit. 6. Next, stop and remove the current container: @@ -94,8 +94,8 @@ Make **note** of the version which is compatible, rounding down to 1 digit after - In this example we would want php 8.1 since anything with 8.2 or above is incompatible ##### 5. Find the correct container version -In general it should be ```nextcloud/aio-nextcloud:php8.x-latest-arm64``` or `nextcloud/aio-nextcloud:php8.x-latest` replacing `x` with the version you require. -However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) +In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require. +However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php ##### 6. Replace the container - Navigate to the ```nextcloud-aio-nextcloud``` container within portainer From 12fcefee7769f6c2cd4f3f3598db127cec1fc3d1 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 29 Apr 2025 11:21:08 +0200 Subject: [PATCH 0255/1064] mastercontainer: update to php8.4 Signed-off-by: Simon L. --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .../workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- Containers/mastercontainer/Dockerfile | 4 +- php/composer.json | 6 +- php/composer.lock | 1371 +++++++++++++++-- php/psalm-baseline.xml | 170 +- php/psalm.xml | 1 + 11 files changed, 1411 insertions(+), 153 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 4fc8083f..f6e1c99f 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: - php-version: 8.3 + php-version: 8.4 extensions: apcu - name: Run dependency update script run: | diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 5dc44824..6a26c59d 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - php-versions: [ "8.3" ] + php-versions: [ "8.4" ] name: php-lint diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index 9a0995b1..c890a112 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -20,7 +20,7 @@ jobs: - name: Set up php uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: - php-version: 8.3 + php-version: 8.4 extensions: apcu coverage: none diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 086bc036..c18740c2 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -15,7 +15,7 @@ jobs: - name: Set up php uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: - php-version: 8.3 + php-version: 8.4 extensions: apcu coverage: none diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index f653f81c..fb357a06 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -31,7 +31,7 @@ jobs: - name: Set up php uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: - php-version: 8.3 + php-version: 8.4 extensions: apcu coverage: none ini-file: development diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 4f55c0e0..1af3a3cb 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -29,7 +29,7 @@ jobs: - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 with: - php-version: 8.3 + php-version: 8.4 extensions: apcu coverage: none diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index ac841dbf..f9ae4118 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -5,8 +5,8 @@ FROM docker:28.1.1-cli AS docker # Caddy is a requirement FROM caddy:2.10.0-alpine AS caddy -# From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile -FROM php:8.3.20-fpm-alpine3.21 +# From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile +FROM php:8.4.6-fpm-alpine3.21 EXPOSE 80 EXPOSE 8080 diff --git a/php/composer.json b/php/composer.json index 17fa5097..892bdd5d 100644 --- a/php/composer.json +++ b/php/composer.json @@ -5,7 +5,7 @@ } }, "require": { - "php": "8.3.*", + "php": "8.4.*", "ext-json": "*", "ext-sodium": "*", "ext-curl": "*", @@ -20,7 +20,7 @@ }, "require-dev": { "sserbin/twig-linter": "@dev", - "vimeo/psalm": "^5.25", + "vimeo/psalm": "^6.0", "wapmorgan/php-deprecation-detector": "dev-master" }, "scripts": { @@ -33,6 +33,6 @@ "psalm:strict": "psalm --threads=1 --show-info=true", "lint": "php -l src/*.php src/**/*.php public/index.php", "lint:twig": "twig-linter lint ./templates", - "php-deprecation-detector": "phpdd scan -n -t 8.3 src/*.php src/**/*.php public/index.php" + "php-deprecation-detector": "phpdd scan -n -t 8.4 src/*.php src/**/*.php public/index.php" } } diff --git a/php/composer.lock b/php/composer.lock index 8f8341f8..b1de606a 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "0e1d24f3fa776163acefdebc91da39d3", + "content-hash": "19598625395cc28e64f15d2719f8f98f", "packages": [ { "name": "guzzlehttp/guzzle", @@ -1714,43 +1714,36 @@ "packages-dev": [ { "name": "amphp/amp", - "version": "v2.6.4", + "version": "v3.1.0", "source": { "type": "git", "url": "https://github.com/amphp/amp.git", - "reference": "ded3d9be08f526089eb7ee8d9f16a9768f9dec2d" + "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/amphp/amp/zipball/ded3d9be08f526089eb7ee8d9f16a9768f9dec2d", - "reference": "ded3d9be08f526089eb7ee8d9f16a9768f9dec2d", + "url": "https://api.github.com/repos/amphp/amp/zipball/7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9", + "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=8.1", + "revolt/event-loop": "^1 || ^0.2" }, "require-dev": { - "amphp/php-cs-fixer-config": "dev-master", - "amphp/phpunit-util": "^1", - "ext-json": "*", - "jetbrains/phpstorm-stubs": "^2019.3", - "phpunit/phpunit": "^7 | ^8 | ^9", - "react/promise": "^2", - "vimeo/psalm": "^3.12" + "amphp/php-cs-fixer-config": "^2", + "phpunit/phpunit": "^9", + "psalm/phar": "5.23.1" }, "type": "library", - "extra": { - "branch-alias": { - "dev-master": "2.x-dev" - } - }, "autoload": { "files": [ - "lib/functions.php", - "lib/Internal/functions.php" + "src/functions.php", + "src/Future/functions.php", + "src/Internal/functions.php" ], "psr-4": { - "Amp\\": "lib" + "Amp\\": "src" } }, "notification-url": "https://packagist.org/downloads/", @@ -1758,10 +1751,6 @@ "MIT" ], "authors": [ - { - "name": "Daniel Lowrey", - "email": "rdlowrey@php.net" - }, { "name": "Aaron Piotrowski", "email": "aaron@trowski.com" @@ -1773,6 +1762,10 @@ { "name": "Niklas Keller", "email": "me@kelunik.com" + }, + { + "name": "Daniel Lowrey", + "email": "rdlowrey@php.net" } ], "description": "A non-blocking concurrency framework for PHP applications.", @@ -1789,9 +1782,8 @@ "promise" ], "support": { - "irc": "irc://irc.freenode.org/amphp", "issues": "https://github.com/amphp/amp/issues", - "source": "https://github.com/amphp/amp/tree/v2.6.4" + "source": "https://github.com/amphp/amp/tree/v3.1.0" }, "funding": [ { @@ -1799,41 +1791,45 @@ "type": "github" } ], - "time": "2024-03-21T18:52:26+00:00" + "time": "2025-01-26T16:07:39+00:00" }, { "name": "amphp/byte-stream", - "version": "v1.8.2", + "version": "v2.1.2", "source": { "type": "git", "url": "https://github.com/amphp/byte-stream.git", - "reference": "4f0e968ba3798a423730f567b1b50d3441c16ddc" + "reference": "55a6bd071aec26fa2a3e002618c20c35e3df1b46" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/amphp/byte-stream/zipball/4f0e968ba3798a423730f567b1b50d3441c16ddc", - "reference": "4f0e968ba3798a423730f567b1b50d3441c16ddc", + "url": "https://api.github.com/repos/amphp/byte-stream/zipball/55a6bd071aec26fa2a3e002618c20c35e3df1b46", + "reference": "55a6bd071aec26fa2a3e002618c20c35e3df1b46", "shasum": "" }, "require": { - "amphp/amp": "^2", - "php": ">=7.1" + "amphp/amp": "^3", + "amphp/parser": "^1.1", + "amphp/pipeline": "^1", + "amphp/serialization": "^1", + "amphp/sync": "^2", + "php": ">=8.1", + "revolt/event-loop": "^1 || ^0.2.3" }, "require-dev": { - "amphp/php-cs-fixer-config": "dev-master", - "amphp/phpunit-util": "^1.4", - "friendsofphp/php-cs-fixer": "^2.3", - "jetbrains/phpstorm-stubs": "^2019.3", - "phpunit/phpunit": "^6 || ^7 || ^8", - "psalm/phar": "^3.11.4" + "amphp/php-cs-fixer-config": "^2", + "amphp/phpunit-util": "^3", + "phpunit/phpunit": "^9", + "psalm/phar": "5.22.1" }, "type": "library", "autoload": { "files": [ - "lib/functions.php" + "src/functions.php", + "src/Internal/functions.php" ], "psr-4": { - "Amp\\ByteStream\\": "lib" + "Amp\\ByteStream\\": "src" } }, "notification-url": "https://packagist.org/downloads/", @@ -1862,7 +1858,7 @@ ], "support": { "issues": "https://github.com/amphp/byte-stream/issues", - "source": "https://github.com/amphp/byte-stream/tree/v1.8.2" + "source": "https://github.com/amphp/byte-stream/tree/v2.1.2" }, "funding": [ { @@ -1870,7 +1866,659 @@ "type": "github" } ], - "time": "2024-04-13T18:00:56+00:00" + "time": "2025-03-16T17:10:27+00:00" + }, + { + "name": "amphp/cache", + "version": "v2.0.1", + "source": { + "type": "git", + "url": "https://github.com/amphp/cache.git", + "reference": "46912e387e6aa94933b61ea1ead9cf7540b7797c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/amphp/cache/zipball/46912e387e6aa94933b61ea1ead9cf7540b7797c", + "reference": "46912e387e6aa94933b61ea1ead9cf7540b7797c", + "shasum": "" + }, + "require": { + "amphp/amp": "^3", + "amphp/serialization": "^1", + "amphp/sync": "^2", + "php": ">=8.1", + "revolt/event-loop": "^1 || ^0.2" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "^2", + "amphp/phpunit-util": "^3", + "phpunit/phpunit": "^9", + "psalm/phar": "^5.4" + }, + "type": "library", + "autoload": { + "psr-4": { + "Amp\\Cache\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + }, + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + }, + { + "name": "Daniel Lowrey", + "email": "rdlowrey@php.net" + } + ], + "description": "A fiber-aware cache API based on Amp and Revolt.", + "homepage": "https://amphp.org/cache", + "support": { + "issues": "https://github.com/amphp/cache/issues", + "source": "https://github.com/amphp/cache/tree/v2.0.1" + }, + "funding": [ + { + "url": "https://github.com/amphp", + "type": "github" + } + ], + "time": "2024-04-19T03:38:06+00:00" + }, + { + "name": "amphp/dns", + "version": "v2.4.0", + "source": { + "type": "git", + "url": "https://github.com/amphp/dns.git", + "reference": "78eb3db5fc69bf2fc0cb503c4fcba667bc223c71" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/amphp/dns/zipball/78eb3db5fc69bf2fc0cb503c4fcba667bc223c71", + "reference": "78eb3db5fc69bf2fc0cb503c4fcba667bc223c71", + "shasum": "" + }, + "require": { + "amphp/amp": "^3", + "amphp/byte-stream": "^2", + "amphp/cache": "^2", + "amphp/parser": "^1", + "amphp/process": "^2", + "daverandom/libdns": "^2.0.2", + "ext-filter": "*", + "ext-json": "*", + "php": ">=8.1", + "revolt/event-loop": "^1 || ^0.2" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "^2", + "amphp/phpunit-util": "^3", + "phpunit/phpunit": "^9", + "psalm/phar": "5.20" + }, + "type": "library", + "autoload": { + "files": [ + "src/functions.php" + ], + "psr-4": { + "Amp\\Dns\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Chris Wright", + "email": "addr@daverandom.com" + }, + { + "name": "Daniel Lowrey", + "email": "rdlowrey@php.net" + }, + { + "name": "Bob Weinand", + "email": "bobwei9@hotmail.com" + }, + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + }, + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + } + ], + "description": "Async DNS resolution for Amp.", + "homepage": "https://github.com/amphp/dns", + "keywords": [ + "amp", + "amphp", + "async", + "client", + "dns", + "resolve" + ], + "support": { + "issues": "https://github.com/amphp/dns/issues", + "source": "https://github.com/amphp/dns/tree/v2.4.0" + }, + "funding": [ + { + "url": "https://github.com/amphp", + "type": "github" + } + ], + "time": "2025-01-19T15:43:40+00:00" + }, + { + "name": "amphp/parallel", + "version": "v2.3.1", + "source": { + "type": "git", + "url": "https://github.com/amphp/parallel.git", + "reference": "5113111de02796a782f5d90767455e7391cca190" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/amphp/parallel/zipball/5113111de02796a782f5d90767455e7391cca190", + "reference": "5113111de02796a782f5d90767455e7391cca190", + "shasum": "" + }, + "require": { + "amphp/amp": "^3", + "amphp/byte-stream": "^2", + "amphp/cache": "^2", + "amphp/parser": "^1", + "amphp/pipeline": "^1", + "amphp/process": "^2", + "amphp/serialization": "^1", + "amphp/socket": "^2", + "amphp/sync": "^2", + "php": ">=8.1", + "revolt/event-loop": "^1" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "^2", + "amphp/phpunit-util": "^3", + "phpunit/phpunit": "^9", + "psalm/phar": "^5.18" + }, + "type": "library", + "autoload": { + "files": [ + "src/Context/functions.php", + "src/Context/Internal/functions.php", + "src/Ipc/functions.php", + "src/Worker/functions.php" + ], + "psr-4": { + "Amp\\Parallel\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + }, + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + }, + { + "name": "Stephen Coakley", + "email": "me@stephencoakley.com" + } + ], + "description": "Parallel processing component for Amp.", + "homepage": "https://github.com/amphp/parallel", + "keywords": [ + "async", + "asynchronous", + "concurrent", + "multi-processing", + "multi-threading" + ], + "support": { + "issues": "https://github.com/amphp/parallel/issues", + "source": "https://github.com/amphp/parallel/tree/v2.3.1" + }, + "funding": [ + { + "url": "https://github.com/amphp", + "type": "github" + } + ], + "time": "2024-12-21T01:56:09+00:00" + }, + { + "name": "amphp/parser", + "version": "v1.1.1", + "source": { + "type": "git", + "url": "https://github.com/amphp/parser.git", + "reference": "3cf1f8b32a0171d4b1bed93d25617637a77cded7" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/amphp/parser/zipball/3cf1f8b32a0171d4b1bed93d25617637a77cded7", + "reference": "3cf1f8b32a0171d4b1bed93d25617637a77cded7", + "shasum": "" + }, + "require": { + "php": ">=7.4" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "^2", + "phpunit/phpunit": "^9", + "psalm/phar": "^5.4" + }, + "type": "library", + "autoload": { + "psr-4": { + "Amp\\Parser\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + }, + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + } + ], + "description": "A generator parser to make streaming parsers simple.", + "homepage": "https://github.com/amphp/parser", + "keywords": [ + "async", + "non-blocking", + "parser", + "stream" + ], + "support": { + "issues": "https://github.com/amphp/parser/issues", + "source": "https://github.com/amphp/parser/tree/v1.1.1" + }, + "funding": [ + { + "url": "https://github.com/amphp", + "type": "github" + } + ], + "time": "2024-03-21T19:16:53+00:00" + }, + { + "name": "amphp/pipeline", + "version": "v1.2.3", + "source": { + "type": "git", + "url": "https://github.com/amphp/pipeline.git", + "reference": "7b52598c2e9105ebcddf247fc523161581930367" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/amphp/pipeline/zipball/7b52598c2e9105ebcddf247fc523161581930367", + "reference": "7b52598c2e9105ebcddf247fc523161581930367", + "shasum": "" + }, + "require": { + "amphp/amp": "^3", + "php": ">=8.1", + "revolt/event-loop": "^1" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "^2", + "amphp/phpunit-util": "^3", + "phpunit/phpunit": "^9", + "psalm/phar": "^5.18" + }, + "type": "library", + "autoload": { + "psr-4": { + "Amp\\Pipeline\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + }, + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + } + ], + "description": "Asynchronous iterators and operators.", + "homepage": "https://amphp.org/pipeline", + "keywords": [ + "amp", + "amphp", + "async", + "io", + "iterator", + "non-blocking" + ], + "support": { + "issues": "https://github.com/amphp/pipeline/issues", + "source": "https://github.com/amphp/pipeline/tree/v1.2.3" + }, + "funding": [ + { + "url": "https://github.com/amphp", + "type": "github" + } + ], + "time": "2025-03-16T16:33:53+00:00" + }, + { + "name": "amphp/process", + "version": "v2.0.3", + "source": { + "type": "git", + "url": "https://github.com/amphp/process.git", + "reference": "52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/amphp/process/zipball/52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d", + "reference": "52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d", + "shasum": "" + }, + "require": { + "amphp/amp": "^3", + "amphp/byte-stream": "^2", + "amphp/sync": "^2", + "php": ">=8.1", + "revolt/event-loop": "^1 || ^0.2" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "^2", + "amphp/phpunit-util": "^3", + "phpunit/phpunit": "^9", + "psalm/phar": "^5.4" + }, + "type": "library", + "autoload": { + "files": [ + "src/functions.php" + ], + "psr-4": { + "Amp\\Process\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Bob Weinand", + "email": "bobwei9@hotmail.com" + }, + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + }, + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + } + ], + "description": "A fiber-aware process manager based on Amp and Revolt.", + "homepage": "https://amphp.org/process", + "support": { + "issues": "https://github.com/amphp/process/issues", + "source": "https://github.com/amphp/process/tree/v2.0.3" + }, + "funding": [ + { + "url": "https://github.com/amphp", + "type": "github" + } + ], + "time": "2024-04-19T03:13:44+00:00" + }, + { + "name": "amphp/serialization", + "version": "v1.0.0", + "source": { + "type": "git", + "url": "https://github.com/amphp/serialization.git", + "reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/amphp/serialization/zipball/693e77b2fb0b266c3c7d622317f881de44ae94a1", + "reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "dev-master", + "phpunit/phpunit": "^9 || ^8 || ^7" + }, + "type": "library", + "autoload": { + "files": [ + "src/functions.php" + ], + "psr-4": { + "Amp\\Serialization\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + }, + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + } + ], + "description": "Serialization tools for IPC and data storage in PHP.", + "homepage": "https://github.com/amphp/serialization", + "keywords": [ + "async", + "asynchronous", + "serialization", + "serialize" + ], + "support": { + "issues": "https://github.com/amphp/serialization/issues", + "source": "https://github.com/amphp/serialization/tree/master" + }, + "time": "2020-03-25T21:39:07+00:00" + }, + { + "name": "amphp/socket", + "version": "v2.3.1", + "source": { + "type": "git", + "url": "https://github.com/amphp/socket.git", + "reference": "58e0422221825b79681b72c50c47a930be7bf1e1" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/amphp/socket/zipball/58e0422221825b79681b72c50c47a930be7bf1e1", + "reference": "58e0422221825b79681b72c50c47a930be7bf1e1", + "shasum": "" + }, + "require": { + "amphp/amp": "^3", + "amphp/byte-stream": "^2", + "amphp/dns": "^2", + "ext-openssl": "*", + "kelunik/certificate": "^1.1", + "league/uri": "^6.5 | ^7", + "league/uri-interfaces": "^2.3 | ^7", + "php": ">=8.1", + "revolt/event-loop": "^1 || ^0.2" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "^2", + "amphp/phpunit-util": "^3", + "amphp/process": "^2", + "phpunit/phpunit": "^9", + "psalm/phar": "5.20" + }, + "type": "library", + "autoload": { + "files": [ + "src/functions.php", + "src/Internal/functions.php", + "src/SocketAddress/functions.php" + ], + "psr-4": { + "Amp\\Socket\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Daniel Lowrey", + "email": "rdlowrey@gmail.com" + }, + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + }, + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + } + ], + "description": "Non-blocking socket connection / server implementations based on Amp and Revolt.", + "homepage": "https://github.com/amphp/socket", + "keywords": [ + "amp", + "async", + "encryption", + "non-blocking", + "sockets", + "tcp", + "tls" + ], + "support": { + "issues": "https://github.com/amphp/socket/issues", + "source": "https://github.com/amphp/socket/tree/v2.3.1" + }, + "funding": [ + { + "url": "https://github.com/amphp", + "type": "github" + } + ], + "time": "2024-04-21T14:33:03+00:00" + }, + { + "name": "amphp/sync", + "version": "v2.3.0", + "source": { + "type": "git", + "url": "https://github.com/amphp/sync.git", + "reference": "217097b785130d77cfcc58ff583cf26cd1770bf1" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/amphp/sync/zipball/217097b785130d77cfcc58ff583cf26cd1770bf1", + "reference": "217097b785130d77cfcc58ff583cf26cd1770bf1", + "shasum": "" + }, + "require": { + "amphp/amp": "^3", + "amphp/pipeline": "^1", + "amphp/serialization": "^1", + "php": ">=8.1", + "revolt/event-loop": "^1 || ^0.2" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "^2", + "amphp/phpunit-util": "^3", + "phpunit/phpunit": "^9", + "psalm/phar": "5.23" + }, + "type": "library", + "autoload": { + "files": [ + "src/functions.php" + ], + "psr-4": { + "Amp\\Sync\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + }, + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + }, + { + "name": "Stephen Coakley", + "email": "me@stephencoakley.com" + } + ], + "description": "Non-blocking synchronization primitives for PHP based on Amp and Revolt.", + "homepage": "https://github.com/amphp/sync", + "keywords": [ + "async", + "asynchronous", + "mutex", + "semaphore", + "synchronization" + ], + "support": { + "issues": "https://github.com/amphp/sync/issues", + "source": "https://github.com/amphp/sync/tree/v2.3.0" + }, + "funding": [ + { + "url": "https://github.com/amphp", + "type": "github" + } + ], + "time": "2024-08-03T19:31:26+00:00" }, { "name": "composer/package-versions-deprecated", @@ -2171,6 +2819,102 @@ ], "time": "2024-05-06T16:37:16+00:00" }, + { + "name": "danog/advanced-json-rpc", + "version": "v3.2.2", + "source": { + "type": "git", + "url": "https://github.com/danog/php-advanced-json-rpc.git", + "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/danog/php-advanced-json-rpc/zipball/aadb1c4068a88c3d0530cfe324b067920661efcb", + "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb", + "shasum": "" + }, + "require": { + "netresearch/jsonmapper": "^5", + "php": ">=8.1", + "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0" + }, + "replace": { + "felixfbecker/php-advanced-json-rpc": "^3" + }, + "require-dev": { + "phpunit/phpunit": "^9" + }, + "type": "library", + "autoload": { + "psr-4": { + "AdvancedJsonRpc\\": "lib/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "ISC" + ], + "authors": [ + { + "name": "Felix Becker", + "email": "felix.b@outlook.com" + }, + { + "name": "Daniil Gentili", + "email": "daniil@daniil.it" + } + ], + "description": "A more advanced JSONRPC implementation", + "support": { + "issues": "https://github.com/danog/php-advanced-json-rpc/issues", + "source": "https://github.com/danog/php-advanced-json-rpc/tree/v3.2.2" + }, + "time": "2025-02-14T10:55:15+00:00" + }, + { + "name": "daverandom/libdns", + "version": "v2.1.0", + "source": { + "type": "git", + "url": "https://github.com/DaveRandom/LibDNS.git", + "reference": "b84c94e8fe6b7ee4aecfe121bfe3b6177d303c8a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/DaveRandom/LibDNS/zipball/b84c94e8fe6b7ee4aecfe121bfe3b6177d303c8a", + "reference": "b84c94e8fe6b7ee4aecfe121bfe3b6177d303c8a", + "shasum": "" + }, + "require": { + "ext-ctype": "*", + "php": ">=7.1" + }, + "suggest": { + "ext-intl": "Required for IDN support" + }, + "type": "library", + "autoload": { + "files": [ + "src/functions.php" + ], + "psr-4": { + "LibDNS\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "DNS protocol implementation written in pure PHP", + "keywords": [ + "dns" + ], + "support": { + "issues": "https://github.com/DaveRandom/LibDNS/issues", + "source": "https://github.com/DaveRandom/LibDNS/tree/v2.1.0" + }, + "time": "2024-04-12T12:12:48+00:00" + }, { "name": "dnoegel/php-xdg-base-dir", "version": "v0.1.1", @@ -2256,51 +3000,6 @@ }, "time": "2025-04-07T20:06:18+00:00" }, - { - "name": "felixfbecker/advanced-json-rpc", - "version": "v3.2.1", - "source": { - "type": "git", - "url": "https://github.com/felixfbecker/php-advanced-json-rpc.git", - "reference": "b5f37dbff9a8ad360ca341f3240dc1c168b45447" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/felixfbecker/php-advanced-json-rpc/zipball/b5f37dbff9a8ad360ca341f3240dc1c168b45447", - "reference": "b5f37dbff9a8ad360ca341f3240dc1c168b45447", - "shasum": "" - }, - "require": { - "netresearch/jsonmapper": "^1.0 || ^2.0 || ^3.0 || ^4.0", - "php": "^7.1 || ^8.0", - "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0" - }, - "require-dev": { - "phpunit/phpunit": "^7.0 || ^8.0" - }, - "type": "library", - "autoload": { - "psr-4": { - "AdvancedJsonRpc\\": "lib/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "ISC" - ], - "authors": [ - { - "name": "Felix Becker", - "email": "felix.b@outlook.com" - } - ], - "description": "A more advanced JSONRPC implementation", - "support": { - "issues": "https://github.com/felixfbecker/php-advanced-json-rpc/issues", - "source": "https://github.com/felixfbecker/php-advanced-json-rpc/tree/v3.2.1" - }, - "time": "2021-06-11T22:34:44+00:00" - }, { "name": "felixfbecker/language-server-protocol", "version": "v1.5.3", @@ -2419,17 +3118,249 @@ "time": "2024-08-06T10:04:20+00:00" }, { - "name": "netresearch/jsonmapper", - "version": "v4.5.0", + "name": "kelunik/certificate", + "version": "v1.1.3", "source": { "type": "git", - "url": "https://github.com/cweiske/jsonmapper.git", - "reference": "8e76efb98ee8b6afc54687045e1b8dba55ac76e5" + "url": "https://github.com/kelunik/certificate.git", + "reference": "7e00d498c264d5eb4f78c69f41c8bd6719c0199e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/cweiske/jsonmapper/zipball/8e76efb98ee8b6afc54687045e1b8dba55ac76e5", - "reference": "8e76efb98ee8b6afc54687045e1b8dba55ac76e5", + "url": "https://api.github.com/repos/kelunik/certificate/zipball/7e00d498c264d5eb4f78c69f41c8bd6719c0199e", + "reference": "7e00d498c264d5eb4f78c69f41c8bd6719c0199e", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "php": ">=7.0" + }, + "require-dev": { + "amphp/php-cs-fixer-config": "^2", + "phpunit/phpunit": "^6 | 7 | ^8 | ^9" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Kelunik\\Certificate\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + } + ], + "description": "Access certificate details and transform between different formats.", + "keywords": [ + "DER", + "certificate", + "certificates", + "openssl", + "pem", + "x509" + ], + "support": { + "issues": "https://github.com/kelunik/certificate/issues", + "source": "https://github.com/kelunik/certificate/tree/v1.1.3" + }, + "time": "2023-02-03T21:26:53+00:00" + }, + { + "name": "league/uri", + "version": "7.5.1", + "source": { + "type": "git", + "url": "https://github.com/thephpleague/uri.git", + "reference": "81fb5145d2644324614cc532b28efd0215bda430" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/thephpleague/uri/zipball/81fb5145d2644324614cc532b28efd0215bda430", + "reference": "81fb5145d2644324614cc532b28efd0215bda430", + "shasum": "" + }, + "require": { + "league/uri-interfaces": "^7.5", + "php": "^8.1" + }, + "conflict": { + "league/uri-schemes": "^1.0" + }, + "suggest": { + "ext-bcmath": "to improve IPV4 host parsing", + "ext-fileinfo": "to create Data URI from file contennts", + "ext-gmp": "to improve IPV4 host parsing", + "ext-intl": "to handle IDN host with the best performance", + "jeremykendall/php-domain-parser": "to resolve Public Suffix and Top Level Domain", + "league/uri-components": "Needed to easily manipulate URI objects components", + "php-64bit": "to improve IPV4 host parsing", + "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "7.x-dev" + } + }, + "autoload": { + "psr-4": { + "League\\Uri\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Ignace Nyamagana Butera", + "email": "nyamsprod@gmail.com", + "homepage": "https://nyamsprod.com" + } + ], + "description": "URI manipulation library", + "homepage": "https://uri.thephpleague.com", + "keywords": [ + "data-uri", + "file-uri", + "ftp", + "hostname", + "http", + "https", + "middleware", + "parse_str", + "parse_url", + "psr-7", + "query-string", + "querystring", + "rfc3986", + "rfc3987", + "rfc6570", + "uri", + "uri-template", + "url", + "ws" + ], + "support": { + "docs": "https://uri.thephpleague.com", + "forum": "https://thephpleague.slack.com", + "issues": "https://github.com/thephpleague/uri-src/issues", + "source": "https://github.com/thephpleague/uri/tree/7.5.1" + }, + "funding": [ + { + "url": "https://github.com/sponsors/nyamsprod", + "type": "github" + } + ], + "time": "2024-12-08T08:40:02+00:00" + }, + { + "name": "league/uri-interfaces", + "version": "7.5.0", + "source": { + "type": "git", + "url": "https://github.com/thephpleague/uri-interfaces.git", + "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/08cfc6c4f3d811584fb09c37e2849e6a7f9b0742", + "reference": "08cfc6c4f3d811584fb09c37e2849e6a7f9b0742", + "shasum": "" + }, + "require": { + "ext-filter": "*", + "php": "^8.1", + "psr/http-factory": "^1", + "psr/http-message": "^1.1 || ^2.0" + }, + "suggest": { + "ext-bcmath": "to improve IPV4 host parsing", + "ext-gmp": "to improve IPV4 host parsing", + "ext-intl": "to handle IDN host with the best performance", + "php-64bit": "to improve IPV4 host parsing", + "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "7.x-dev" + } + }, + "autoload": { + "psr-4": { + "League\\Uri\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Ignace Nyamagana Butera", + "email": "nyamsprod@gmail.com", + "homepage": "https://nyamsprod.com" + } + ], + "description": "Common interfaces and classes for URI representation and interaction", + "homepage": "https://uri.thephpleague.com", + "keywords": [ + "data-uri", + "file-uri", + "ftp", + "hostname", + "http", + "https", + "parse_str", + "parse_url", + "psr-7", + "query-string", + "querystring", + "rfc3986", + "rfc3987", + "rfc6570", + "uri", + "url", + "ws" + ], + "support": { + "docs": "https://uri.thephpleague.com", + "forum": "https://thephpleague.slack.com", + "issues": "https://github.com/thephpleague/uri-src/issues", + "source": "https://github.com/thephpleague/uri-interfaces/tree/7.5.0" + }, + "funding": [ + { + "url": "https://github.com/sponsors/nyamsprod", + "type": "github" + } + ], + "time": "2024-12-08T08:18:47+00:00" + }, + { + "name": "netresearch/jsonmapper", + "version": "v5.0.0", + "source": { + "type": "git", + "url": "https://github.com/cweiske/jsonmapper.git", + "reference": "8c64d8d444a5d764c641ebe97e0e3bc72b25bf6c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/cweiske/jsonmapper/zipball/8c64d8d444a5d764c641ebe97e0e3bc72b25bf6c", + "reference": "8c64d8d444a5d764c641ebe97e0e3bc72b25bf6c", "shasum": "" }, "require": { @@ -2465,31 +3396,33 @@ "support": { "email": "cweiske@cweiske.de", "issues": "https://github.com/cweiske/jsonmapper/issues", - "source": "https://github.com/cweiske/jsonmapper/tree/v4.5.0" + "source": "https://github.com/cweiske/jsonmapper/tree/v5.0.0" }, - "time": "2024-09-08T10:13:13+00:00" + "time": "2024-09-08T10:20:00+00:00" }, { "name": "nikic/php-parser", - "version": "v4.19.4", + "version": "v5.4.0", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "715f4d25e225bc47b293a8b997fe6ce99bf987d2" + "reference": "447a020a1f875a434d62f2a401f53b82a396e494" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/715f4d25e225bc47b293a8b997fe6ce99bf987d2", - "reference": "715f4d25e225bc47b293a8b997fe6ce99bf987d2", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/447a020a1f875a434d62f2a401f53b82a396e494", + "reference": "447a020a1f875a434d62f2a401f53b82a396e494", "shasum": "" }, "require": { + "ext-ctype": "*", + "ext-json": "*", "ext-tokenizer": "*", - "php": ">=7.1" + "php": ">=7.4" }, "require-dev": { "ircmaxell/php-yacc": "^0.0.7", - "phpunit/phpunit": "^7.0 || ^8.0 || ^9.0" + "phpunit/phpunit": "^9.0" }, "bin": [ "bin/php-parse" @@ -2497,7 +3430,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "4.9-dev" + "dev-master": "5.0-dev" } }, "autoload": { @@ -2521,9 +3454,9 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v4.19.4" + "source": "https://github.com/nikic/PHP-Parser/tree/v5.4.0" }, - "time": "2024-09-29T15:01:53+00:00" + "time": "2024-12-30T11:07:19+00:00" }, { "name": "phpdocumentor/reflection-common", @@ -2748,30 +3681,102 @@ "time": "2025-02-19T13:28:12+00:00" }, { - "name": "sebastian/diff", - "version": "6.0.2", + "name": "revolt/event-loop", + "version": "v1.0.7", "source": { "type": "git", - "url": "https://github.com/sebastianbergmann/diff.git", - "reference": "b4ccd857127db5d41a5b676f24b51371d76d8544" + "url": "https://github.com/revoltphp/event-loop.git", + "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/b4ccd857127db5d41a5b676f24b51371d76d8544", - "reference": "b4ccd857127db5d41a5b676f24b51371d76d8544", + "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/09bf1bf7f7f574453efe43044b06fafe12216eb3", + "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3", "shasum": "" }, "require": { - "php": ">=8.2" + "php": ">=8.1" }, "require-dev": { - "phpunit/phpunit": "^11.0", - "symfony/process": "^4.2 || ^5" + "ext-json": "*", + "jetbrains/phpstorm-stubs": "^2019.3", + "phpunit/phpunit": "^9", + "psalm/phar": "^5.15" }, "type": "library", "extra": { "branch-alias": { - "dev-main": "6.0-dev" + "dev-main": "1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Revolt\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Aaron Piotrowski", + "email": "aaron@trowski.com" + }, + { + "name": "Cees-Jan Kiewiet", + "email": "ceesjank@gmail.com" + }, + { + "name": "Christian Lück", + "email": "christian@clue.engineering" + }, + { + "name": "Niklas Keller", + "email": "me@kelunik.com" + } + ], + "description": "Rock-solid event loop for concurrent PHP applications.", + "keywords": [ + "async", + "asynchronous", + "concurrency", + "event", + "event-loop", + "non-blocking", + "scheduler" + ], + "support": { + "issues": "https://github.com/revoltphp/event-loop/issues", + "source": "https://github.com/revoltphp/event-loop/tree/v1.0.7" + }, + "time": "2025-01-25T19:27:39+00:00" + }, + { + "name": "sebastian/diff", + "version": "7.0.0", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/diff.git", + "reference": "7ab1ea946c012266ca32390913653d844ecd085f" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/7ab1ea946c012266ca32390913653d844ecd085f", + "reference": "7ab1ea946c012266ca32390913653d844ecd085f", + "shasum": "" + }, + "require": { + "php": ">=8.3" + }, + "require-dev": { + "phpunit/phpunit": "^12.0", + "symfony/process": "^7.2" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-main": "7.0-dev" } }, "autoload": { @@ -2804,7 +3809,7 @@ "support": { "issues": "https://github.com/sebastianbergmann/diff/issues", "security": "https://github.com/sebastianbergmann/diff/security/policy", - "source": "https://github.com/sebastianbergmann/diff/tree/6.0.2" + "source": "https://github.com/sebastianbergmann/diff/tree/7.0.0" }, "funding": [ { @@ -2812,7 +3817,7 @@ "type": "github" } ], - "time": "2024-07-03T04:53:05+00:00" + "time": "2025-02-07T04:55:46+00:00" }, { "name": "spatie/array-to-xml", @@ -3323,6 +4328,82 @@ ], "time": "2024-09-09T11:45:10+00:00" }, + { + "name": "symfony/polyfill-php84", + "version": "v1.31.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php84.git", + "reference": "e5493eb51311ab0b1cc2243416613f06ed8f18bd" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/e5493eb51311ab0b1cc2243416613f06ed8f18bd", + "reference": "e5493eb51311ab0b1cc2243416613f06ed8f18bd", + "shasum": "" + }, + "require": { + "php": ">=7.2" + }, + "type": "library", + "extra": { + "thanks": { + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Php84\\": "" + }, + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 8.4+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-php84/tree/v1.31.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-09-09T12:04:04+00:00" + }, { "name": "symfony/service-contracts", "version": "v3.5.1", @@ -3495,24 +4576,26 @@ }, { "name": "vimeo/psalm", - "version": "5.26.1", + "version": "6.10.1", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "d747f6500b38ac4f7dfc5edbcae6e4b637d7add0" + "reference": "f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/d747f6500b38ac4f7dfc5edbcae6e4b637d7add0", - "reference": "d747f6500b38ac4f7dfc5edbcae6e4b637d7add0", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b", + "reference": "f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b", "shasum": "" }, "require": { - "amphp/amp": "^2.4.2", - "amphp/byte-stream": "^1.5", + "amphp/amp": "^3", + "amphp/byte-stream": "^2", + "amphp/parallel": "^2.3", "composer-runtime-api": "^2", "composer/semver": "^1.4 || ^2.0 || ^3.0", "composer/xdebug-handler": "^2.0 || ^3.0", + "danog/advanced-json-rpc": "^3.1", "dnoegel/php-xdg-base-dir": "^0.1.1", "ext-ctype": "*", "ext-dom": "*", @@ -3521,27 +4604,26 @@ "ext-mbstring": "*", "ext-simplexml": "*", "ext-tokenizer": "*", - "felixfbecker/advanced-json-rpc": "^3.1", - "felixfbecker/language-server-protocol": "^1.5.2", + "felixfbecker/language-server-protocol": "^1.5.3", "fidry/cpu-core-counter": "^0.4.1 || ^0.5.1 || ^1.0.0", - "netresearch/jsonmapper": "^1.0 || ^2.0 || ^3.0 || ^4.0", - "nikic/php-parser": "^4.17", - "php": "^7.4 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0", - "sebastian/diff": "^4.0 || ^5.0 || ^6.0", + "netresearch/jsonmapper": "^5.0", + "nikic/php-parser": "^5.0.0", + "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3", + "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0", "spatie/array-to-xml": "^2.17.0 || ^3.0", - "symfony/console": "^4.1.6 || ^5.0 || ^6.0 || ^7.0", - "symfony/filesystem": "^5.4 || ^6.0 || ^7.0" - }, - "conflict": { - "nikic/php-parser": "4.17.0" + "symfony/console": "^6.0 || ^7.0", + "symfony/filesystem": "~6.3.12 || ~6.4.3 || ^7.0.3", + "symfony/polyfill-php84": "^1.31.0" }, "provide": { "psalm/psalm": "self.version" }, "require-dev": { - "amphp/phpunit-util": "^2.0", + "amphp/phpunit-util": "^3", "bamarni/composer-bin-plugin": "^1.4", "brianium/paratest": "^6.9", + "danog/class-finder": "^0.4.8", + "dg/bypass-finals": "^1.5", "ext-curl": "*", "mockery/mockery": "^1.5", "nunomaduro/mock-final-classes": "^1.1", @@ -3549,10 +4631,10 @@ "phpstan/phpdoc-parser": "^1.6", "phpunit/phpunit": "^9.6", "psalm/plugin-mockery": "^1.1", - "psalm/plugin-phpunit": "^0.18", + "psalm/plugin-phpunit": "^0.19", "slevomat/coding-standard": "^8.4", "squizlabs/php_codesniffer": "^3.6", - "symfony/process": "^4.4 || ^5.0 || ^6.0 || ^7.0" + "symfony/process": "^6.0 || ^7.0" }, "suggest": { "ext-curl": "In order to send data to shepherd", @@ -3563,6 +4645,7 @@ "psalm-language-server", "psalm-plugin", "psalm-refactor", + "psalm-review", "psalter" ], "type": "project", @@ -3572,7 +4655,9 @@ "dev-2.x": "2.x-dev", "dev-3.x": "3.x-dev", "dev-4.x": "4.x-dev", - "dev-master": "5.x-dev" + "dev-5.x": "5.x-dev", + "dev-6.x": "6.x-dev", + "dev-master": "7.x-dev" } }, "autoload": { @@ -3587,6 +4672,10 @@ "authors": [ { "name": "Matthew Brown" + }, + { + "name": "Daniil Gentili", + "email": "daniil@daniil.it" } ], "description": "A static analysis tool for finding errors in PHP applications", @@ -3601,7 +4690,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2024-09-08T18:53:08+00:00" + "time": "2025-04-21T18:47:37+00:00" }, { "name": "wapmorgan/php-deprecation-detector", @@ -3738,7 +4827,7 @@ "prefer-stable": false, "prefer-lowest": false, "platform": { - "php": "8.3.*", + "php": "8.4.*", "ext-json": "*", "ext-sodium": "*", "ext-curl": "*", diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index 5c064bb4..31703b3a 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,2 +1,170 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/php/psalm.xml b/php/psalm.xml index 7a6ca595..cf4c9a44 100644 --- a/php/psalm.xml +++ b/php/psalm.xml @@ -5,6 +5,7 @@ xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd" errorBaseline="psalm-baseline.xml" findUnusedBaselineEntry="true" + findUnusedCode="false" > From 5b5e8b810ccdce55bae905a8001a23c4fbd317b9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 29 Apr 2025 11:43:01 +0200 Subject: [PATCH 0256/1064] Revert "borgbackup: always use the progress option when creating an archive" Signed-off-by: Simon L. --- Containers/borgbackup/backupscript.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh index d680071e..602ec586 100644 --- a/Containers/borgbackup/backupscript.sh +++ b/Containers/borgbackup/backupscript.sh @@ -185,7 +185,10 @@ if [ "$BORG_MODE" = backup ]; then # Borg options # auto,zstd compression seems to has the best ratio based on: # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6 - BORG_OPTS=(-v --stats --compression "auto,zstd" --progress) + BORG_OPTS=(-v --stats --compression "auto,zstd") + if [ "$NEW_REPOSITORY" = 1 ]; then + BORG_OPTS+=(--progress) + fi # Exclude the nextcloud log and audit log for GDPR reasons BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/lost+found") From 64663d51c04560587f56f6c914d76a85a72fa532 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 29 Apr 2025 14:54:36 +0200 Subject: [PATCH 0257/1064] nextcloud: adjust root.motd occ command docs Signed-off-by: Simon L. --- Containers/nextcloud/root.motd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/root.motd b/Containers/nextcloud/root.motd index d3cae8a9..00cb4805 100644 --- a/Containers/nextcloud/root.motd +++ b/Containers/nextcloud/root.motd @@ -1,4 +1,4 @@ Warning: You have logged in into the Nextcloud container as root user. See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands if you want to run occ commands. -Apart from that, you can use 'sudo -u www-data -E php occ ' in order to run occ commands. +Apart from that, you can use 'sudo -E -u www-data php occ ' in order to run occ commands. Of course needs to be substituted with the command that you want to use. From 7109925d73683cb3431e6066ead6596d0d761993 Mon Sep 17 00:00:00 2001 From: Morrow Shore <97566823+MorrowShore@users.noreply.github.com> Date: Wed, 30 Apr 2025 12:06:25 +0000 Subject: [PATCH 0258/1064] Update reverse-proxy.md Hello again! Ruikai Wang from the LiteSpeed team was gracious enough to teach us how it's done, and so, we added it here as well with step by step instructions and images. You can change the text or remove the credits there without asking, so feel free! Thanks for the awesome stuff. Signed-off-by: Morrow Shore <97566823+MorrowShore@users.noreply.github.com> --- reverse-proxy.md | 85 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/reverse-proxy.md b/reverse-proxy.md index ea9ac15a..042b948c 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -238,6 +238,91 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it. +### OpenLiteSpeed + +

    + +click here to expand +
    +Here's how you can set up a name-based reverse proxy to your nextcloud on an OpenLiteSpeed server.
    Courtesy of Ruikai Wang from the LiteSpeed team, and Morrow Shore. +

    + +1. Access your OpenLiteSpeed dashboard. + +OpenLiteSpeed panel is installed on port 7080 per default. +
    You can access it by visiting :7080 + +2. Create a new VHost. + +Here's how you can create a new Virtual Host: +![image](https://github.com/user-attachments/assets/703aa010-cf2b-4293-9d12-b6987938c05a) + +3. **Fill in things according to this information.** + +Host root being `/usr/local/lsws/Example/`
    +And the config being `/usr/local/lsws/conf/vhosts/nextcloud.conf` + +![image](https://github.com/user-attachments/assets/4bf59f89-c558-4b61-84f4-a07bcfadcb9d) + +If you'd like to change the address of Virtual Host Root or Document Root, make sure they actually exist in the server! + +4. Edit the new VHost. + +Now, we must inflict some changes to the Virtual Host we just created, so click on your new VHost! + +![image](https://github.com/user-attachments/assets/2ef76b1f-88bf-4c7a-8fd6-aabf9a699640) + +5. First check the basic tab to make sure everything's alright. + +![image](https://github.com/user-attachments/assets/a011d8e5-28f8-463a-9ebb-dd4c4b6aaa41) + +6. Add these to the general tab. + +![image](https://github.com/user-attachments/assets/6b27033d-d60a-4e27-8dfb-b0d9f128702a) + +7. Create an "External Aplication" + +![image](https://github.com/user-attachments/assets/43c92804-8ef5-4b29-bdfa-71d7ff2dddfd) + +![image](https://github.com/user-attachments/assets/4480d39b-dd92-4327-854c-864d2a58b29d) + +Fill it out accordingly and save +![image](https://github.com/user-attachments/assets/d20a4d5f-753b-44e7-9408-8ee675b70ce7) + +8. In the same Vhost, Create a "Context" + +![image](https://github.com/user-attachments/assets/80af7dfb-a0be-4b32-93e2-3b2c1d518a3a) + +Set the new Context to proxy and procceed + +![image](https://github.com/user-attachments/assets/91700c47-3d9b-4a05-a99e-38ddea6fcded) + +Add "/" as URI or address as URI and select your nextcloud web server + +![image](https://github.com/user-attachments/assets/2e0fd085-b9e5-4df7-927d-24eb22487696) + +9. Go to the Listener settings + +![image](https://github.com/user-attachments/assets/abfd9637-7dc0-4468-a947-69643f465745) + +Add a new Virtual Host Mapping +![image](https://github.com/user-attachments/assets/235fa088-60e0-43b9-b544-b50cacf5edff) + +Now select your nextcloud VHost and write in your desired address + +![image](https://github.com/user-attachments/assets/99a56408-b2ea-4b20-9eb6-954b8d15b8d5) + +10. Congratulations. + +Just do a gradeful restart by pressing on this green restart icon, and you should be good to go. + +![image](https://github.com/user-attachments/assets/58acfec9-2f55-46ee-9646-69fa61f951f6) + + + +
    + + ### Citrix ADC VPX / Citrix Netscaler
    From 36d802945778b827fb59bb70164e740ca3458eed Mon Sep 17 00:00:00 2001 From: Morrow Shore <97566823+MorrowShore@users.noreply.github.com> Date: Wed, 30 Apr 2025 12:21:02 +0000 Subject: [PATCH 0259/1064] Update reverse-proxy.md Signed-off-by: Morrow Shore <97566823+MorrowShore@users.noreply.github.com> --- reverse-proxy.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 042b948c..1200ddbb 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -260,7 +260,8 @@ Here's how you can create a new Virtual Host: 3. **Fill in things according to this information.** Host root being `/usr/local/lsws/Example/`
    -And the config being `/usr/local/lsws/conf/vhosts/nextcloud.conf` +And the config being `/usr/local/lsws/conf/vhosts/nextcloud.conf`
    +And enable both Restrained and Scripts/ExtApps ![image](https://github.com/user-attachments/assets/4bf59f89-c558-4b61-84f4-a07bcfadcb9d) @@ -276,7 +277,9 @@ Now, we must inflict some changes to the Virtual Host we just created, so click ![image](https://github.com/user-attachments/assets/a011d8e5-28f8-463a-9ebb-dd4c4b6aaa41) -6. Add these to the general tab. +6. Add Document Root and Domain Name in the general tab.
    +The document Root should be `/usr/local/lsws/nextcloud/html/`
    +And the domain name should be where you'd like your nextcloud to be! ![image](https://github.com/user-attachments/assets/6b27033d-d60a-4e27-8dfb-b0d9f128702a) @@ -284,9 +287,13 @@ Now, we must inflict some changes to the Virtual Host we just created, so click ![image](https://github.com/user-attachments/assets/43c92804-8ef5-4b29-bdfa-71d7ff2dddfd) +Select Web Server and procceed + ![image](https://github.com/user-attachments/assets/4480d39b-dd92-4327-854c-864d2a58b29d) -Fill it out accordingly and save +Name it `nextcloud`
    +Define the address as the default `127.0.0.1:11000`, or what you selected during installation + ![image](https://github.com/user-attachments/assets/d20a4d5f-753b-44e7-9408-8ee675b70ce7) 8. In the same Vhost, Create a "Context" @@ -297,7 +304,7 @@ Set the new Context to proxy and procceed ![image](https://github.com/user-attachments/assets/91700c47-3d9b-4a05-a99e-38ddea6fcded) -Add "/" as URI or address as URI and select your nextcloud web server +Add "/" as URI, and select your nextcloud web server ![image](https://github.com/user-attachments/assets/2e0fd085-b9e5-4df7-927d-24eb22487696) From 2f64d7e608ddc6968c4fbc0645e7b094001e5e24 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 May 2025 04:59:26 +0000 Subject: [PATCH 0260/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.13.3.1 to 25.04.1.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.1.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 098e2cd5..4a698f86 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:24.04.13.3.1 +FROM collabora/code:25.04.1.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From bee7449718a091b999500ab4ca48d1cbb5a14c79 Mon Sep 17 00:00:00 2001 From: Oleksii Zolotarevskyi <15846984+roundoutandabout@users.noreply.github.com> Date: Thu, 1 May 2025 21:37:32 +0200 Subject: [PATCH 0261/1064] Update readme.md Signed-off-by: Oleksii Zolotarevskyi <15846984+roundoutandabout@users.noreply.github.com> --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index e85912c6..c44b8f83 100644 --- a/readme.md +++ b/readme.md @@ -667,7 +667,7 @@ You can edit Nextclouds config.php file directly from the host with your favorit All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration. To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory). ### How to adjust the version retention policy and trashbin retention policy? -By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html. +By default, AIO sets the `versions_retention_obligation` and `trashbin_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html. ### How to enable automatic updates without creating a backup beforehand? If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. From 34e7039e3668f6657cdbb75385754ba1baefcfa7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 May 2025 05:01:00 +0000 Subject: [PATCH 0262/1064] build(deps): bump eturnal/eturnal in /Containers/talk Bumps eturnal/eturnal from 1.12.1 to 1.12.2. --- updated-dependencies: - dependency-name: eturnal/eturnal dependency-version: 1.12.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index ca4a7a89..b9fe8645 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest FROM nats:2.11.2-scratch AS nats -FROM eturnal/eturnal:1.12.1 AS eturnal +FROM eturnal/eturnal:1.12.2 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.3 AS janus From 7197ba184f9da8b32c37bf93d4c734657c58aeb1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 May 2025 07:12:52 +0000 Subject: [PATCH 0263/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.2-scratch to 2.11.3-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.3-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index b9fe8645..0605fdad 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.2-scratch AS nats +FROM nats:2.11.3-scratch AS nats FROM eturnal/eturnal:1.12.2 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.3 AS janus From 75d5a92ed5c2ee3edbbcc41ab79542e825b6d526 Mon Sep 17 00:00:00 2001 From: Morrow Shore <97566823+MorrowShore@users.noreply.github.com> Date: Fri, 2 May 2025 11:53:28 +0000 Subject: [PATCH 0264/1064] OpenLiteSpeed Guide Linked Just Linked the OLS guide as asked! Signed-off-by: Morrow Shore <97566823+MorrowShore@users.noreply.github.com> --- reverse-proxy.md | 84 +----------------------------------------------- 1 file changed, 1 insertion(+), 83 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 1200ddbb..27ee04eb 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -243,93 +243,11 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
    click here to expand -
    -Here's how you can set up a name-based reverse proxy to your nextcloud on an OpenLiteSpeed server.
    Courtesy of Ruikai Wang from the LiteSpeed team, and Morrow Shore. -

    - -1. Access your OpenLiteSpeed dashboard. - -OpenLiteSpeed panel is installed on port 7080 per default. -
    You can access it by visiting :7080 - -2. Create a new VHost. - -Here's how you can create a new Virtual Host: -![image](https://github.com/user-attachments/assets/703aa010-cf2b-4293-9d12-b6987938c05a) - -3. **Fill in things according to this information.** - -Host root being `/usr/local/lsws/Example/`
    -And the config being `/usr/local/lsws/conf/vhosts/nextcloud.conf`
    -And enable both Restrained and Scripts/ExtApps - -![image](https://github.com/user-attachments/assets/4bf59f89-c558-4b61-84f4-a07bcfadcb9d) - -If you'd like to change the address of Virtual Host Root or Document Root, make sure they actually exist in the server! - -4. Edit the new VHost. - -Now, we must inflict some changes to the Virtual Host we just created, so click on your new VHost! - -![image](https://github.com/user-attachments/assets/2ef76b1f-88bf-4c7a-8fd6-aabf9a699640) - -5. First check the basic tab to make sure everything's alright. - -![image](https://github.com/user-attachments/assets/a011d8e5-28f8-463a-9ebb-dd4c4b6aaa41) - -6. Add Document Root and Domain Name in the general tab.
    -The document Root should be `/usr/local/lsws/nextcloud/html/`
    -And the domain name should be where you'd like your nextcloud to be! - -![image](https://github.com/user-attachments/assets/6b27033d-d60a-4e27-8dfb-b0d9f128702a) - -7. Create an "External Aplication" - -![image](https://github.com/user-attachments/assets/43c92804-8ef5-4b29-bdfa-71d7ff2dddfd) - -Select Web Server and procceed - -![image](https://github.com/user-attachments/assets/4480d39b-dd92-4327-854c-864d2a58b29d) - -Name it `nextcloud`
    -Define the address as the default `127.0.0.1:11000`, or what you selected during installation - -![image](https://github.com/user-attachments/assets/d20a4d5f-753b-44e7-9408-8ee675b70ce7) - -8. In the same Vhost, Create a "Context" - -![image](https://github.com/user-attachments/assets/80af7dfb-a0be-4b32-93e2-3b2c1d518a3a) - -Set the new Context to proxy and procceed - -![image](https://github.com/user-attachments/assets/91700c47-3d9b-4a05-a99e-38ddea6fcded) - -Add "/" as URI, and select your nextcloud web server - -![image](https://github.com/user-attachments/assets/2e0fd085-b9e5-4df7-927d-24eb22487696) - -9. Go to the Listener settings - -![image](https://github.com/user-attachments/assets/abfd9637-7dc0-4468-a947-69643f465745) - -Add a new Virtual Host Mapping -![image](https://github.com/user-attachments/assets/235fa088-60e0-43b9-b544-b50cacf5edff) - -Now select your nextcloud VHost and write in your desired address - -![image](https://github.com/user-attachments/assets/99a56408-b2ea-4b20-9eb6-954b8d15b8d5) - -10. Congratulations. - -Just do a gradeful restart by pressing on this green restart icon, and you should be good to go. - -![image](https://github.com/user-attachments/assets/58acfec9-2f55-46ee-9646-69fa61f951f6) - +You can find the OpenLiteSpeed reverse proxy guide by @MorrowShore here: https://github.com/nextcloud/all-in-one/discussions/6370
    - ### Citrix ADC VPX / Citrix Netscaler
    From f795742b394bf4e35bbd08922f745d6f2c882456 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 2 May 2025 13:59:02 +0200 Subject: [PATCH 0265/1064] increase to v10.14.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index c3884fa3..769f70d9 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.13.0

    +

    Nextcloud AIO v10.14.0

    {# Add 2nd tab warning #} From 4584b7887732c85ed2c8fbf5940c37aacd9d3720 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 2 May 2025 14:02:39 +0200 Subject: [PATCH 0266/1064] Revert "build(deps): bump collabora/code from 24.04.13.3.1 to 25.04.1.1.1 in /Containers/collabora" --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 4a698f86..098e2cd5 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.1.1.1 +FROM collabora/code:24.04.13.3.1 USER root ARG DEBIAN_FRONTEND=noninteractive From f49a0f0b696b607a7d8233938a35ca547bcd0395 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 2 May 2025 14:32:58 +0200 Subject: [PATCH 0267/1064] Revert "build(deps): bump eturnal/eturnal from 1.12.1 to 1.12.2 in /Containers/talk" Signed-off-by: Simon L. --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 0605fdad..d85d3305 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest FROM nats:2.11.3-scratch AS nats -FROM eturnal/eturnal:1.12.2 AS eturnal +FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling FROM alpine:3.21.3 AS janus From 69bd0bde4975ce142ab13885b7ebbbea89dc7a0d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 May 2025 04:27:11 +0000 Subject: [PATCH 0268/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.24.2-alpine3.21 to 1.24.3-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.3-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 08b03bd7..11928b93 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.2-alpine3.21 AS go +FROM golang:1.24.3-alpine3.21 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From 30e09a0d3165d8276bfeb13e51d97c5e30dcf3e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 May 2025 04:27:57 +0000 Subject: [PATCH 0269/1064] build(deps): bump golang in /Containers/watchtower Bumps golang from 1.24.2-alpine3.21 to 1.24.3-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.3-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 2f204010..90d18aeb 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.2-alpine3.21 AS go +FROM golang:1.24.3-alpine3.21 AS go RUN set -ex; \ apk upgrade --no-cache -a; \ From efce94a6efb13393e5d2fda0fdf66163b080942a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 2 May 2025 15:47:58 +0200 Subject: [PATCH 0270/1064] helm: automatically enforce RPSS if configured Signed-off-by: Simon L. --- .github/workflows/update-helm.yml | 2 +- nextcloud-aio-helm-chart/update-helm.sh | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index acce2637..9b261a78 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -19,7 +19,7 @@ jobs: DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g;s|,||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)" export DOCKER_TAG set +x - if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then + if [ -n "$DOCKER_TAG" ] && ! grep -q "aio-nextcloud:$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG" fi - name: Create Pull Request diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 01c07bad..90e17af4 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -259,6 +259,15 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/ find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; # shellcheck disable=SC1083 find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if and \(ne .Values.NAMESPACE \"default\"\) \(ne .Values.NAMESPACE_DISABLED \"yes\"\) }}" \{} \; +# Additional config +cat << EOL > /tmp/additional-namespace.config + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} + labels: + pod-security.kubernetes.io/enforce: restricted + {{- end }} +EOL +# shellcheck disable=SC1083 +find ./ -name "*namespace.yaml" -exec sed -i "/namespace.*/r /tmp/additional-namespace.config" \{} \; # shellcheck disable=SC1083 find ./ -name "*namespace.yaml" -exec sed -i "$ a {{- end }}" \{} \; # shellcheck disable=SC1083 From cffc7cf8a7ed40740fac80cc4fcbdbff20cdc8a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 May 2025 04:41:09 +0000 Subject: [PATCH 0271/1064] build(deps): bump strukturag/nextcloud-spreed-signaling Bumps strukturag/nextcloud-spreed-signaling from 2.0.2 to 2.0.3. --- updated-dependencies: - dependency-name: strukturag/nextcloud-spreed-signaling dependency-version: 2.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index d85d3305..56402efc 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM nats:2.11.3-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal -FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling +FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling FROM alpine:3.21.3 AS janus ARG JANUS_VERSION=v1.3.1 From c306ec7351c7eb6d4c6effcab816591a9ecf1715 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 8 May 2025 12:02:01 +0200 Subject: [PATCH 0272/1064] containers.json: always add chown cap to collabora Signed-off-by: Simon L. --- php/containers.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/php/containers.json b/php/containers.json index d87fe9ca..38fdb09a 100644 --- a/php/containers.json +++ b/php/containers.json @@ -393,7 +393,8 @@ ], "cap_add": [ "MKNOD", - "SYS_ADMIN" + "SYS_ADMIN", + "CHOWN" ], "cap_drop": [ "NET_RAW" From 7b92179c2423bd8420e41cb4a328b6b002e9c528 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 8 May 2025 12:03:10 +0000 Subject: [PATCH 0273/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 87 ++++++++++++++++++++++++----------------------- 1 file changed, 44 insertions(+), 43 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index b1de606a..0d5922a2 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -1398,7 +1398,7 @@ }, { "name": "symfony/polyfill-ctype", - "version": "v1.31.0", + "version": "v1.32.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", @@ -1457,7 +1457,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.31.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.32.0" }, "funding": [ { @@ -1477,19 +1477,20 @@ }, { "name": "symfony/polyfill-mbstring", - "version": "v1.31.0", + "version": "v1.32.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341" + "reference": "6d857f4d76bd4b343eac26d6b539585d2bc56493" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/85181ba99b2345b0ef10ce42ecac37612d9fd341", - "reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6d857f4d76bd4b343eac26d6b539585d2bc56493", + "reference": "6d857f4d76bd4b343eac26d6b539585d2bc56493", "shasum": "" }, "require": { + "ext-iconv": "*", "php": ">=7.2" }, "provide": { @@ -1537,7 +1538,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.31.0" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.32.0" }, "funding": [ { @@ -1553,11 +1554,11 @@ "type": "tidelift" } ], - "time": "2024-09-09T11:45:10+00:00" + "time": "2024-12-23T08:48:59+00:00" }, { "name": "symfony/polyfill-php81", - "version": "v1.31.0", + "version": "v1.32.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php81.git", @@ -1613,7 +1614,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php81/tree/v1.31.0" + "source": "https://github.com/symfony/polyfill-php81/tree/v1.32.0" }, "funding": [ { @@ -1633,16 +1634,16 @@ }, { "name": "twig/twig", - "version": "v3.20.0", + "version": "v3.21.1", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "3468920399451a384bef53cf7996965f7cd40183" + "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/3468920399451a384bef53cf7996965f7cd40183", - "reference": "3468920399451a384bef53cf7996965f7cd40183", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/285123877d4dd97dd7c11842ac5fb7e86e60d81d", + "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d", "shasum": "" }, "require": { @@ -1696,7 +1697,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.20.0" + "source": "https://github.com/twigphp/Twig/tree/v3.21.1" }, "funding": [ { @@ -1708,7 +1709,7 @@ "type": "tidelift" } ], - "time": "2025-02-13T08:34:43+00:00" + "time": "2025-05-03T07:21:55+00:00" } ], "packages-dev": [ @@ -3947,16 +3948,16 @@ }, { "name": "symfony/console", - "version": "v6.4.20", + "version": "v6.4.21", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "2e4af9c952617cc3f9559ff706aee420a8464c36" + "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/2e4af9c952617cc3f9559ff706aee420a8464c36", - "reference": "2e4af9c952617cc3f9559ff706aee420a8464c36", + "url": "https://api.github.com/repos/symfony/console/zipball/a3011c7b7adb58d89f6c0d822abb641d7a5f9719", + "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719", "shasum": "" }, "require": { @@ -4021,7 +4022,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.20" + "source": "https://github.com/symfony/console/tree/v6.4.21" }, "funding": [ { @@ -4037,7 +4038,7 @@ "type": "tidelift" } ], - "time": "2025-03-03T17:16:38+00:00" + "time": "2025-04-07T15:42:41+00:00" }, { "name": "symfony/filesystem", @@ -4171,7 +4172,7 @@ }, { "name": "symfony/polyfill-intl-grapheme", - "version": "v1.31.0", + "version": "v1.32.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-grapheme.git", @@ -4229,7 +4230,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.31.0" + "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.32.0" }, "funding": [ { @@ -4249,7 +4250,7 @@ }, { "name": "symfony/polyfill-intl-normalizer", - "version": "v1.31.0", + "version": "v1.32.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-normalizer.git", @@ -4310,7 +4311,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.31.0" + "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.32.0" }, "funding": [ { @@ -4330,16 +4331,16 @@ }, { "name": "symfony/polyfill-php84", - "version": "v1.31.0", + "version": "v1.32.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php84.git", - "reference": "e5493eb51311ab0b1cc2243416613f06ed8f18bd" + "reference": "000df7860439609837bbe28670b0be15783b7fbf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/e5493eb51311ab0b1cc2243416613f06ed8f18bd", - "reference": "e5493eb51311ab0b1cc2243416613f06ed8f18bd", + "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/000df7860439609837bbe28670b0be15783b7fbf", + "reference": "000df7860439609837bbe28670b0be15783b7fbf", "shasum": "" }, "require": { @@ -4386,7 +4387,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php84/tree/v1.31.0" + "source": "https://github.com/symfony/polyfill-php84/tree/v1.32.0" }, "funding": [ { @@ -4402,7 +4403,7 @@ "type": "tidelift" } ], - "time": "2024-09-09T12:04:04+00:00" + "time": "2025-02-20T12:04:08+00:00" }, { "name": "symfony/service-contracts", @@ -4489,16 +4490,16 @@ }, { "name": "symfony/string", - "version": "v7.2.0", + "version": "v7.2.6", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "446e0d146f991dde3e73f45f2c97a9faad773c82" + "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/446e0d146f991dde3e73f45f2c97a9faad773c82", - "reference": "446e0d146f991dde3e73f45f2c97a9faad773c82", + "url": "https://api.github.com/repos/symfony/string/zipball/a214fe7d62bd4df2a76447c67c6b26e1d5e74931", + "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931", "shasum": "" }, "require": { @@ -4556,7 +4557,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.2.0" + "source": "https://github.com/symfony/string/tree/v7.2.6" }, "funding": [ { @@ -4572,20 +4573,20 @@ "type": "tidelift" } ], - "time": "2024-11-13T13:31:26+00:00" + "time": "2025-04-20T20:18:16+00:00" }, { "name": "vimeo/psalm", - "version": "6.10.1", + "version": "6.10.3", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b" + "reference": "90b5b9f5e7c8e441b191d3c82c58214753d7c7c1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b", - "reference": "f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/90b5b9f5e7c8e441b191d3c82c58214753d7c7c1", + "reference": "90b5b9f5e7c8e441b191d3c82c58214753d7c7c1", "shasum": "" }, "require": { @@ -4690,7 +4691,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2025-04-21T18:47:37+00:00" + "time": "2025-05-05T18:23:39+00:00" }, { "name": "wapmorgan/php-deprecation-detector", From 61ccc553aac9bd9293471dab68567b7728d07280 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 May 2025 05:02:17 +0000 Subject: [PATCH 0274/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.4.6-fpm-alpine3.21 to 8.4.7-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-version: 8.4.7-fpm-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index f9ae4118..06971642 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:28.1.1-cli AS docker FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile -FROM php:8.4.6-fpm-alpine3.21 +FROM php:8.4.7-fpm-alpine3.21 EXPOSE 80 EXPOSE 8080 From 89b9400e683190f4ead6ad97c0f37c86fef6ecc3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 May 2025 05:02:36 +0000 Subject: [PATCH 0275/1064] build(deps): bump postgres in /Containers/postgresql Bumps postgres from 16.8-alpine to 16.9-alpine. --- updated-dependencies: - dependency-name: postgres dependency-version: 16.9-alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/postgresql/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index 7abeaedb..462b3069 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile -FROM postgres:16.8-alpine +FROM postgres:16.9-alpine COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From ddb9b179bde4a89f58a784c00f0165927a59df3c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 9 May 2025 10:06:56 +0200 Subject: [PATCH 0276/1064] talk-recording: add NC_PROTOCOL variable to separate from HPB_PROTOCOL Signed-off-by: Simon L. --- Containers/talk-recording/Dockerfile | 1 + Containers/talk-recording/start.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index bfdc1f59..aac488f5 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -7,6 +7,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh ENV RECORDING_VERSION=v0.1 ENV ALLOW_ALL=false ENV HPB_PROTOCOL=https +ENV NC_PROTOCOL=https ENV SKIP_VERIFY=false ENV HPB_PATH=/standalone-signaling/ diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh index c73b7ea1..a03eed04 100644 --- a/Containers/talk-recording/start.sh +++ b/Containers/talk-recording/start.sh @@ -39,7 +39,7 @@ videoheight = 1080 directory = /tmp [backend-1] -url = ${HPB_PROTOCOL}://${NC_DOMAIN} +url = ${NC_PROTOCOL}://${NC_DOMAIN} secret = ${RECORDING_SECRET} skipverify = ${SKIP_VERIFY} From c14b5f55902aae81f2b36312090fbb9ed3871980 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 May 2025 04:50:22 +0000 Subject: [PATCH 0277/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.18.0 to 8.18.1. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.18.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 48a764f5..161c7761 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.18.0 +FROM elasticsearch:8.18.1 USER root From 9f44eb91cd64fcca8959b6b205c45589e3392f4f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 May 2025 04:51:07 +0000 Subject: [PATCH 0278/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.20-fpm-alpine3.21 to 8.3.21-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.21-fpm-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 540c4e00..d6ec5a16 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.20-fpm-alpine3.21 +FROM php:8.3.21-fpm-alpine3.21 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From 96a7bb0c22ca8b7c5f3fc4cfbc36d932a2f48f24 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 12 May 2025 08:33:50 +0000 Subject: [PATCH 0279/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-namespace-namespace.yaml | 4 ++++ .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 15 files changed, 23 insertions(+), 19 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index f0ce6c79..9bc9d986 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.13.0 +version: 10.14.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index caadb3bb..aa1a58ac 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-apache:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index a4da3bf9..7fd39530 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-clamav:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index c3711fa7..c509942d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-collabora:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 43263de6..ac2ea818 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index b0d04339..95c7839a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 384d5b05..20623b94 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml index cf705b7c..212715e9 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml @@ -4,4 +4,8 @@ kind: Namespace metadata: name: "{{ .Values.NAMESPACE }}" namespace: "{{ .Values.NAMESPACE }}" + {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} + labels: + pod-security.kubernetes.io/enforce: restricted + {{- end }} {{- end }} diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index d0f05f04..dcf038dc 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 command: - chmod - "777" @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250512_082954 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index fcd5618e..ba26b28b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index c2a3c1be..2b61ab57 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 51141e1d..7bae7aab 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-redis:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 16d52411..f9ace872 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-talk:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 57515214..408ae147 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250512_082954 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index d5be0d85..17f26c12 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250424_092733 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250512_082954 readinessProbe: exec: command: From e6df8699904347fdb988cbe43850570585e12e74 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 12 May 2025 12:03:46 +0000 Subject: [PATCH 0280/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index a8bdb0be..04ac9193 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -264,6 +264,7 @@ services: cap_add: - MKNOD - SYS_ADMIN + - CHOWN cap_drop: - NET_RAW From 076b923f3d35a494a443eef59859dd23cb55650f Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Tue, 13 May 2025 04:11:07 +0000 Subject: [PATCH 0281/1064] Update psalm baseline Signed-off-by: GitHub --- php/psalm-baseline.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index 31703b3a..95ad3803 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,5 +1,5 @@ - + From 74e4db570b07666dd6d261a71936b81c77a6ba71 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 15 May 2025 12:13:14 +0000 Subject: [PATCH 0282/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index d6ec5a16..5b6aa8d6 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=30.0.10 +ENV NEXTCLOUD_VERSION=30.0.11 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 6c49505b067f8aa0e60df62160190ebef116bde0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 May 2025 05:07:04 +0000 Subject: [PATCH 0283/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 24.04.13.3.1 to 25.04.2.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.2.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 098e2cd5..0e37c0b6 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:24.04.13.3.1 +FROM collabora/code:25.04.2.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 5536121899eefcbadc3e388bfae5718baf2bbcd9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 19 May 2025 14:31:29 +0200 Subject: [PATCH 0284/1064] add `org.label-schema.vendor="Nextcloud"` label to all containers Signed-off-by: Simon L. --- Containers/alpine/Dockerfile | 2 ++ Containers/apache/Dockerfile | 3 ++- Containers/borgbackup/Dockerfile | 3 ++- Containers/clamav/Dockerfile | 3 ++- Containers/collabora/Dockerfile | 3 ++- Containers/docker-socket-proxy/Dockerfile | 3 ++- Containers/domaincheck/Dockerfile | 3 ++- Containers/fulltextsearch/Dockerfile | 3 ++- Containers/imaginary/Dockerfile | 5 +++-- Containers/mastercontainer/Dockerfile | 2 ++ Containers/nextcloud/Dockerfile | 3 ++- Containers/notify-push/Dockerfile | 3 ++- Containers/onlyoffice/Dockerfile | 3 ++- Containers/postgresql/Dockerfile | 3 ++- Containers/redis/Dockerfile | 3 ++- Containers/talk-recording/Dockerfile | 3 ++- Containers/talk/Dockerfile | 3 ++- Containers/watchtower/Dockerfile | 3 ++- Containers/whiteboard/Dockerfile | 3 ++- 19 files changed, 39 insertions(+), 18 deletions(-) diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile index b690b530..8d180272 100644 --- a/Containers/alpine/Dockerfile +++ b/Containers/alpine/Dockerfile @@ -3,3 +3,5 @@ FROM alpine:3.21.3 RUN set -ex; \ apk upgrade --no-cache -a + +LABEL org.label-schema.vendor="Nextcloud" diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index aeb3b12d..615aeca4 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -87,4 +87,5 @@ ENTRYPOINT ["/start.sh"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] HEALTHCHECK CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile index d2f78df2..70d2ea11 100644 --- a/Containers/borgbackup/Dockerfile +++ b/Containers/borgbackup/Dockerfile @@ -23,5 +23,6 @@ ENTRYPOINT ["/start.sh"] # hadolint ignore=DL3002 USER root -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6" diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index e79d452d..f371ffd5 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -21,5 +21,6 @@ USER 100 VOLUME /var/lib/clamav ENTRYPOINT ["/start.sh"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 098e2cd5..93e4a86e 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -19,4 +19,5 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh USER 1001 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 1480d292..a3babe4c 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -18,4 +18,5 @@ COPY --chmod=664 haproxy.cfg /haproxy.cfg ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile index d36a2611..9b248e39 100644 --- a/Containers/domaincheck/Dockerfile +++ b/Containers/domaincheck/Dockerfile @@ -17,4 +17,5 @@ USER www-data ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1 -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 161c7761..364dd205 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -21,5 +21,6 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh USER 1000:0 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" ENV ES_JAVA_OPTS="-Xms512M -Xmx512M" diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 11928b93..58866e00 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM golang:1.24.3-alpine3.21 AS go -ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 +ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 RUN set -ex; \ apk upgrade --no-cache -a; \ @@ -42,4 +42,5 @@ ENV MALLOC_ARENA_MAX=2 ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 06971642..bb1c2fd6 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -122,6 +122,8 @@ COPY --chmod=664 Caddyfile /Caddyfile COPY --chmod=664 supervisord.conf /supervisord.conf COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf +LABEL org.label-schema.vendor="Nextcloud" + # hadolint ignore=DL3002 USER root diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 5b6aa8d6..23c7db8a 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -265,4 +265,5 @@ ENTRYPOINT ["/start.sh"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] HEALTHCHECK CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile index 15fd98a0..18cbc0c4 100644 --- a/Containers/notify-push/Dockerfile +++ b/Containers/notify-push/Dockerfile @@ -21,4 +21,5 @@ USER 33 ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index b7da779e..97587907 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -7,4 +7,5 @@ FROM onlyoffice/documentserver:8.3.3.1 COPY --chmod=775 healthcheck.sh /healthcheck.sh HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index 462b3069..e32cc146 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -43,4 +43,5 @@ USER 999 ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index 2181f47a..03399c9a 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -20,4 +20,5 @@ USER 999 ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index aac488f5..ab4100a9 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -57,4 +57,5 @@ ENTRYPOINT ["/start.sh"] CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"] HEALTHCHECK CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 56402efc..24d7a53c 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -105,4 +105,5 @@ ENTRYPOINT ["/start.sh"] CMD ["supervisord", "-c", "/supervisord.conf"] HEALTHCHECK CMD /healthcheck.sh -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 90d18aeb..6daf4f10 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -21,4 +21,5 @@ COPY --chmod=775 start.sh /start.sh USER root ENTRYPOINT ["/start.sh"] -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index c208a403..41f27704 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -18,4 +18,5 @@ WORKDIR /tmp ENTRYPOINT ["/start.sh"] -LABEL com.centurylinklabs.watchtower.enable="false" +LABEL com.centurylinklabs.watchtower.enable="false" \ + org.label-schema.vendor="Nextcloud" From b94d8073287a4f0befc7c05950ada5cdceba1cf0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 19 May 2025 14:56:58 +0200 Subject: [PATCH 0285/1064] increase to 10.15.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 769f70d9..fe83cc61 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.14.0

    +

    Nextcloud AIO v10.15.0

    {# Add 2nd tab warning #} From b73419c4dadc50842bff513c1a0ebc9ba7913a2e Mon Sep 17 00:00:00 2001 From: Florian Wallner Date: Tue, 20 May 2025 20:46:25 +0200 Subject: [PATCH 0286/1064] Update readme.md Fix broken link Signed-off-by: Florian Wallner --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index c44b8f83..0c6e9563 100644 --- a/readme.md +++ b/readme.md @@ -820,7 +820,7 @@ Backing up directly to a remote borg repository is supported. This avoids having Some alternatives, which do not have all the above benefits: - Mount a network FS like SSHFS, SMB or NFS in the directory that you enter in AIO as backup directory -- Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive) +- Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-local-backups-regularly-to-another-drive) - You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247 - Here is another one that utilizes borgmatic and BorgBase for remote backups: https://github.com/nextcloud/all-in-one/discussions/4391 - create your own backup solution using a script and borg, borgmatic or any other to backup tool for backing up to a remote target (make sure to stop and start the AIO containers correctly following https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand) From 25da732d82b6464a38a4cfd15755a6c3fca035c4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 21 May 2025 14:43:44 +0200 Subject: [PATCH 0287/1064] nextcloud: increase apc.shm_size to 64M to match the docker default shm-size Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 23c7db8a..4bf06f44 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -118,7 +118,10 @@ RUN set -ex; \ echo 'opcache.jit_buffer_size=8M'; \ } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ \ - echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ + { \ + echo 'apc.enable_cli=1'; \ + echo 'apc.shm_size=64M'; \ + } >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ \ { \ echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ From bf61090568b5adc88c59527a19047e382e0e8c20 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 22 May 2025 12:03:18 +0000 Subject: [PATCH 0288/1064] imaginary-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 58866e00..9e6ce5b7 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM golang:1.24.3-alpine3.21 AS go -ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 +ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 RUN set -ex; \ apk upgrade --no-cache -a; \ From 1afe2afed08efbe358d69c341f16c8861af30705 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 22 May 2025 12:03:18 +0000 Subject: [PATCH 0289/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 0d5922a2..9bc4e45d 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -4577,16 +4577,16 @@ }, { "name": "vimeo/psalm", - "version": "6.10.3", + "version": "6.11.0", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "90b5b9f5e7c8e441b191d3c82c58214753d7c7c1" + "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/90b5b9f5e7c8e441b191d3c82c58214753d7c7c1", - "reference": "90b5b9f5e7c8e441b191d3c82c58214753d7c7c1", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0", + "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0", "shasum": "" }, "require": { @@ -4691,7 +4691,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2025-05-05T18:23:39+00:00" + "time": "2025-05-12T11:30:26+00:00" }, { "name": "wapmorgan/php-deprecation-detector", From a18371c0742adece0a81fea3a4dd02c481390a8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 May 2025 04:51:55 +0000 Subject: [PATCH 0290/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.3-scratch to 2.11.4-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.4-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 24d7a53c..a84864cc 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.3-scratch AS nats +FROM nats:2.11.4-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling FROM alpine:3.21.3 AS janus From 12340a7ce9066c57065afb658635a90a7ca56950 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 11:11:44 +0200 Subject: [PATCH 0291/1064] adjust instructions how to promote builds from beta to latest Signed-off-by: Simon L. --- develop.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/develop.md b/develop.md index 6f84b2d4..b6aa031d 100644 --- a/develop.md +++ b/develop.md @@ -41,8 +41,9 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m ## How to promote builds from beta to latest +1. Verify that GitHub Services are running correctly: https://www.githubstatus.com/ 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml -2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`. +1. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`. ## How to connect to the database? Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in. From 43d16a3b25d3f772d5aaf34e1960cc158ce4ac3a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 13:28:09 +0200 Subject: [PATCH 0292/1064] nextcloud: remove workaround to update logic in entrypoint Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index e84636dc..23450c07 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -105,20 +105,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then # Write output to logfile. exec > >(tee -i "/var/www/html/data/update.log") exec 2>&1 - # Run built-in upgrader if version is below 28.0.2 to upgrade to 28.0.x first - touch "$NEXTCLOUD_DATA_DIR/update.failed" - if ! version_greater "$installed_version" "28.0.1.20"; then - php /var/www/html/updater/updater.phar --no-interaction --no-backup - if ! php /var/www/html/occ upgrade || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then - echo "Upgrade failed. Please restore from backup." - bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!" - exit 1 - fi - rm "$NEXTCLOUD_DATA_DIR/update.failed" - # shellcheck disable=SC2016 - installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" - INSTALLED_MAJOR="${installed_version%%.*}" - fi fi if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then From 117a5dfd344bf4d45aa23979dc91dbbdb5d449ae Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 13:31:31 +0200 Subject: [PATCH 0293/1064] app: increase version to allow nc31 Signed-off-by: Simon L. --- app/appinfo/info.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml index 43c22ebd..069786d8 100644 --- a/app/appinfo/info.xml +++ b/app/appinfo/info.xml @@ -5,7 +5,7 @@ Nextcloud All-in-One Provides a login link for admins. Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface - 0.7.0 + 0.8.0 agpl Azul AllInOne @@ -13,7 +13,7 @@ monitoring https://github.com/nextcloud/all-in-one/issues - + From c509ce6c8f39499d6934ee10683865cd48c2e6ba Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 13:33:31 +0200 Subject: [PATCH 0294/1064] nextcloud: add pandoc to container Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 4bf06f44..8f8bb553 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -227,6 +227,7 @@ RUN set -ex; \ grep \ nodejs \ libreoffice \ + pandoc-cli \ bind-tools \ imagemagick \ imagemagick-svg \ From d0d11cc8189ce562ebe4f9f04a3d480722049108 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 13:38:22 +0200 Subject: [PATCH 0295/1064] postgres: increase to 17 Signed-off-by: Simon L. --- Containers/postgresql/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index e32cc146..36394b05 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest -# From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile -FROM postgres:16.9-alpine +# From https://github.com/docker-library/postgres/blob/master/17/alpine3.21/Dockerfile +FROM postgres:17.5-alpine COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 18663f0b05f85d569ab8a4e6d2f5e472ece49738 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 13:49:41 +0200 Subject: [PATCH 0296/1064] nextcloud: upgrade to nc31 Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 8f8bb553..95af7608 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=30.0.11 +ENV NEXTCLOUD_VERSION=31.0.5 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 2d9152d09a13ec87d6e8f9c4da64b14c5e0617c3 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 13:54:39 +0200 Subject: [PATCH 0297/1064] aio-interface: hide instructions for upgrading to nc31 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index fe83cc61..6a1f67cc 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -33,7 +33,7 @@ {% set isBackupOrRestoreRunning = false %} {% set isApacheStarting = false %} {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #} - {% set newMajorVersion = 31 %} + {% set newMajorVersion = '' %} {% if is_backup_container_running == true %} {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %} From 347aaf618efd5da4a352ebeff755187cadec0b52 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 26 May 2025 12:03:12 +0000 Subject: [PATCH 0298/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 9bc4e45d..0e43416e 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -1331,16 +1331,16 @@ }, { "name": "symfony/deprecation-contracts", - "version": "v3.5.1", + "version": "v3.6.0", "source": { "type": "git", "url": "https://github.com/symfony/deprecation-contracts.git", - "reference": "74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6" + "reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6", - "reference": "74c71c939a79f7d5bf3c1ce9f5ea37ba0114c6f6", + "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62", + "reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62", "shasum": "" }, "require": { @@ -1353,7 +1353,7 @@ "name": "symfony/contracts" }, "branch-alias": { - "dev-main": "3.5-dev" + "dev-main": "3.6-dev" } }, "autoload": { @@ -1378,7 +1378,7 @@ "description": "A generic function and convention to trigger deprecation notices", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/deprecation-contracts/tree/v3.5.1" + "source": "https://github.com/symfony/deprecation-contracts/tree/v3.6.0" }, "funding": [ { @@ -1394,7 +1394,7 @@ "type": "tidelift" } ], - "time": "2024-09-25T14:20:29+00:00" + "time": "2024-09-25T14:21:43+00:00" }, { "name": "symfony/polyfill-ctype", @@ -4407,16 +4407,16 @@ }, { "name": "symfony/service-contracts", - "version": "v3.5.1", + "version": "v3.6.0", "source": { "type": "git", "url": "https://github.com/symfony/service-contracts.git", - "reference": "e53260aabf78fb3d63f8d79d69ece59f80d5eda0" + "reference": "f021b05a130d35510bd6b25fe9053c2a8a15d5d4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/service-contracts/zipball/e53260aabf78fb3d63f8d79d69ece59f80d5eda0", - "reference": "e53260aabf78fb3d63f8d79d69ece59f80d5eda0", + "url": "https://api.github.com/repos/symfony/service-contracts/zipball/f021b05a130d35510bd6b25fe9053c2a8a15d5d4", + "reference": "f021b05a130d35510bd6b25fe9053c2a8a15d5d4", "shasum": "" }, "require": { @@ -4434,7 +4434,7 @@ "name": "symfony/contracts" }, "branch-alias": { - "dev-main": "3.5-dev" + "dev-main": "3.6-dev" } }, "autoload": { @@ -4470,7 +4470,7 @@ "standards" ], "support": { - "source": "https://github.com/symfony/service-contracts/tree/v3.5.1" + "source": "https://github.com/symfony/service-contracts/tree/v3.6.0" }, "funding": [ { @@ -4486,7 +4486,7 @@ "type": "tidelift" } ], - "time": "2024-09-25T14:20:29+00:00" + "time": "2025-04-25T09:37:31+00:00" }, { "name": "symfony/string", From 100d37004724e40d2b5e4570215fa650f6b6d8ef Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 26 May 2025 12:46:45 +0000 Subject: [PATCH 0299/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-apache-service.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-clamav-service.yaml | 2 +- .../templates/nextcloud-aio-collabora-deployment.yaml | 7 ++++--- .../templates/nextcloud-aio-collabora-service.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-database-service.yaml | 2 +- .../nextcloud-aio-fulltextsearch-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-fulltextsearch-service.yaml | 2 +- .../templates/nextcloud-aio-imaginary-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-imaginary-service.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-nextcloud-service.yaml | 2 +- .../templates/nextcloud-aio-notify-push-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-notify-push-service.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-onlyoffice-service.yaml | 2 +- .../templates/nextcloud-aio-redis-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-redis-service.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 6 +++--- .../nextcloud-aio-talk-recording-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-talk-recording-service.yaml | 2 +- .../templates/nextcloud-aio-talk-service.yaml | 4 ++-- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-whiteboard-service.yaml | 2 +- 27 files changed, 60 insertions(+), 59 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 9bc9d986..35941779 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.14.0 +version: 10.15.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index aa1a58ac..8a487d8f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-apache name: nextcloud-aio-apache @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-apache spec: @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-apache:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml index 596014ef..f496a3f8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-apache name: nextcloud-aio-apache diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 7fd39530..19bb3019 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-clamav name: nextcloud-aio-clamav @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-clamav spec: @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-clamav:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml index 68dead85..67a05650 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-clamav name: nextcloud-aio-clamav diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index c509942d..176bd140 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-collabora name: nextcloud-aio-collabora @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-collabora spec: @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-collabora:20250526_095855 readinessProbe: exec: command: @@ -61,4 +61,5 @@ spec: add: - MKNOD - CAP_SYS_ADMIN + - CHOWN={{ .Values.CHOWN }} {{- end }} diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml index f2e6b3cb..081a8131 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-collabora name: nextcloud-aio-collabora diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index ac2ea818..b206b590 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-database name: nextcloud-aio-database @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-database spec: @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml index 8a022a4d..e0abad63 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-database name: nextcloud-aio-database diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 95c7839a..e968f3f7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-fulltextsearch name: nextcloud-aio-fulltextsearch @@ -18,13 +18,13 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-fulltextsearch spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml index 57a9f9a7..29dc4871 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-fulltextsearch name: nextcloud-aio-fulltextsearch diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 20623b94..c10c6f81 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-imaginary name: nextcloud-aio-imaginary @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-imaginary spec: @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml index fd6dafb5..28bc08be 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-imaginary name: nextcloud-aio-imaginary diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index dcf038dc..a342ed1d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-nextcloud name: nextcloud-aio-nextcloud @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-nextcloud spec: @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 command: - chmod - "777" @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250526_095855 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml index 1b77fb50..6394b6fc 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-nextcloud name: nextcloud-aio-nextcloud diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index ba26b28b..06dfdd2c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-notify-push name: nextcloud-aio-notify-push @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-notify-push spec: @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml index d15c1bc3..58bc411b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-notify-push name: nextcloud-aio-notify-push diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 2b61ab57..4a195c9a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-onlyoffice name: nextcloud-aio-onlyoffice @@ -18,13 +18,13 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-onlyoffice spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml index 11761892..08ea4965 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-onlyoffice name: nextcloud-aio-onlyoffice diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 7bae7aab..64bbdbce 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-redis name: nextcloud-aio-redis @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-redis spec: @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-redis:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml index c12d28fa..3deae463 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-redis name: nextcloud-aio-redis diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index f9ace872..e4fed0cd 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-talk spec: @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-talk:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 408ae147..29275b61 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-talk-recording name: nextcloud-aio-talk-recording @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-talk-recording spec: @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml index f2413fb2..9fe10d57 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-talk-recording name: nextcloud-aio-talk-recording diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml index d2da42f7..1b7f1a05 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk-public @@ -28,7 +28,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 17f26c12..600b193e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-whiteboard name: nextcloud-aio-whiteboard @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-whiteboard spec: @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250512_082954 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250526_095855 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml index 8c0df7f2..29232bee 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.35.0 (9532ceef3) + kompose.version: 1.36.0 (ae2a39403) labels: io.kompose.service: nextcloud-aio-whiteboard name: nextcloud-aio-whiteboard From b5ff2376d8f2a81afbcaae6eb0359b09e8a507d8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 15:26:31 +0200 Subject: [PATCH 0300/1064] fix update-helm script Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 90e17af4..7ad3bd32 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -27,7 +27,7 @@ cp latest.yml latest.yml.backup # Additional config # shellcheck disable=SC1083 -sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml +sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml cp sample.conf /tmp/ sed -i 's|^|export |' /tmp/sample.conf # shellcheck disable=SC1091 From e69372e8e4aa5df6c18694e04b629e63b134aa49 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 15:27:31 +0200 Subject: [PATCH 0301/1064] downgrade helm-chart to 10.14.0 Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 35941779..9bc9d986 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.15.0 +version: 10.14.0 apiVersion: v2 keywords: - latest From ae841a66a7f3f65c7f4e7ac5eb0ea2374c2aa27c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 May 2025 15:29:04 +0200 Subject: [PATCH 0302/1064] upgrade helm-chart to v10.15.0 Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 9bc9d986..35941779 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.14.0 +version: 10.15.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 176bd140..cb1a6621 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -61,5 +61,5 @@ spec: add: - MKNOD - CAP_SYS_ADMIN - - CHOWN={{ .Values.CHOWN }} + - CHOWN {{- end }} From 8a4789a903d8b930085d4634108d5f2c91575771 Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Tue, 27 May 2025 04:12:55 +0000 Subject: [PATCH 0303/1064] Update psalm baseline Signed-off-by: GitHub --- php/psalm-baseline.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index 95ad3803..3b4342cf 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,5 +1,5 @@ - + From de6fde26cd443d636a8fdc76bc9658077fae04be Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 27 May 2025 12:49:37 +0200 Subject: [PATCH 0304/1064] readme: update docs regarding unothorized ACME challenges Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 0c6e9563..3052b303 100644 --- a/readme.md +++ b/readme.md @@ -736,7 +736,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`). ### Securing the AIO interface from unauthorized ACME challenges -[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure. +[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface on port 8443, is configured to accept traffic on any valid domain in order to make the AIO interface as convenient to use as possible. However due to this, it is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure. ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO? Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md) From 68ae9c055a4cd99e319f19dd2ac42e4cbc85134b Mon Sep 17 00:00:00 2001 From: thiswillbeyourgithub <26625900+thiswillbeyourgithub@users.noreply.github.com> Date: Tue, 27 May 2025 16:00:58 +0200 Subject: [PATCH 0305/1064] doc: clarify migration steps Signed-off-by: thiswillbeyourgithub <26625900+thiswillbeyourgithub@users.noreply.github.com> --- migration.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/migration.md b/migration.md index e3fc4a56..45a19a1c 100644 --- a/migration.md +++ b/migration.md @@ -58,8 +58,8 @@ The procedure for migrating the files and the database works like this: **Please note:** The exact name of the database export file is important! (`database-dump.sql`)
    And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly). 1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. Also install all apps via the apps management site that were installed on the old Nextcloud installation. Otherwise they will show as installed, but will not work. -1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!) -1. Now, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export: +1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again). Once finished, all containers are automatically stopped and is expected: **don't start the container again at this point!** +1. Now, with the containers still stopped, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export: 1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`. 1. Now, create a copy of the database file so that you can simply restore it if you should make a mistake while editing: `cp database-dump.sql database-dump.sql.backup` 1. Next, open the database export with e.g. nano: `nano database-dump.sql` @@ -81,7 +81,6 @@ The same applies for the second statement, check with `grep " OWNER TO nextcloud 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions on the datadirectory. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.) 1. Edit the Nextcloud AIO config.php file using `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on). 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running. -1. As last step, install all apps again that were installed before on your old instance by using the webinterface. Now the whole Nextcloud instance should work again.
    If not, feel free to restore the AIO instance from backup and start at step 8 again. From a72bdf097f3f10fcadffa3b78e9a639e8e28c306 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 28 May 2025 11:08:34 +0200 Subject: [PATCH 0306/1064] clamav: move LocalSocket to `/tmp/clamd.sock` Signed-off-by: Simon L. --- Containers/clamav/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index f371ffd5..2b7bd30b 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -11,6 +11,7 @@ RUN set -ex; \ sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \ + sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \ freshclam --foreground --stdout COPY --chmod=775 start.sh /start.sh From 73ccf23e9248391e551312f073317764ee06e74f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 May 2025 04:33:18 +0000 Subject: [PATCH 0307/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.1.7-alpine to 3.2.0-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.2.0-alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index a3babe4c..3b19c0af 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.1.7-alpine +FROM haproxy:3.2.0-alpine # hadolint ignore=DL3002 USER root From 87b05728458690d5fbb773dbce29af2f444d75bd Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 29 May 2025 12:03:15 +0000 Subject: [PATCH 0308/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 0e43416e..7e389e82 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -3948,16 +3948,16 @@ }, { "name": "symfony/console", - "version": "v6.4.21", + "version": "v6.4.22", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719" + "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/a3011c7b7adb58d89f6c0d822abb641d7a5f9719", - "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719", + "url": "https://api.github.com/repos/symfony/console/zipball/7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3", + "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3", "shasum": "" }, "require": { @@ -4022,7 +4022,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.21" + "source": "https://github.com/symfony/console/tree/v6.4.22" }, "funding": [ { @@ -4038,11 +4038,11 @@ "type": "tidelift" } ], - "time": "2025-04-07T15:42:41+00:00" + "time": "2025-05-07T07:05:04+00:00" }, { "name": "symfony/filesystem", - "version": "v7.2.0", + "version": "v7.3.0", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", @@ -4088,7 +4088,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v7.2.0" + "source": "https://github.com/symfony/filesystem/tree/v7.3.0" }, "funding": [ { @@ -4490,16 +4490,16 @@ }, { "name": "symfony/string", - "version": "v7.2.6", + "version": "v7.3.0", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931" + "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/a214fe7d62bd4df2a76447c67c6b26e1d5e74931", - "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931", + "url": "https://api.github.com/repos/symfony/string/zipball/f3570b8c61ca887a9e2938e85cb6458515d2b125", + "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125", "shasum": "" }, "require": { @@ -4557,7 +4557,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.2.6" + "source": "https://github.com/symfony/string/tree/v7.3.0" }, "funding": [ { @@ -4573,7 +4573,7 @@ "type": "tidelift" } ], - "time": "2025-04-20T20:18:16+00:00" + "time": "2025-04-20T20:19:01+00:00" }, { "name": "vimeo/psalm", From 1edd280cc850e7912a10c03919b196cac0b35426 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 May 2025 04:39:48 +0000 Subject: [PATCH 0309/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.18.1 to 8.18.2. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.18.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 364dd205..ae7eee63 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.18.1 +FROM elasticsearch:8.18.2 USER root From 945b767e2c93a7fd69fbf05f1448bfb685e9c46a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 May 2025 04:39:56 +0000 Subject: [PATCH 0310/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.1.1-cli to 28.2.1-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.2.1-cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index bb1c2fd6..f241fa91 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.1.1-cli AS docker +FROM docker:28.2.1-cli AS docker # Caddy is a requirement FROM caddy:2.10.0-alpine AS caddy From b6c078847d81fdfc6e2c0cacc4ebc489d56a363a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 May 2025 04:40:25 +0000 Subject: [PATCH 0311/1064] build(deps): bump redis in /Containers/redis Bumps redis from 7.2.8-alpine to 7.2.9-alpine. --- updated-dependencies: - dependency-name: redis dependency-version: 7.2.9-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/redis/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index 03399c9a..92f2b17c 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile -FROM redis:7.2.8-alpine +FROM redis:7.2.9-alpine COPY --chmod=775 start.sh /start.sh From 673b1db07ed3e63ecf8b2a9dd4597d56f952078c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 09:32:51 +0200 Subject: [PATCH 0312/1064] aio-interface: allow to manage the community containers via the AIO interface (#6443) Signed-off-by: Simon L. Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- Containers/mastercontainer/start.sh | 14 +-- community-containers/readme.md | 9 +- compose.yaml | 1 - php/psalm-baseline.xml | 106 ------------------ php/psalm.xml | 1 + php/public/containers-form-submit.js | 88 +++++++++++++++ php/public/index.php | 4 +- php/public/options-form-submit.js | 60 ---------- php/src/Container/CommunityContainer.php | 12 ++ .../Controller/ConfigurationController.php | 6 +- php/src/Data/ConfigurationManager.php | 72 +++++++++--- php/templates/containers.twig | 4 + .../includes/community-containers.twig | 42 +++++++ .../includes/optional-containers.twig | 5 +- tests/QA/060-environmental-variables.md | 1 - 15 files changed, 220 insertions(+), 205 deletions(-) create mode 100644 php/public/containers-form-submit.js delete mode 100644 php/public/options-form-submit.js create mode 100644 php/src/Container/CommunityContainer.php create mode 100644 php/templates/includes/community-containers.twig diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index e4a1f44f..9158d5b0 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -258,18 +258,8 @@ It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'." fi fi if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then - read -ra AIO_CCONTAINERS <<< "$AIO_COMMUNITY_CONTAINERS" - for container in "${AIO_CCONTAINERS[@]}"; do - if ! [ -d "/var/www/docker-aio/community-containers/$container" ]; then - print_red "The community container $container was not found!" - FAIL_CCONTAINERS=1 - fi - done - if [ -n "$FAIL_CCONTAINERS" ]; then - print_red "You've set AIO_COMMUNITY_CONTAINERS but at least one container was not found. -It is set to '$AIO_COMMUNITY_CONTAINERS'." - exit 1 - fi + print_red "You've set AIO_COMMUNITY_CONTAINERS but the option was removed. +The community containers get managed via the AIO interface now." fi # Check if ghcr.io is reachable diff --git a/community-containers/readme.md b/community-containers/readme.md index 07ba7602..b08353e1 100644 --- a/community-containers/readme.md +++ b/community-containers/readme.md @@ -5,9 +5,8 @@ This directory features containers that are built for AIO which allows to add ad All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future. ## How to use this? -Before adding any additional container, make sure to create a backup via the AIO interface! - -Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it. +Starting with v11 of AIO, the management of Community Containers is done via the web interface. +⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it. ## How to add containers? Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json. @@ -16,8 +15,6 @@ Simply submit a PR by creating a new folder in this directory: https://github.co Yes, see [this list](https://github.com/nextcloud/all-in-one/issues/5251) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above. ## How to remove containers from AIOs stack? -In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this. - -First, do a backup from the AIO interface in order to save the current state. Do not start the containers again afterwards! Now simply recreate the mastercontainer and remove any container from the `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` that you do not actually need. If you want to remove all, simply use `--env AIO_COMMUNITY_CONTAINERS=" "`. +You can remove containers now via the web interface. After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`). diff --git a/compose.yaml b/compose.yaml index a2836446..93a6b7af 100644 --- a/compose.yaml +++ b/compose.yaml @@ -14,7 +14,6 @@ services: - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # environment: # Is needed when using any of the options below # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section - # AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index 3b4342cf..8eec4eb9 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,81 +1,17 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -98,9 +34,6 @@ - - - @@ -112,57 +45,18 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/php/psalm.xml b/php/psalm.xml index cf4c9a44..d7ce38c9 100644 --- a/php/psalm.xml +++ b/php/psalm.xml @@ -19,5 +19,6 @@ + diff --git a/php/public/containers-form-submit.js b/php/public/containers-form-submit.js new file mode 100644 index 00000000..b7ffd2d8 --- /dev/null +++ b/php/public/containers-form-submit.js @@ -0,0 +1,88 @@ +document.addEventListener("DOMContentLoaded", function () { + // Hide submit button initially + const optionsFormSubmit = document.getElementById("options-form-submit"); + optionsFormSubmit.style.display = 'none'; + + const communityFormSubmit = document.getElementById("community-form-submit"); + communityFormSubmit.style.display = 'none'; + + // Store initial states for all checkboxes + const initialStateOptionsContainers = {}; + const initialStateCommunityContainers = {}; + const optionsContainersCheckboxes = document.querySelectorAll("#options-form input[type='checkbox']"); + const communityContainersCheckboxes = document.querySelectorAll("#community-form input[type='checkbox']"); + + optionsContainersCheckboxes.forEach(checkbox => { + initialStateOptionsContainers[checkbox.id] = checkbox.checked; // Use checked property to capture actual initial state + }); + + communityContainersCheckboxes.forEach(checkbox => { + initialStateCommunityContainers[checkbox.id] = checkbox.checked; // Use checked property to capture actual initial state + }); + + // Function to compare current states to initial states + function checkForOptionContainerChanges() { + let hasChanges = false; + + optionsContainersCheckboxes.forEach(checkbox => { + if (checkbox.checked !== initialStateOptionsContainers[checkbox.id]) { + hasChanges = true; + } + }); + + // Show or hide submit button based on changes + optionsFormSubmit.style.display = hasChanges ? 'block' : 'none'; + } + + // Function to compare current states to initial states + function checkForCommunityContainerChanges() { + let hasChanges = false; + + communityContainersCheckboxes.forEach(checkbox => { + if (checkbox.checked !== initialStateCommunityContainers[checkbox.id]) { + hasChanges = true; + } + }); + + // Show or hide submit button based on changes + communityFormSubmit.style.display = hasChanges ? 'block' : 'none'; + } + + // Event listener to trigger visibility check on each change + optionsContainersCheckboxes.forEach(checkbox => { + checkbox.addEventListener("change", checkForOptionContainerChanges); + }); + + communityContainersCheckboxes.forEach(checkbox => { + checkbox.addEventListener("change", checkForCommunityContainerChanges); + }); + + // Custom behaviors for specific options + function handleTalkVisibility() { + const talkRecording = document.getElementById("talk-recording"); + if (document.getElementById("talk").checked) { + talkRecording.disabled = false; + } else { + talkRecording.checked = false; + talkRecording.disabled = true; + } + checkForOptionContainerChanges(); // Check changes after toggling Talk Recording + } + + function handleDockerSocketProxyWarning() { + if (document.getElementById("docker-socket-proxy").checked) { + alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!'); + } + } + + // Initialize event listeners for specific behaviors + document.getElementById("talk").addEventListener('change', handleTalkVisibility); + document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning); + + // Initialize talk-recording visibility on page load + handleTalkVisibility(); // Ensure talk-recording is correctly initialized + + // Initial call to check for changes + checkForOptionContainerChanges(); + checkForCommunityContainerChanges(); +}); diff --git a/php/public/index.php b/php/public/index.php index a3ee8f7d..60440805 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -128,7 +128,9 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), 'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(), 'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(), - 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(), + 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(), + 'community_containers' => $configurationManager->listAvailableCommunityContainers(), + 'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(), ]); })->setName('profile'); $app->get('/login', function (Request $request, Response $response, array $args) use ($container) { diff --git a/php/public/options-form-submit.js b/php/public/options-form-submit.js deleted file mode 100644 index 35f6e878..00000000 --- a/php/public/options-form-submit.js +++ /dev/null @@ -1,60 +0,0 @@ -document.addEventListener("DOMContentLoaded", function () { - // Hide submit button initially - const optionsFormSubmit = document.getElementById("options-form-submit"); - optionsFormSubmit.style.display = 'none'; - - // Store initial states for all checkboxes - const initialState = {}; - const checkboxes = document.querySelectorAll("#options-form input[type='checkbox']"); - - checkboxes.forEach(checkbox => { - initialState[checkbox.id] = checkbox.checked; // Use checked property to capture actual initial state - }); - - // Function to compare current states to initial states - function checkForChanges() { - let hasChanges = false; - - checkboxes.forEach(checkbox => { - if (checkbox.checked !== initialState[checkbox.id]) { - hasChanges = true; - } - }); - - // Show or hide submit button based on changes - optionsFormSubmit.style.display = hasChanges ? 'block' : 'none'; - } - - // Event listener to trigger visibility check on each change - checkboxes.forEach(checkbox => { - checkbox.addEventListener("change", checkForChanges); - }); - - // Custom behaviors for specific options - function handleTalkVisibility() { - const talkRecording = document.getElementById("talk-recording"); - if (document.getElementById("talk").checked) { - talkRecording.disabled = false; - } else { - talkRecording.checked = false; - talkRecording.disabled = true; - } - checkForChanges(); // Check changes after toggling Talk Recording - } - - function handleDockerSocketProxyWarning() { - if (document.getElementById("docker-socket-proxy").checked) { - alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!'); - } - } - - // Initialize event listeners for specific behaviors - document.getElementById("talk").addEventListener('change', handleTalkVisibility); - document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning); - - // Initialize talk-recording visibility on page load - handleTalkVisibility(); // Ensure talk-recording is correctly initialized - - // Initial call to check for changes - checkForChanges(); -}); diff --git a/php/src/Container/CommunityContainer.php b/php/src/Container/CommunityContainer.php new file mode 100644 index 00000000..8f7c2ffd --- /dev/null +++ b/php/src/Container/CommunityContainer.php @@ -0,0 +1,12 @@ +getParsedBody()['domain'])) { $domain = $request->getParsedBody()['domain'] ?? ''; @@ -125,6 +125,10 @@ readonly class ConfigurationController { } } + if (isset($request->getParsedBody()['community-form'])) { + $this->configurationManager->SetEnabledCommunityContainers($request->getParsedBody()['enabled-community'] ?? []); + } + if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) { $this->configurationManager->DeleteCollaboraDictionaries(); } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e2291a76..05c639f1 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -3,6 +3,7 @@ namespace AIO\Data; use AIO\Auth\PasswordGenerator; +use AIO\Container\CommunityContainer; use AIO\Controller\DockerController; class ConfigurationManager @@ -75,7 +76,7 @@ class ConfigurationManager if (!file_exists(DataConst::GetBackupArchivesList())) { return ''; } - + $content = file_get_contents(DataConst::GetBackupArchivesList()); if ($content === '') { return ''; @@ -95,7 +96,7 @@ class ConfigurationManager if ($lastBackupTime === "") { return ''; } - + return $lastBackupTime; } @@ -103,7 +104,7 @@ class ConfigurationManager if (!file_exists(DataConst::GetBackupArchivesList())) { return []; } - + $content = file_get_contents(DataConst::GetBackupArchivesList()); if ($content === '') { return []; @@ -114,7 +115,7 @@ class ConfigurationManager foreach($backupLines as $lines) { if ($lines !== "") { $backupTimesTemp = explode(',', $lines); - $backupTimes[] = $backupTimesTemp[1]; + $backupTimes[] = $backupTimesTemp[1]; } } @@ -140,7 +141,7 @@ class ConfigurationManager } } - public function isClamavEnabled() : bool { + public function isClamavEnabled() : bool { $config = $this->GetConfig(); if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) { return true; @@ -375,7 +376,7 @@ class ConfigurationManager $testUrl = $protocol . $domain . ':443'; curl_setopt($ch, CURLOPT_URL, $testUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_TIMEOUT, 10); $response = (string)curl_exec($ch); # Get rid of trailing \n @@ -474,7 +475,7 @@ class ConfigurationManager } elseif ($location !== '' && $repo !== '') { throw new InvalidSettingConfigurationException("Location and remote repo url are mutually exclusive!"); } - + if ($location !== '') { $isValidPath = false; if (str_starts_with($location, '/') && !str_ends_with($location, '/')) { @@ -629,7 +630,7 @@ class ConfigurationManager if (!file_exists(DataConst::GetBackupPublicKey())) { return ""; } - + return trim(file_get_contents(DataConst::GetBackupPublicKey())); } @@ -771,7 +772,7 @@ class ConfigurationManager if (!preg_match("#^[0-1][0-9]:[0-5][0-9]$#", $time) && !preg_match("#^2[0-3]:[0-5][0-9]$#", $time)) { throw new InvalidSettingConfigurationException("You did not enter a correct time! One correct example is '04:00'!"); } - + if ($enableAutomaticUpdates === false) { $time .= PHP_EOL . 'automaticUpdatesAreNotEnabled'; } else { @@ -1008,16 +1009,59 @@ class ConfigurationManager } private function GetCommunityContainers() : string { - $envVariableName = 'AIO_COMMUNITY_CONTAINERS'; - $configName = 'aio_community_containers'; - $defaultValue = ''; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + $config = $this->GetConfig(); + if(!isset($config['aio_community_containers'])) { + $config['aio_community_containers'] = ''; + } + + return $config['aio_community_containers']; } - public function GetEnabledCommunityContainers() : array { + + /** @return list */ + public function listAvailableCommunityContainers() : array { + $cc = []; + $dir = scandir(DataConst::GetCommunityContainersDirectory()); + if ($dir === false) { + return $cc; + } + foreach ($dir as $id) { + $filePath = DataConst::GetCommunityContainersDirectory() . '/' . $id . '/' . $id . '.json'; + $fileContents = apcu_fetch($filePath); + if (!is_string($fileContents)) { + $fileContents = file_get_contents($filePath); + if (is_string($fileContents)) { + apcu_add($filePath, $fileContents); + } + } + $json = is_string($fileContents) ? json_decode($fileContents) : false; + if(is_array($json) && is_array($json['aio_services_v1'])) { + foreach ($json['aio_services_v1'] as $service) { + $documentation = is_string($service['documentation']) ? $service['documentation'] : ''; + if (is_string($service['display_name'])) { + $cc[] = new CommunityContainer( + $id, + $service['display_name'], + $documentation); + } + break; + } + } + } + return $cc; + } + + /** @return list */ + public function GetEnabledCommunityContainers(): array { return explode(' ', $this->GetCommunityContainers()); } + public function SetEnabledCommunityContainers(array $enabledCommunityContainers) : void { + $config = $this->GetConfig(); + $config['aio_community_containers'] = implode(' ', $enabledCommunityContainers); + $this->WriteConfig($config); + } + private function GetEnabledDriDevice() : string { $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE'; $configName = 'nextcloud_enable_dri_device'; diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 6a1f67cc..81415626 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -606,6 +606,10 @@ {% endif %} {% endif %} + {{ include('includes/community-containers.twig') }} + + + {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %} {% else %} diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig new file mode 100644 index 00000000..44b1e3bf --- /dev/null +++ b/php/templates/includes/community-containers.twig @@ -0,0 +1,42 @@ +

    Community Containers

    +

    In this section you can enable or disable optional Community Containers that are not included by default in the main installation. These containers are provided by the community and can be useful for various purposes and are automatically integrated in AIOs backup solution and update mechanisms.

    +

    ⚠️ Caution: Community Containers are maintained by the community and not officially by Nextcloud. Some containers may not be compatible with your system, may not work as expected or may discontinue. Use them at your own risk. Please read the documentation for each container first before adding any as some are also incompatible between each other! Never add all of them at the same time!

    +
    + Show/Hide available Community Containers + {% if isAnyRunning == true %} +

    Please note: You can enable or disable the options below only when your containers are stopped.

    + {% else %} +

    Please note: Make sure to save your changes by clicking Save changes below the list of Community Containers. The changes will not be auto-saved.

    + {% endif %} + + + + + {% for cc in community_containers %} +

    + + +

    + {% endfor %} + + + +
    diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 53315b1c..1abcfefc 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -1,11 +1,11 @@

    Optional containers

    -

    In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See this documentation how to add them.

    +

    In this section you can enable or disable optional containers.

    {% if isAnyRunning == true %}

    Please note: You can enable or disable the options below only when your containers are stopped.

    {% else %}

    Please note: Make sure to save your changes by clicking Save changes below the list of optional containers. The changes will not be auto-saved.

    {% endif %} -
    + @@ -143,7 +143,6 @@

    -

    Minimal system requirements: When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV, Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see this documentation

    {% if isAnyRunning == true %} diff --git a/tests/QA/060-environmental-variables.md b/tests/QA/060-environmental-variables.md index b2fadceb..818ecf7c 100644 --- a/tests/QA/060-environmental-variables.md +++ b/tests/QA/060-environmental-variables.md @@ -24,6 +24,5 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host) - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host) - [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore. -- [ ] When starting the mastercontainer with `--env AIO_COMMUNITY_CONTAINERS="fail2ban"`, it should add the fail2ban container to the container stack and show it in the AIO interface as well as start it, etc. You can now continue with [070-timezone-change.md](./070-timezone-change.md) From bbd6812977d5fc3be685f8775fa9fd608add91aa Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 09:38:18 +0200 Subject: [PATCH 0313/1064] increase to 11.0.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 81415626..055b12ae 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v10.15.0

    +

    Nextcloud AIO v11.0.0

    {# Add 2nd tab warning #} From 1cced86de6f2ee2bbead67b74f60900890a3734c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 09:43:20 +0200 Subject: [PATCH 0314/1064] fix collabora Signed-off-by: Simon L. --- Containers/collabora/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 0f0bc4b3..9cdb48b6 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -9,6 +9,7 @@ ARG DEBIAN_FRONTEND=noninteractive RUN set -ex; \ \ apt-get update; \ + apt --fix-broken install; \ apt-get install -y --no-install-recommends \ netcat-openbsd \ ; \ From f2f674d9499fefd05b4f803763c633f052c9ee29 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 09:45:15 +0200 Subject: [PATCH 0315/1064] fix detail Signed-off-by: Simon L. --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 9cdb48b6..8c1f11ed 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -9,7 +9,7 @@ ARG DEBIAN_FRONTEND=noninteractive RUN set -ex; \ \ apt-get update; \ - apt --fix-broken install; \ + apt-get --fix-broken install; \ apt-get install -y --no-install-recommends \ netcat-openbsd \ ; \ From cdd5a950621be9dd08db0036a9a6e68f3b602945 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 09:48:16 +0200 Subject: [PATCH 0316/1064] another attempt Signed-off-by: Simon L. --- Containers/collabora/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 8c1f11ed..f88c4f8d 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -9,8 +9,7 @@ ARG DEBIAN_FRONTEND=noninteractive RUN set -ex; \ \ apt-get update; \ - apt-get --fix-broken install; \ - apt-get install -y --no-install-recommends \ + apt-get install --fix-broken -y --no-install-recommends \ netcat-openbsd \ ; \ rm -rf /var/lib/apt/lists/*; From 7442072a5d9648d40446cb1d64aa138329880ae4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 09:53:19 +0200 Subject: [PATCH 0317/1064] nextcloud: adjust permissions Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 95af7608..88a88c0a 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -212,8 +212,8 @@ RUN set -ex; \ /var/log/supervisord \ /var/run/supervisord \ ; \ - chown www-data:root -R /var/log/supervisord; \ - chown www-data:root -R /var/run/supervisord; \ + chmod 777 -R /var/log/supervisord; \ + chmod 777 -R /var/run/supervisord; \ \ apk add --no-cache \ bash \ @@ -254,14 +254,13 @@ RUN set -ex; \ # AIO cloning end # Do not remove or change this line! \ chown www-data:root -R /usr/src && \ - chown www-data:root -R /usr/local/etc/php/conf.d && \ - chown www-data:root -R /usr/local/etc/php-fpm.d && \ + chmod 777 -R /usr/local/etc/php/conf.d && \ + chmod 777 -R /usr/local/etc/php-fpm.d && \ chmod -R 777 /tmp; \ rm -rf /usr/src/nextcloud/apps/updatenotification; \ \ mkdir -p /nc-updater; \ - chown -R www-data:www-data /nc-updater; \ - chmod -R 770 /nc-updater + chmod -R 777 /nc-updater # hadolint ignore=DL3002 USER root From d6c35782f5698ee203407441f213cf303fb52e11 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 09:56:28 +0200 Subject: [PATCH 0318/1064] another collabora attempt Signed-off-by: Simon L. --- Containers/collabora/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index f88c4f8d..52e3deae 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -9,7 +9,8 @@ ARG DEBIAN_FRONTEND=noninteractive RUN set -ex; \ \ apt-get update; \ - apt-get install --fix-broken -y --no-install-recommends \ + apt-get --fix-broken install -y --no-install-recommends; \ + apt-get install -y --no-install-recommends \ netcat-openbsd \ ; \ rm -rf /var/lib/apt/lists/*; From 1d3692a6db2ed562fd018eaed6550cc80b284c2c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 10:02:46 +0200 Subject: [PATCH 0319/1064] collabora: move healthcheck to use curl in order to fix the Dockerfile Signed-off-by: Simon L. --- Containers/collabora/Dockerfile | 10 ---------- Containers/collabora/healthcheck.sh | 2 +- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 52e3deae..314492c2 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -5,16 +5,6 @@ FROM collabora/code:25.04.2.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive -# hadolint ignore=DL3008 -RUN set -ex; \ - \ - apt-get update; \ - apt-get --fix-broken install -y --no-install-recommends; \ - apt-get install -y --no-install-recommends \ - netcat-openbsd \ - ; \ - rm -rf /var/lib/apt/lists/*; - COPY --chmod=775 healthcheck.sh /healthcheck.sh USER 1001 diff --git a/Containers/collabora/healthcheck.sh b/Containers/collabora/healthcheck.sh index 67cecdc3..9081ef5c 100644 --- a/Containers/collabora/healthcheck.sh +++ b/Containers/collabora/healthcheck.sh @@ -1,3 +1,3 @@ #!/bin/bash -nc -z 127.0.0.1 9980 || exit 1 +curl http://127.0.0.1:9980 || exit 1 From 21b9c19c5dbf9c7c112b54d293939104ada2b93b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 10:24:24 +0200 Subject: [PATCH 0320/1064] scandir: get rid of dots Signed-off-by: Simon L. --- php/src/Data/ConfigurationManager.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 05c639f1..9ab92394 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -1025,6 +1025,8 @@ class ConfigurationManager if ($dir === false) { return $cc; } + // Get rid of dots from the scandir command + $dir = array_diff($dir, array('..', '.')); foreach ($dir as $id) { $filePath = DataConst::GetCommunityContainersDirectory() . '/' . $id . '/' . $id . '.json'; $fileContents = apcu_fetch($filePath); From ae5adc989fa4365be2ffa1796dfd142b1814652c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 10:37:52 +0200 Subject: [PATCH 0321/1064] the cc-section needs to be included in another place Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 055b12ae..810117bf 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -602,11 +602,11 @@ {% endif %} {% endif %} + {{ include('includes/community-containers.twig') }} {% endif %} {% endif %} {% endif %} - {{ include('includes/community-containers.twig') }} From 635381a4c853f463200d6673571c9e5aae2f14f8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 10:47:55 +0200 Subject: [PATCH 0322/1064] fix another detail in scandir Signed-off-by: Simon L. --- php/src/Data/ConfigurationManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 9ab92394..dd2a95cd 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -1026,7 +1026,7 @@ class ConfigurationManager return $cc; } // Get rid of dots from the scandir command - $dir = array_diff($dir, array('..', '.')); + $dir = array_diff($dir, array('..', '.', 'readme.md')); foreach ($dir as $id) { $filePath = DataConst::GetCommunityContainersDirectory() . '/' . $id . '/' . $id . '.json'; $fileContents = apcu_fetch($filePath); From 3f520b2f3c713b9e8db52fbb5063d6fa6b03ddea Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 10:58:45 +0200 Subject: [PATCH 0323/1064] move note about how to handle the ccs Signed-off-by: Simon L. --- php/templates/includes/community-containers.twig | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig index 44b1e3bf..dd67027c 100644 --- a/php/templates/includes/community-containers.twig +++ b/php/templates/includes/community-containers.twig @@ -1,13 +1,13 @@

    Community Containers

    In this section you can enable or disable optional Community Containers that are not included by default in the main installation. These containers are provided by the community and can be useful for various purposes and are automatically integrated in AIOs backup solution and update mechanisms.

    ⚠️ Caution: Community Containers are maintained by the community and not officially by Nextcloud. Some containers may not be compatible with your system, may not work as expected or may discontinue. Use them at your own risk. Please read the documentation for each container first before adding any as some are also incompatible between each other! Never add all of them at the same time!

    +{% if isAnyRunning == true %} +

    Please note: You can enable or disable the options below only when your containers are stopped.

    +{% else %} +

    Please note: Make sure to save your changes by clicking Save changes below the list of Community Containers. The changes will not be auto-saved.

    +{% endif %}
    Show/Hide available Community Containers - {% if isAnyRunning == true %} -

    Please note: You can enable or disable the options below only when your containers are stopped.

    - {% else %} -

    Please note: Make sure to save your changes by clicking Save changes below the list of Community Containers. The changes will not be auto-saved.

    - {% endif %}
    From ff7d0e4a01e26a5e7c17c94bac2005e1a7482ce2 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 11:13:05 +0200 Subject: [PATCH 0324/1064] adjust cc-docs Signed-off-by: Simon L. --- community-containers/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/readme.md b/community-containers/readme.md index b08353e1..84283d38 100644 --- a/community-containers/readme.md +++ b/community-containers/readme.md @@ -5,7 +5,7 @@ This directory features containers that are built for AIO which allows to add ad All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future. ## How to use this? -Starting with v11 of AIO, the management of Community Containers is done via the web interface. +Starting with v11 of AIO, the management of Community Containers is done via the AIO interface (it is the last section in the AIO interface, so only visible if you scroll down). ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it. ## How to add containers? From 22848e76ec3497ecc4be7825121f2f5a365cf6f9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 11:18:38 +0200 Subject: [PATCH 0325/1064] Revert "nextcloud: add pandoc to container" --- Containers/nextcloud/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 88a88c0a..e6f7c923 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -227,7 +227,6 @@ RUN set -ex; \ grep \ nodejs \ libreoffice \ - pandoc-cli \ bind-tools \ imagemagick \ imagemagick-svg \ From f678b09523b6199a8102df881bc6824c94008970 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 11:24:07 +0200 Subject: [PATCH 0326/1064] fix collabora healthcheck Signed-off-by: Simon L. --- Containers/collabora/healthcheck.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Containers/collabora/healthcheck.sh b/Containers/collabora/healthcheck.sh index 9081ef5c..45e9278b 100644 --- a/Containers/collabora/healthcheck.sh +++ b/Containers/collabora/healthcheck.sh @@ -1,3 +1,7 @@ #!/bin/bash -curl http://127.0.0.1:9980 || exit 1 +# Unfortunately, no curl and no nc is installed in the container +# and packages can also not be added as the package list is broken. +# So always exiting 0 for now. +# nc http://127.0.0.1:9980 || exit 1 +exit 0 From 0fe4ea3238f1d4475992014bf730d8d630eebfdb Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 11:40:59 +0200 Subject: [PATCH 0327/1064] fix detail in optional containers Signed-off-by: Simon L. --- php/templates/includes/optional-containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 1abcfefc..5f5b2d97 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -5,7 +5,7 @@ {% else %}

    Please note: Make sure to save your changes by clicking Save changes below the list of optional containers. The changes will not be auto-saved.

    {% endif %} - + From 328900b8c2fab301df228a9f950922d2d4b6ac79 Mon Sep 17 00:00:00 2001 From: thiswillbeyourgithub <26625900+thiswillbeyourgithub@users.noreply.github.com> Date: Fri, 30 May 2025 12:17:03 +0200 Subject: [PATCH 0328/1064] doc: clarification of app migration Signed-off-by: thiswillbeyourgithub <26625900+thiswillbeyourgithub@users.noreply.github.com> --- migration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/migration.md b/migration.md index 45a19a1c..5e9b8b25 100644 --- a/migration.md +++ b/migration.md @@ -57,7 +57,7 @@ The procedure for migrating the files and the database works like this: ``` **Please note:** The exact name of the database export file is important! (`database-dump.sql`)
    And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly). -1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. Also install all apps via the apps management site that were installed on the old Nextcloud installation. Otherwise they will show as installed, but will not work. +1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. On the AIO interface, use the passphrase to connect to your newly created Nextcloud instance's admin account. There, install all the Nextcloud apps that were installed on the old Nextcloud installation. If you don't, the migration will show them as installed, but they won't work. 1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again). Once finished, all containers are automatically stopped and is expected: **don't start the container again at this point!** 1. Now, with the containers still stopped, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export: 1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`. From 8a6772bc05619480fac49170b80fc2405ac92858 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 May 2025 12:48:15 +0200 Subject: [PATCH 0329/1064] fix showing community containers in the AIO interface and enabling or disabling them Signed-off-by: Simon L. --- php/src/Container/CommunityContainer.php | 12 ------------ php/src/Controller/ConfigurationController.php | 12 +++++++++++- php/src/Data/ConfigurationManager.php | 13 ++++++------- php/templates/includes/community-containers.twig | 2 +- 4 files changed, 18 insertions(+), 21 deletions(-) delete mode 100644 php/src/Container/CommunityContainer.php diff --git a/php/src/Container/CommunityContainer.php b/php/src/Container/CommunityContainer.php deleted file mode 100644 index 8f7c2ffd..00000000 --- a/php/src/Container/CommunityContainer.php +++ /dev/null @@ -1,12 +0,0 @@ -getParsedBody()['community-form'])) { - $this->configurationManager->SetEnabledCommunityContainers($request->getParsedBody()['enabled-community'] ?? []); + $cc = $this->configurationManager->listAvailableCommunityContainers(); + $enabledCC = []; + /** + * @psalm-suppress PossiblyNullIterator + */ + foreach ($request->getParsedBody() as $item) { + if (array_key_exists($item , $cc)) { + $enabledCC[] = $item; + } + } + $this->configurationManager->SetEnabledCommunityContainers($enabledCC); } if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index dd2a95cd..d4af26b1 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -3,7 +3,6 @@ namespace AIO\Data; use AIO\Auth\PasswordGenerator; -use AIO\Container\CommunityContainer; use AIO\Controller\DockerController; class ConfigurationManager @@ -1018,7 +1017,6 @@ class ConfigurationManager } - /** @return list */ public function listAvailableCommunityContainers() : array { $cc = []; $dir = scandir(DataConst::GetCommunityContainersDirectory()); @@ -1036,15 +1034,16 @@ class ConfigurationManager apcu_add($filePath, $fileContents); } } - $json = is_string($fileContents) ? json_decode($fileContents) : false; + $json = is_string($fileContents) ? json_decode($fileContents, true) : false; if(is_array($json) && is_array($json['aio_services_v1'])) { foreach ($json['aio_services_v1'] as $service) { $documentation = is_string($service['documentation']) ? $service['documentation'] : ''; if (is_string($service['display_name'])) { - $cc[] = new CommunityContainer( - $id, - $service['display_name'], - $documentation); + $cc[$id] = [ + 'id' => $id, + 'name' => $service['display_name'], + 'documentation' => $documentation + ]; } break; } diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig index dd67027c..f74e3756 100644 --- a/php/templates/includes/community-containers.twig +++ b/php/templates/includes/community-containers.twig @@ -16,7 +16,7 @@

    Date: Mon, 2 Jun 2025 04:06:37 +0800 Subject: [PATCH 0330/1064] change the url used in appstore check from $APPSTORE_URL to $APPSTORE_URL/apps.json --- Containers/nextcloud/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 23450c07..7b3dec5a 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -150,7 +150,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')" set +x fi - CURL_STATUS="$(curl -LI "$APPSTORE_URL" -o /dev/null -w '%{http_code}\n' -s)" + CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)" if [[ "$CURL_STATUS" = "200" ]] then echo "Appstore is reachable" From ae0d0aece33acc37b15c414f7cc0836c2d441fee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 05:17:08 +0000 Subject: [PATCH 0331/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.2.1.1 to 25.04.2.2.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.2.2.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 314492c2..95d8b68f 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.2.1.1 +FROM collabora/code:25.04.2.2.1 USER root ARG DEBIAN_FRONTEND=noninteractive From f71b4a96ce24a8347bc900efea66e2d78fce3d18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 05:20:10 +0000 Subject: [PATCH 0332/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.2.1-cli to 28.2.2-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.2.2-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index f241fa91..3fa3128e 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.2.1-cli AS docker +FROM docker:28.2.2-cli AS docker # Caddy is a requirement FROM caddy:2.10.0-alpine AS caddy From f71506a1c9166092161d7d1185b8520928aba69f Mon Sep 17 00:00:00 2001 From: Zhao Guangyu <62810902+ZhaoGY-N@users.noreply.github.com> Date: Mon, 2 Jun 2025 15:55:13 +0800 Subject: [PATCH 0333/1064] Update Containers/nextcloud/entrypoint.sh Add comment for the apps.json Co-authored-by: Simon L. Signed-off-by: Zhao Guangyu <62810902+ZhaoGY-N@users.noreply.github.com> --- Containers/nextcloud/entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 7b3dec5a..e3377995 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -150,6 +150,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')" set +x fi + # Default appstoreurl parameter in config.php defaults to 'https://apps.nextcloud.com/api/v1' so we check for the apps.json file stored in there CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)" if [[ "$CURL_STATUS" = "200" ]] then From c2ffe0cb4ac6827025babfc5cd296789b4f37232 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 3 Jun 2025 12:03:22 +0000 Subject: [PATCH 0334/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 119 +++++++++------------------------------------- 1 file changed, 23 insertions(+), 96 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 7e389e82..699d5dbb 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -557,16 +557,16 @@ }, { "name": "php-di/php-di", - "version": "7.0.10", + "version": "7.0.11", "source": { "type": "git", "url": "https://github.com/PHP-DI/PHP-DI.git", - "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2" + "reference": "32f111a6d214564520a57831d397263e8946c1d2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/0d1ed64126577e9a095b3204dcaee58cf76432c2", - "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2", + "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/32f111a6d214564520a57831d397263e8946c1d2", + "reference": "32f111a6d214564520a57831d397263e8946c1d2", "shasum": "" }, "require": { @@ -614,7 +614,7 @@ ], "support": { "issues": "https://github.com/PHP-DI/PHP-DI/issues", - "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.10" + "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.11" }, "funding": [ { @@ -626,7 +626,7 @@ "type": "tidelift" } ], - "time": "2025-04-22T08:53:15+00:00" + "time": "2025-06-03T07:45:57+00:00" }, { "name": "php-di/slim-bridge", @@ -2521,79 +2521,6 @@ ], "time": "2024-08-03T19:31:26+00:00" }, - { - "name": "composer/package-versions-deprecated", - "version": "1.11.99.5", - "source": { - "type": "git", - "url": "https://github.com/composer/package-versions-deprecated.git", - "reference": "b4f54f74ef3453349c24a845d22392cd31e65f1d" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/composer/package-versions-deprecated/zipball/b4f54f74ef3453349c24a845d22392cd31e65f1d", - "reference": "b4f54f74ef3453349c24a845d22392cd31e65f1d", - "shasum": "" - }, - "require": { - "composer-plugin-api": "^1.1.0 || ^2.0", - "php": "^7 || ^8" - }, - "replace": { - "ocramius/package-versions": "1.11.99" - }, - "require-dev": { - "composer/composer": "^1.9.3 || ^2.0@dev", - "ext-zip": "^1.13", - "phpunit/phpunit": "^6.5 || ^7" - }, - "type": "composer-plugin", - "extra": { - "class": "PackageVersions\\Installer", - "branch-alias": { - "dev-master": "1.x-dev" - } - }, - "autoload": { - "psr-4": { - "PackageVersions\\": "src/PackageVersions" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Marco Pivetta", - "email": "ocramius@gmail.com" - }, - { - "name": "Jordi Boggiano", - "email": "j.boggiano@seld.be" - } - ], - "description": "Composer plugin that provides efficient querying for installed package versions (no runtime IO)", - "support": { - "issues": "https://github.com/composer/package-versions-deprecated/issues", - "source": "https://github.com/composer/package-versions-deprecated/tree/1.11.99.5" - }, - "funding": [ - { - "url": "https://packagist.com", - "type": "custom" - }, - { - "url": "https://github.com/composer", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/composer/composer", - "type": "tidelift" - } - ], - "time": "2022-01-17T14:14:24+00:00" - }, { "name": "composer/pcre", "version": "3.3.2", @@ -3403,16 +3330,16 @@ }, { "name": "nikic/php-parser", - "version": "v5.4.0", + "version": "v5.5.0", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "447a020a1f875a434d62f2a401f53b82a396e494" + "reference": "ae59794362fe85e051a58ad36b289443f57be7a9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/447a020a1f875a434d62f2a401f53b82a396e494", - "reference": "447a020a1f875a434d62f2a401f53b82a396e494", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/ae59794362fe85e051a58ad36b289443f57be7a9", + "reference": "ae59794362fe85e051a58ad36b289443f57be7a9", "shasum": "" }, "require": { @@ -3455,9 +3382,9 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v5.4.0" + "source": "https://github.com/nikic/PHP-Parser/tree/v5.5.0" }, - "time": "2024-12-30T11:07:19+00:00" + "time": "2025-05-31T08:24:38+00:00" }, { "name": "phpdocumentor/reflection-common", @@ -3894,16 +3821,16 @@ "source": { "type": "git", "url": "https://github.com/sserbin/twig-linter.git", - "reference": "c4cb0d08c8290d8fed541eb027bd85dba90a5914" + "reference": "932c7f1dcc79cd54aa011804d42aa7bbb14a970f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sserbin/twig-linter/zipball/c4cb0d08c8290d8fed541eb027bd85dba90a5914", - "reference": "c4cb0d08c8290d8fed541eb027bd85dba90a5914", + "url": "https://api.github.com/repos/sserbin/twig-linter/zipball/932c7f1dcc79cd54aa011804d42aa7bbb14a970f", + "reference": "932c7f1dcc79cd54aa011804d42aa7bbb14a970f", "shasum": "" }, "require": { - "composer/package-versions-deprecated": "1.11.99.5", + "composer-runtime-api": "^2.0", "php": "^7.4|^8.0", "symfony/console": "^5.4 || ^6.1", "symfony/finder": "^5.4 || ^6.1", @@ -3942,9 +3869,9 @@ ], "support": { "issues": "https://github.com/sserbin/twig-linter/issues", - "source": "https://github.com/sserbin/twig-linter/tree/3.1.1" + "source": "https://github.com/sserbin/twig-linter/tree/3.1.2" }, - "time": "2024-09-09T16:51:23+00:00" + "time": "2025-06-03T06:31:48+00:00" }, { "name": "symfony/console", @@ -4577,16 +4504,16 @@ }, { "name": "vimeo/psalm", - "version": "6.11.0", + "version": "6.12.0", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0" + "reference": "cf420941d061a57050b6c468ef2c778faf40aee2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0", - "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf420941d061a57050b6c468ef2c778faf40aee2", + "reference": "cf420941d061a57050b6c468ef2c778faf40aee2", "shasum": "" }, "require": { @@ -4691,7 +4618,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2025-05-12T11:30:26+00:00" + "time": "2025-05-28T12:52:06+00:00" }, { "name": "wapmorgan/php-deprecation-detector", From e4d11d1295324c891194c9df44e5be236fb5ff43 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 3 Jun 2025 16:42:08 +0200 Subject: [PATCH 0335/1064] aio-interface: add bottom padding to the main container Signed-off-by: Simon L. --- php/public/style.css | 1 + php/templates/layout.twig | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/php/public/style.css b/php/public/style.css index fa79efd9..fbe15df5 100644 --- a/php/public/style.css +++ b/php/public/style.css @@ -336,6 +336,7 @@ html[data-theme="dark"] ::-webkit-scrollbar-track { box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1); max-height: calc(100dvh - var(--container-height-calculation-difference)); overflow: hidden; + padding-bottom: var(--main-padding); } main { diff --git a/php/templates/layout.twig b/php/templates/layout.twig index 97b46edd..6ed264c2 100644 --- a/php/templates/layout.twig +++ b/php/templates/layout.twig @@ -1,7 +1,7 @@ AIO - + From b30ef900e1305248815c795d2068ad3cd4bfef03 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 3 Jun 2025 23:57:38 +0200 Subject: [PATCH 0336/1064] aio-interface: disable talk-recording correctly Signed-off-by: Simon L. Revert "aio-interface: disable talk-recording correctly" This reverts commit e9711aae78db91359aa6d6bfaf87f60a4453287c. Update containers.twig --- php/templates/containers.twig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 810117bf..ac59f7c0 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -25,6 +25,9 @@ {# timezone-prefill #} + {# js for optional containers and additional containers forms #} + + {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %} {% set isAnyRunning = false %} {% set isAnyRestarting = false %} @@ -607,9 +610,6 @@ {% endif %} {% endif %} - - - {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %} {% else %} From 1ab64d158d630f8bc839e599656696666a148d2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Jun 2025 05:11:31 +0000 Subject: [PATCH 0337/1064] build(deps): bump python in /Containers/talk-recording Bumps python from 3.13.3-alpine3.21 to 3.13.4-alpine3.21. --- updated-dependencies: - dependency-name: python dependency-version: 3.13.4-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk-recording/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index ab4100a9..cd60844b 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.13.3-alpine3.21 +FROM python:3.13.4-alpine3.21 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From fe561976e9b70034bd445badeb95202e46a0f711 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Jun 2025 04:20:47 +0000 Subject: [PATCH 0338/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.24.3-alpine3.21 to 1.24.4-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.4-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 9e6ce5b7..08cabd2c 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.3-alpine3.21 AS go +FROM golang:1.24.4-alpine3.21 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From fd0c347c16d9f2ed5b5daebe3c5006088896575a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Jun 2025 04:21:45 +0000 Subject: [PATCH 0339/1064] build(deps): bump golang in /Containers/watchtower Bumps golang from 1.24.3-alpine3.21 to 1.24.4-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.4-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 6daf4f10..16331f70 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.3-alpine3.21 AS go +FROM golang:1.24.4-alpine3.21 AS go RUN set -ex; \ apk upgrade --no-cache -a; \ From 233d31750c58b3ee7ead81d1e62aa6625fac3a27 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jun 2025 05:15:48 +0000 Subject: [PATCH 0340/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.21-fpm-alpine3.21 to 8.3.22-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.22-fpm-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index e6f7c923..2ceabd7a 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.21-fpm-alpine3.21 +FROM php:8.3.22-fpm-alpine3.21 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From 38b7732d5cff3c8926eac3383c4263cad14c9219 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jun 2025 05:20:02 +0000 Subject: [PATCH 0341/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.4.7-fpm-alpine3.21 to 8.4.8-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-version: 8.4.8-fpm-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index f241fa91..b18f8838 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:28.2.1-cli AS docker FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile -FROM php:8.4.7-fpm-alpine3.21 +FROM php:8.4.8-fpm-alpine3.21 EXPOSE 80 EXPOSE 8080 From 46a012140ca73463fc821002072e871544b8c1b8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 10 Jun 2025 14:03:43 +0200 Subject: [PATCH 0342/1064] ipv6-docs: mention that `"com.docker.network.enable_ipv6":"true"` enabled ipv6 by default for all new docker networks Signed-off-by: Simon L. --- docker-ipv6-support.md | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md index 3a3dbb33..5e61ba56 100644 --- a/docker-ipv6-support.md +++ b/docker-ipv6-support.md @@ -4,19 +4,23 @@ First of all upgrade your docker installation to v27.0.1 or higher. 1. Then edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), add the below json: - ```json - { - "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}} - } - ``` +> [!WARNING] +> This will enable ipv6 for all new docker networks by default! - Save the file. +```json +{ + "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}} +} +``` + +And save the file. 2. Reload the Docker configuration file. - ```console - sudo systemctl restart docker - ``` +```console +sudo systemctl restart docker +``` + 3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/4989 in order to recreate the network and enable ipv6 for it. ## Docker Desktop (Windows and macOS) @@ -25,9 +29,12 @@ Then, on Windows and macOS which use Docker Desktop, you need to go into the set 1. You need to now adjust this json file: - ``` - "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}} - ``` +> [!WARNING] +> This will enable ipv6 for all new docker networks by default! + +```json +"default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}} +``` 2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`. 3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/4989 in order to recreate the network and enable ipv6 for it. From bd43dbe63c613c1786ac0440937ae80c1f925651 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 10 Jun 2025 12:13:48 +0000 Subject: [PATCH 0343/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 35941779..56f25de4 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 10.15.0 +version: 11.0.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 8a487d8f..739e5931 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-apache:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 19bb3019..a92827c1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-clamav:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index cb1a6621..5b75622e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-collabora:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index b206b590..a6c58b18 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index e968f3f7..d9579a4c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index c10c6f81..db4abddf 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index a342ed1d..10920dee 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 command: - chmod - "777" @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250610_074316 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 06dfdd2c..e99a3d60 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 4a195c9a..c9ca83d4 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 64bbdbce..9b6d9fb6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-redis:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index e4fed0cd..c8083702 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-talk:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 29275b61..c1142a8c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250610_074316 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 600b193e..5b3e9f81 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250526_095855 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250610_074316 readinessProbe: exec: command: From 533862a60721bcbdcae7877449e8649522bcd587 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Jun 2025 12:16:31 +0000 Subject: [PATCH 0344/1064] build(deps): bump softprops/turnstyle in /.github/workflows Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 2.3.2 to 2.4.0. - [Release notes](https://github.com/softprops/turnstyle/releases) - [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/turnstyle/compare/f9f8ef3f634144b126a09ea5b3bfe51ddebc700f...807f6009e7cee5c2c9faa41ccef03a8bb24b06ab) --- updated-dependencies: - dependency-name: softprops/turnstyle dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 13a69609..50b161ea 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v4 - name: Turnstyle - uses: softprops/turnstyle@f9f8ef3f634144b126a09ea5b3bfe51ddebc700f # v2 + uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2 with: continue-after-seconds: 180 env: From d6a27a9542e7047b5753e316ad15b0bb2e190bab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Jun 2025 12:16:36 +0000 Subject: [PATCH 0345/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.33.0 to 2.34.0. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/cf4cade2721270509d5b1c766ab3549210a39a2a...27853eb8b46dc01c33bf9fef67d98df2683c3be2) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.34.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index f6e1c99f..83d53c91 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 + - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 6a26c59d..038eea7c 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 + uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index c890a112..a45d82ec 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 + uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index c18740c2..22b05be2 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 + uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index fb357a06..4db9b09f 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 + uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 1af3a3cb..f166adab 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2 + uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 with: php-version: 8.4 extensions: apcu From 5bbfbed128b6805142e23fcf8adc93b1e5cd999e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 10 Jun 2025 10:12:34 +0200 Subject: [PATCH 0346/1064] nextcloud: re-enable the updatenotification app Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 1 - Containers/nextcloud/entrypoint.sh | 22 ++++++++++------------ app/appinfo/info.xml | 9 --------- 3 files changed, 10 insertions(+), 22 deletions(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 2ceabd7a..8155d220 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -256,7 +256,6 @@ RUN set -ex; \ chmod 777 -R /usr/local/etc/php/conf.d && \ chmod 777 -R /usr/local/etc/php-fpm.d && \ chmod -R 777 /tmp; \ - rm -rf /usr/src/nextcloud/apps/updatenotification; \ \ mkdir -p /nc-updater; \ chmod -R 777 /nc-updater diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index e3377995..10766084 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -193,14 +193,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then php /var/www/html/occ app:update --all run_upgrade_if_needed_due_to_app_update - - # Fix removing the updatenotification for old instances - UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)" - if [ -d "/var/www/html/apps/updatenotification" ]; then - php /var/www/html/occ app:disable updatenotification - elif [ "$UPDATENOTIFICATION_STATUS" != "no" ] && [ -n "$UPDATENOTIFICATION_STATUS" ]; then - php /var/www/html/occ config:app:set updatenotification enabled --value="no" - fi fi echo "Initializing nextcloud $image_version ..." @@ -277,6 +269,10 @@ DATADIR_PERMISSION_CONF # unset admin password unset ADMIN_PASSWORD + # Enable the updatenotification app but disable its UI and server update notifications + php /var/www/html/occ config:system:set updatechecker --type=bool --value=false + php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]" + # AIO update to latest start # Do not remove or change this line! if [ "$INSTALL_LATEST_MAJOR" = yes ]; then php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater" @@ -307,8 +303,7 @@ DATADIR_PERMISSION_CONF # shellcheck disable=SC2016 installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" fi - php /var/www/html/occ app:disable updatenotification - rm -rf /var/www/html/apps/updatenotification + php /var/www/html/occ config:system:set updatechecker --type=bool --value=true php /var/www/html/occ app:enable nextcloud-aio --force php /var/www/html/occ db:add-missing-columns php /var/www/html/occ db:add-missing-primary-keys @@ -354,8 +349,6 @@ DATADIR_PERMISSION_CONF php /var/www/html/occ config:system:set activity_expire_days --value="30" --type=integer php /var/www/html/occ config:system:set simpleSignUpLink.shown --type=bool --value=false php /var/www/html/occ config:system:set share_folder --value="/Shared" - # Not needed anymore with the removal of the updatenotification app: - # php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]" # Install some apps by default if [ -n "$STARTUP_APPS" ]; then @@ -434,6 +427,11 @@ DATADIR_PERMISSION_CONF run_upgrade_if_needed_due_to_app_update + # Enable the updatenotification app but disable its UI and server update notifications + php /var/www/html/occ config:system:set updatechecker --type=bool --value=false + php /var/www/html/occ app:enable updatenotification + php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]" + # Apply optimization echo "Doing some optimizations..." if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml index 069786d8..8b911c10 100644 --- a/app/appinfo/info.xml +++ b/app/appinfo/info.xml @@ -20,13 +20,4 @@ OCA\AllInOne\Settings\Admin - - From 0a075b4b2257361af897d319fdb6a8ba3b8af354 Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Wed, 11 Jun 2025 04:15:35 +0000 Subject: [PATCH 0347/1064] Update psalm baseline Signed-off-by: GitHub --- php/psalm-baseline.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index 8eec4eb9..c2056b48 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,5 +1,5 @@ - + From 1c5cc164c09a992896eded5ff48e6f88946352f4 Mon Sep 17 00:00:00 2001 From: gggeek Date: Tue, 10 Jun 2025 17:27:32 +0000 Subject: [PATCH 0348/1064] DockerController: avoid php warning when id not in query string in GetLogs Route Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 6c55b3da..7f7ae9b6 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -62,7 +62,11 @@ readonly class DockerController { public function GetLogs(Request $request, Response $response, array $args) : Response { - $id = $request->getQueryParams()['id']; + $requestParams = $request->getQueryParams(); + $id = ''; + if (is_string($requestParams['id'])) { + $id = $requestParams['id']; + } if (str_starts_with($id, 'nextcloud-aio-')) { $logs = $this->dockerActionManager->GetLogs($id); } else { From f2d9fb8d9d3154bf3e5ba9e92ee8fb0c821b468e Mon Sep 17 00:00:00 2001 From: Quentin Lemeasle Date: Mon, 2 Jun 2025 20:19:36 +0200 Subject: [PATCH 0349/1064] Update reverse-proxy.md Signed-off-by: Quentin Lemeasle Signed-off-by: Quentin --- reverse-proxy.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 27ee04eb..41c0ac01 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -693,10 +693,6 @@ The examples below define the dynamic configuration in YAML files. If you rather file: directory: "/path/to/dynamic/conf" # Adjust the path according your needs. watch: true - - # Enable HTTP/3 feature by uncommenting the lines below. Don't forget to route 443 UDP to Traefik (Firewall\NAT\Traefik Container) - # experimental: - # http3: true ``` 1. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`: From 293fe559f413b569df902837dd6c1d003f696b62 Mon Sep 17 00:00:00 2001 From: Quentin Date: Tue, 10 Jun 2025 23:12:17 +0200 Subject: [PATCH 0350/1064] Revert "Update reverse-proxy.md" This reverts commit 226afe6b82b35f6b9b6ad7775857ef3761eafc57. Signed-off-by: Quentin --- reverse-proxy.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/reverse-proxy.md b/reverse-proxy.md index 41c0ac01..27ee04eb 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -693,6 +693,10 @@ The examples below define the dynamic configuration in YAML files. If you rather file: directory: "/path/to/dynamic/conf" # Adjust the path according your needs. watch: true + + # Enable HTTP/3 feature by uncommenting the lines below. Don't forget to route 443 UDP to Traefik (Firewall\NAT\Traefik Container) + # experimental: + # http3: true ``` 1. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`: From 29cc92d7147cb194a1dd63daf9804090898439ef Mon Sep 17 00:00:00 2001 From: Quentin Date: Tue, 10 Jun 2025 23:15:23 +0200 Subject: [PATCH 0351/1064] Add Traefik 3 documentation Signed-off-by: Quentin --- reverse-proxy.md | 83 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/reverse-proxy.md b/reverse-proxy.md index 27ee04eb..e9f603e5 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -745,6 +745,89 @@ The examples below define the dynamic configuration in YAML files. If you rather

    +### Traefik 3 + +
    + +click here to expand + +**Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome! + +Traefik's building blocks (router, service, middlewares) need to be defined using dynamic configuration similar to [this](https://doc.traefik.io/traefik/providers/file/#configuration-examples) official Traefik configuration example. Using **docker labels _won't work_** because of the nature of the project. + +The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter. + +1. In Traefik's static configuration define a [file provider](https://doc.traefik.io/traefik/providers/file/) for dynamic providers: + + ```yml + # STATIC CONFIGURATION + + entryPoints: + https: + address: ":443" # Create an entrypoint called "https" that uses port 443 + # If you want to enable HTTP/3 support, uncomment the line below + # http3: {} + + certificatesResolvers: + # Define "letsencrypt" certificate resolver + letsencrypt: + acme: + storage: /letsencrypt/acme.json # Defines the path where certificates should be stored + email: # Where LE sends notification about certificates expiring + tlschallenge: true + + providers: + file: + directory: "/path/to/dynamic/conf" # Adjust the path according your needs. + watch: true + ``` + +2. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`: + + ```yml + http: + routers: + nextcloud: + rule: "Host(``)" + entrypoints: + - "https" + service: nextcloud + middlewares: + - nextcloud-chain + tls: + certresolver: "letsencrypt" + + services: + nextcloud: + loadBalancer: + servers: + - url: "http://localhost:11000" # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below + + middlewares: + nextcloud-secure-headers: + headers: + hostsProxyHeaders: + - "X-Forwarded-Host" + referrerPolicy: "same-origin" + + https-redirect: + redirectscheme: + scheme: https + + nextcloud-chain: + chain: + middlewares: + # - ... (e.g. rate limiting middleware) + - https-redirect + - nextcloud-secure-headers + ``` + +--- + +⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. + +
    + ### IIS with ARR and URL Rewrite
    From 9807d314f3bb7208123917c27be8d78ee9fbfbd1 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 11 Jun 2025 14:49:01 +0200 Subject: [PATCH 0352/1064] increase to v11.1.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index ac59f7c0..e71023c0 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.0.0

    +

    Nextcloud AIO v11.1.0

    {# Add 2nd tab warning #} From b3f931f2cf18436fcd9cb1c6e5ea09ce82167b9c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 11 Jun 2025 15:09:38 +0200 Subject: [PATCH 0353/1064] aio-interface: fix the padding-bottom Signed-off-by: Simon L. --- php/public/style.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/public/style.css b/php/public/style.css index fbe15df5..107463b5 100644 --- a/php/public/style.css +++ b/php/public/style.css @@ -336,7 +336,6 @@ html[data-theme="dark"] ::-webkit-scrollbar-track { box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1); max-height: calc(100dvh - var(--container-height-calculation-difference)); overflow: hidden; - padding-bottom: var(--main-padding); } main { @@ -350,6 +349,7 @@ main { word-break: break-word; max-width: calc(var(--max-width) + calc(var(--main-padding) * 2)); margin: 0 auto; + padding-bottom: var(--main-padding); } .logo { From 0d4081ab13d2ab0a316e30dd000b11f87f9a0b41 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 11 Jun 2025 15:13:02 +0200 Subject: [PATCH 0354/1064] DockerController: also fix warning in the web interface Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 7f7ae9b6..13e8bdda 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -64,7 +64,7 @@ readonly class DockerController { { $requestParams = $request->getQueryParams(); $id = ''; - if (is_string($requestParams['id'])) { + if (isset($requestParams['id']) && is_string($requestParams['id'])) { $id = $requestParams['id']; } if (str_starts_with($id, 'nextcloud-aio-')) { From 13b645dc1d9376a5f79de0a123e31b5bb227cc4e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 11 Jun 2025 15:33:41 +0200 Subject: [PATCH 0355/1064] nextcloud: fix APPSTORE_URL default Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index e3377995..4305965f 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -144,7 +144,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then # Check connection to appstore start # Do not remove or change this line! while true; do echo -e "Checking connection to appstore" - APPSTORE_URL="https://apps.nextcloud.com/" + APPSTORE_URL="https://apps.nextcloud.com/api/v1" if grep -q appstoreurl /var/www/html/config/config.php; then set -x APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')" From 6b2ed113cd1632867920b11be5282dd53b564ecc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Jun 2025 04:21:45 +0000 Subject: [PATCH 0356/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.2.0-alpine to 3.2.1-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.2.1-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 3b19c0af..87fc99ab 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.2.0-alpine +FROM haproxy:3.2.1-alpine # hadolint ignore=DL3002 USER root From ee23d43ca7127fcaf7f3033dfb32e52139d46473 Mon Sep 17 00:00:00 2001 From: Apoorv Parle <19315187+apparle@users.noreply.github.com> Date: Wed, 11 Jun 2025 22:48:52 -0700 Subject: [PATCH 0357/1064] Update watchtower to a well-maintained fork and add podman support Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com> --- Containers/watchtower/Dockerfile | 2 +- Containers/watchtower/start.sh | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 16331f70..173ef09f 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -5,7 +5,7 @@ RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ build-base; \ - go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b; + go install github.com/nicholas-fedor/watchtower@v1.11.3; FROM alpine:3.21.3 diff --git a/Containers/watchtower/start.sh b/Containers/watchtower/start.sh index 2c7a1835..bec4d3a2 100644 --- a/Containers/watchtower/start.sh +++ b/Containers/watchtower/start.sh @@ -9,6 +9,13 @@ elif ! test -r /var/run/docker.sock; then exit 1 fi +if [ -f /run/.containerenv ]; then + # If running under podman disable memory_swappiness setting in watchtower. + # It is a necessary workaround until https://github.com/containers/podman/issues/23824 gets fixed. + echo "Running under Podman. Setting WATCHTOWER_DISABLE_MEMORY_SWAPPINESS to 1." + export WATCHTOWER_DISABLE_MEMORY_SWAPPINESS=1 +fi + if [ -n "$CONTAINER_TO_UPDATE" ]; then exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE" else From 02a7f909a73d22450eb019baa3991872176ca605 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 12 Jun 2025 09:36:36 +0000 Subject: [PATCH 0358/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 2ceabd7a..668e7847 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=31.0.5 +ENV NEXTCLOUD_VERSION=31.0.6 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 3957a03b2d5ff87e268e994f85c2a9fb2457108a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 12 Jun 2025 14:23:35 +0200 Subject: [PATCH 0359/1064] app: move the button to a new line Signed-off-by: Simon L. --- app/templates/admin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/templates/admin.php b/app/templates/admin.php index df675cad..4812ad90 100644 --- a/app/templates/admin.php +++ b/app/templates/admin.php @@ -10,7 +10,7 @@ declare(strict_types=1); */ /** @var array $_ */ ?> From c174ee3a9acd3f9e20bed4e66c0a6b2bef1edf26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Jun 2025 04:56:44 +0000 Subject: [PATCH 0360/1064] build(deps): bump python in /Containers/talk-recording Bumps python from 3.13.4-alpine3.21 to 3.13.5-alpine3.21. --- updated-dependencies: - dependency-name: python dependency-version: 3.13.5-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk-recording/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index cd60844b..634a5de3 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.13.4-alpine3.21 +FROM python:3.13.5-alpine3.21 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 83d490280479dec381a233a6f25e2612237a9945 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Jun 2025 12:29:52 +0000 Subject: [PATCH 0361/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.34.0 to 2.34.1. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/27853eb8b46dc01c33bf9fef67d98df2683c3be2...0f7f1d08e3e32076e51cae65eb0b0c871405b16e) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.34.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 83d53c91..a7b0c5ff 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 + - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 038eea7c..005af782 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 + uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index a45d82ec..2bfe200e 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 + uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 22b05be2..304f9393 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 + uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 4db9b09f..4e168ab7 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 + uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index f166adab..2c40b1ce 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2 + uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 with: php-version: 8.4 extensions: apcu From eb533eef289c7f7a5de351315c6fa5c33fbfdb20 Mon Sep 17 00:00:00 2001 From: Apoorv Parle <19315187+apparle@users.noreply.github.com> Date: Fri, 13 Jun 2025 05:35:10 -0700 Subject: [PATCH 0362/1064] Use watchtower image directly instead of building it Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com> --- Containers/watchtower/Dockerfile | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 173ef09f..ad4dd4b4 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,11 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.4-alpine3.21 AS go - -RUN set -ex; \ - apk upgrade --no-cache -a; \ - apk add --no-cache \ - build-base; \ - go install github.com/nicholas-fedor/watchtower@v1.11.3; +FROM ghcr.io/nicholas-fedor/watchtower:1.11.3 AS watchtower FROM alpine:3.21.3 @@ -13,7 +7,7 @@ RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache bash ca-certificates tzdata -COPY --from=go /go/bin/watchtower /watchtower +COPY --from=watchtower /watchtower /watchtower COPY --chmod=775 start.sh /start.sh From 4344148cddf686a83b09a11cafdaed9df3d12015 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 16 Jun 2025 14:21:05 +0200 Subject: [PATCH 0363/1064] entrypoint.sh: add additional logic for ONLYOFFICE_HOST Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index f798ca79..4b6df98f 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -676,7 +676,12 @@ fi # OnlyOffice if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then - while ! nc -z "$ONLYOFFICE_HOST" 80; do + if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then + ONLYOFFICE_PORT=80 + else + ONLYOFFICE_PORT=443 + fi + while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do echo "waiting for OnlyOffice to become available..." sleep 5 done @@ -690,7 +695,11 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET" php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET" php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt" - php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice" + if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then + ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice" + export ONLYOFFICE_HOST + fi + php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST" else if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then php /var/www/html/occ app:remove onlyoffice From 19793b3753eda8217d0e50e700574d5e29b0cb63 Mon Sep 17 00:00:00 2001 From: Frederik Berg Date: Sun, 15 Jun 2025 23:51:53 +0200 Subject: [PATCH 0364/1064] feat(helm): allow custom data storage class Signed-off-by: Frederik Berg Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 7ad3bd32..129bd0bf 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -222,6 +222,10 @@ find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ sto # shellcheck disable=SC1083 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- end }}" \{} \; # shellcheck disable=SC1083 +find ./ -name 'nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "/{{- if .Values.STORAGE_CLASS }}/i\ {{- if .Values.STORAGE_CLASS_DATA }}\n storageClassName: {{ .Values.STORAGE_CLASS_DATA }}" \{} \; +# shellcheck disable=SC1083 +find ./ -name 'nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "s/{{- if .Values.STORAGE_CLASS }}/{{- else if .Values.STORAGE_CLASS }}/" \{} \; +# shellcheck disable=SC1083 find ./ -name '*deployment.yaml' -exec sed -i "/restartPolicy:/d" \{} \; # shellcheck disable=SC1083 find ./ -name '*apache*' -exec sed -i "s|$APACHE_PORT|{{ .Values.APACHE_PORT }}|" \{} \; @@ -407,6 +411,7 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf echo "" >> /tmp/sample.conf # shellcheck disable=SC2129 echo 'STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf +echo 'STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume' >> /tmp/sample.conf for variable in "${VOLUME_VARIABLE[@]}"; do echo "$variable: 1Gi # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf done From d50f6a375fb2d55cf6a6765002718eff104e6095 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 19 Jun 2025 10:15:28 +0200 Subject: [PATCH 0365/1064] add suggestions Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 129bd0bf..d3a84a9c 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -410,8 +410,8 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf # shellcheck disable=SC2129 echo "" >> /tmp/sample.conf # shellcheck disable=SC2129 -echo 'STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf -echo 'STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume' >> /tmp/sample.conf +echo 'STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!' >> /tmp/sample.conf +echo 'STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf for variable in "${VOLUME_VARIABLE[@]}"; do echo "$variable: 1Gi # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf done From 7141a7dbb2bc2b160aa9628961d73955d63f1573 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 19 Jun 2025 08:30:33 +0000 Subject: [PATCH 0366/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml | 4 +++- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- nextcloud-aio-helm-chart/values.yaml | 3 ++- 16 files changed, 24 insertions(+), 21 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 56f25de4..0ec2cfb8 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.0.0 +version: 11.1.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 739e5931..a263f3d0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-apache:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index a92827c1..8797054c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-clamav:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 5b75622e..95def822 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-collabora:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index a6c58b18..02ab6cbb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index d9579a4c..8b6a1508 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index db4abddf..d11042f3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml index 5be12896..62794e3b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml @@ -6,7 +6,9 @@ metadata: name: nextcloud-aio-nextcloud-data namespace: "{{ .Values.NAMESPACE }}" spec: - {{- if .Values.STORAGE_CLASS }} + {{- if .Values.STORAGE_CLASS_DATA }} + storageClassName: {{ .Values.STORAGE_CLASS_DATA }} + {{- else if .Values.STORAGE_CLASS }} storageClassName: {{ .Values.STORAGE_CLASS }} {{- end }} accessModes: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 10920dee..ce523d56 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 command: - chmod - "777" @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250619_082329 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index e99a3d60..e1357a83 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index c9ca83d4..ace321b6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 9b6d9fb6..d9532000 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-redis:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index c8083702..67ea27ee 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-talk:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index c1142a8c..b73f6a95 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 5b3e9f81..c748ce83 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250610_074316 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250619_082329 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml index 5bd7e582..10603a7c 100755 --- a/nextcloud-aio-helm-chart/values.yaml +++ b/nextcloud-aio-helm-chart/values.yaml @@ -38,7 +38,8 @@ REMOVE_DISABLED_APPS: yes # Setting this to no keep Nextcloud apps that a TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work! UPDATE_NEXTCLOUD_APPS: no # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays. -STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes +STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! +STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones! APACHE_STORAGE_SIZE: 1Gi # You can change the size of the apache volume that default to 1Gi with this value CLAMAV_STORAGE_SIZE: 1Gi # You can change the size of the clamav volume that default to 1Gi with this value DATABASE_STORAGE_SIZE: 1Gi # You can change the size of the database volume that default to 1Gi with this value From 2f8b3492624c21120547aa7b42b4878e179882db Mon Sep 17 00:00:00 2001 From: Richard Steinmetz Date: Thu, 19 Jun 2025 14:47:11 +0200 Subject: [PATCH 0367/1064] fix: nextcloud container sometimes becoming stuck terminating Signed-off-by: Richard Steinmetz --- Containers/nextcloud/run-exec-commands.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh index 4fff009c..9ef6ba69 100644 --- a/Containers/nextcloud/run-exec-commands.sh +++ b/Containers/nextcloud/run-exec-commands.sh @@ -26,4 +26,11 @@ else fi fi -sleep inf +signal_handler() { + exit 0 +} + +trap signal_handler SIGINT SIGTERM + +sleep inf & +wait $! From b2ce65472eb4e7f80fdcf128e92d747289f6a0dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Jun 2025 04:42:51 +0000 Subject: [PATCH 0368/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.2.2.1 to 25.04.3.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.3.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 95d8b68f..5fd88186 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.2.2.1 +FROM collabora/code:25.04.3.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 2552c24c6f5503f449abdf692864b4159df651a3 Mon Sep 17 00:00:00 2001 From: Apoorv Parle <19315187+apparle@users.noreply.github.com> Date: Fri, 20 Jun 2025 01:17:45 -0700 Subject: [PATCH 0369/1064] Merge pull request #5568 from apparle/enable_local_testability mastercontainer: enable local testability --- Containers/mastercontainer/Dockerfile | 5 ++++- develop.md | 10 ++++++++++ php/public/index.php | 7 ++++++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index f798254d..3a61e718 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -8,6 +8,9 @@ FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile FROM php:8.4.8-fpm-alpine3.21 +ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git" +ARG AIO_GIT_BRANCH="main" + EXPOSE 80 EXPOSE 8080 EXPOSE 8443 @@ -64,7 +67,7 @@ RUN set -ex; \ wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \ chmod +x /usr/local/bin/composer; \ cd /var/www/docker-aio; \ - git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \ + git clone "$AIO_GIT_URL" --depth 1 --single-branch --branch "$AIO_GIT_BRANCH" .; \ find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \ rm -r ./php/tests; \ chown www-data:www-data -R /var/www/docker-aio; \ diff --git a/develop.md b/develop.md index b6aa031d..abf52208 100644 --- a/develop.md +++ b/develop.md @@ -47,3 +47,13 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m ## How to connect to the database? Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in. + +## How to locally build and test changes to mastercontainer? +1. Push changes to your own git fork and branch. +1. Use below commands to build mastercontainer image for a custom git url and branch: +``` +cd Containers/mastercontainer +docker buildx build -t ghcr.io/nextcloud-releases/all-in-one:latest --build-arg AIO_GIT_URL="https://github.com/my-fork-repo/all-in-one.git" --build-arg AIO_GIT_BRANCH="my-feature-branch" --load . +``` +1. Start a container with above built image. +1. Since the hash of a locally built image doesn't match the latest release mastercontainer, it prompts for a mandatory update. To temporarily bypass the update suffix `?bypass_mastercontainer_update` to the URL. Eg: `https://localhost:8080/containers?bypass_mastercontainer_update` diff --git a/php/public/index.php b/php/public/index.php index 60440805..712f1463 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -82,6 +82,11 @@ $app->get('/containers', function (Request $request, Response $response, array $ $dockerController = $container->get(\AIO\Controller\DockerController::class); $dockerActionManger->ConnectMasterContainerToNetwork(); $dockerController->StartDomaincheckContainer(); + + // Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image. + $params = $request->getQueryParams(); + $bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']); + return $view->render($response, 'containers.twig', [ 'domain' => $configurationManager->GetDomain(), 'apache_port' => $configurationManager->GetApachePort(), @@ -91,7 +96,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'), 'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(), 'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'), - 'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(), + 'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManger->IsMastercontainerUpdateAvailable() ), 'has_backup_run_once' => $configurationManager->hasBackupRunOnce(), 'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(), 'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(), From ec654ecd58fee65eb9fa9ca8ecec61cc28f97f7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A7alo=20Pereira?= Date: Sat, 21 Jun 2025 00:59:34 +0100 Subject: [PATCH 0370/1064] Typo in readme on backup migration section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Gonçalo Pereira --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 3052b303..77285975 100644 --- a/readme.md +++ b/readme.md @@ -801,7 +801,7 @@ If you have the borg backup feature enabled, you can copy it over to the new hos 1. Note the path where the backups are stored and the encryption password 1. Navigate to the backup folder 1. Create archive of the backup so it's easier to copy: `tar -czvf borg.tar.gz borg` -1. Copy the archive over to the new host: `cp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive. +1. Copy the archive over to the new host: `scp borg.tar.gz user@new.host:/mnt`. Make sure to replace `user` with your actual user and `new.host` with the IP or domain of the actual host. You can also use another way to copy the archive. 1. Switch to the new host 1. Go to the folder you put the backup archive and extract it with `tar -xf borg.tar.gz` 1. Follow the installation guide to create a new aio instance, but do not start the containers yet (the `docker run` or `docker compose up -d` command) From 00b24653796424e1a095bd6634e844e194fdc405 Mon Sep 17 00:00:00 2001 From: Apoorv Parle <19315187+apparle@users.noreply.github.com> Date: Sun, 22 Jun 2025 02:17:25 -0700 Subject: [PATCH 0371/1064] Add check in daily-backup.sh for uninitialized state Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com> --- Containers/mastercontainer/daily-backup.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index 13c0ad85..fbb49c70 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -2,6 +2,13 @@ echo "Daily backup script has started" +# Check if initial configuration has been done, otherwise this script should do nothing. +configFile=/mnt/docker-aio-config/data/configuration.json +if [ ! -f "$configFile" ] || ! grep -q -E '"wasStartButtonClicked"\s*:\s*1\s*,' "$configFile"; then + echo "Initial configuration not done yet. Exiting..." + exit 0 +fi + # Daily backup and backup check cannot be run at the same time if [ "$DAILY_BACKUP" = 1 ] && [ "$CHECK_BACKUP" = 1 ]; then echo "Daily backup and backup check cannot be run at the same time. Exiting..." From 3b93da5ff5ec73fd3c32218431c89cd68aa01f5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Jun 2025 11:08:51 +0000 Subject: [PATCH 0372/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.0.5 to v1.1.1. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 41f27704..4d8ee168 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.5 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.1 USER root RUN set -ex; \ From 9f9a002ba767cae419fe884e2b5566fc1f32dcb8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 23 Jun 2025 13:58:14 +0200 Subject: [PATCH 0373/1064] increase to 11.2.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index e71023c0..22f4477e 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.1.0

    +

    Nextcloud AIO v11.2.0

    {# Add 2nd tab warning #} From 2366cda31cedeb3ec16cd6c36950aa01ab250449 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 23 Jun 2025 16:18:19 +0200 Subject: [PATCH 0374/1064] add additional hint that the network can be created manually with ipv6 support Signed-off-by: Simon L. --- docker-ipv6-support.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-ipv6-support.md b/docker-ipv6-support.md index 5e61ba56..a784e7c7 100644 --- a/docker-ipv6-support.md +++ b/docker-ipv6-support.md @@ -5,7 +5,7 @@ First of all upgrade your docker installation to v27.0.1 or higher. 1. Then edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), add the below json: > [!WARNING] -> This will enable ipv6 for all new docker networks by default! +> This will enable ipv6 for all new docker networks by default! You can alternatively create the `nextcloud-aio` network with ipv6 support by hand manually via docker network create or via compose.yaml. ```json { @@ -30,7 +30,7 @@ Then, on Windows and macOS which use Docker Desktop, you need to go into the set 1. You need to now adjust this json file: > [!WARNING] -> This will enable ipv6 for all new docker networks by default! +> This will enable ipv6 for all new docker networks by default! You can alternatively create the `nextcloud-aio` network with ipv6 support by hand manually via docker network create or via compose.yaml. ```json "default-network-opts": {"bridge":{"com.docker.network.enable_ipv6":"true"}} From 108dcf6c486ed9a1ce740e44d609d5889fe2ae1e Mon Sep 17 00:00:00 2001 From: Apoorv Parle <19315187+apparle@users.noreply.github.com> Date: Tue, 24 Jun 2025 01:24:26 -0700 Subject: [PATCH 0375/1064] Update Containers/mastercontainer/daily-backup.sh based on review comments Co-authored-by: Simon L. Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com> --- Containers/mastercontainer/daily-backup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index fbb49c70..c68835ea 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -3,9 +3,9 @@ echo "Daily backup script has started" # Check if initial configuration has been done, otherwise this script should do nothing. -configFile=/mnt/docker-aio-config/data/configuration.json -if [ ! -f "$configFile" ] || ! grep -q -E '"wasStartButtonClicked"\s*:\s*1\s*,' "$configFile"; then - echo "Initial configuration not done yet. Exiting..." +CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json +if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE"; then + echo "Initial configuration via AIO interface not done yet. Exiting..." exit 0 fi From 698732254ba91362e087e70fd9ca58450d8fe1db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jun 2025 12:32:53 +0000 Subject: [PATCH 0376/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.1.1 to v1.1.2. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.1.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 4d8ee168..bbf0cc6e 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.1 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.2 USER root RUN set -ex; \ From a0e420195532ee973cb069f7508aa21457d921c4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 24 Jun 2025 14:37:52 +0200 Subject: [PATCH 0377/1064] increase to 11.2.1 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 22f4477e..428af83d 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.2.0

    +

    Nextcloud AIO v11.2.1

    {# Add 2nd tab warning #} From 914d9bfd7f614e838e31f7a4daca0e474bbfc672 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Jun 2025 04:38:18 +0000 Subject: [PATCH 0378/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.2.2-cli to 28.3.0-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.3.0-cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 3a61e718..e5764d4c 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.2.2-cli AS docker +FROM docker:28.3.0-cli AS docker # Caddy is a requirement FROM caddy:2.10.0-alpine AS caddy From e28d0516f5703fd967f38e5bbba13f754f300845 Mon Sep 17 00:00:00 2001 From: Apoorv Parle <19315187+apparle@users.noreply.github.com> Date: Thu, 26 Jun 2025 00:54:11 -0700 Subject: [PATCH 0379/1064] Use exec for supervisord replace process and propagate signals Signed-off-by: Apoorv Parle <19315187+apparle@users.noreply.github.com> --- Containers/mastercontainer/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 9158d5b0..9b948776 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -366,4 +366,4 @@ caddy fmt --overwrite /Caddyfile chmod 777 /root # Start supervisord -/usr/bin/supervisord -c /supervisord.conf +exec /usr/bin/supervisord -c /supervisord.conf From ddbeca9170470ce43b48bc7117c6bb35f4f18f0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20M=C3=BCller?= <28591861+alexanderdd@users.noreply.github.com> Date: Thu, 26 Jun 2025 03:30:24 -0500 Subject: [PATCH 0380/1064] readme: add "do not install Docker as snap" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Alexander Müller <28591861+alexanderdd@users.noreply.github.com> Signed-off-by: Simon L. --- readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/readme.md b/readme.md index 77285975..07e5375c 100644 --- a/readme.md +++ b/readme.md @@ -81,6 +81,9 @@ Included are: | ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) | ## How to use this? +>[!WARNING] +> You should first make sure that you are not using docker installed via snap. You can check this by running `sudo docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"`. If the output should contain the mentioned string `/var/snap/docker/`, you should first uninstall docker snap via `sudo snap remove docker` and then follow the instructions below. ⚠️ Attention: only run the command if this is a clean new docker installation and you are not running any service already using this. + > [!NOTE] > The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). From ce1208b26eecc2f9f052af578c5fc956ec5452eb Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 10 Jun 2025 15:44:15 +0200 Subject: [PATCH 0381/1064] add container-managment cc Signed-off-by: Simon L. --- community-containers/caddy/readme.md | 2 +- .../container-management.json | 41 +++++++++++++++++++ .../container-management/readme.md | 15 +++++++ .../facerecognition/readme.md | 6 ++- community-containers/fail2ban/readme.md | 2 +- community-containers/lldap/readme.md | 3 +- community-containers/npmplus/readme.md | 2 +- community-containers/readme.md | 2 +- readme.md | 12 +++--- 9 files changed, 72 insertions(+), 13 deletions(-) create mode 100644 community-containers/container-management/container-management.json create mode 100644 community-containers/container-management/readme.md diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index d6e63e41..f9b5a020 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -11,7 +11,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb. - If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr. - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active! -- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. +- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository diff --git a/community-containers/container-management/container-management.json b/community-containers/container-management/container-management.json new file mode 100644 index 00000000..9563139d --- /dev/null +++ b/community-containers/container-management/container-management.json @@ -0,0 +1,41 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-container-management", + "display_name": "Container Management", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management", + "image": "ghcr.io/szaimen/aio-container-management", + "image_tag": "v1", + "internal_port": "5804", + "restart": "unless-stopped", + "ports": [ + { + "ip_binding": "", + "port_number": "5804", + "protocol": "tcp" + } + ], + "volumes": [ + { + "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%", + "destination": "/var/run/docker.sock", + "writeable": false + } + ], + "environment": [ + "TZ=%TIMEZONE%", + "SECURE_CONNECTION=1", + "WEB_AUTHENTICATION=1", + "USER_ID=0", + "GROUP_ID=0", + "WEB_AUTHENTICATION_USERNAME=container-management", + "WEB_AUTHENTICATION_PASSWORD=%CONTAINER_MANAGEMENT_PASSWORD%", + "WEB_LISTENING_PORT=5804" + ], + "secrets": [ + "CONTAINER_MANAGEMENT_PASSWORD" + ], + "ui_secret": "CONTAINER_MANAGEMENT_PASSWORD" + } + ] +} diff --git a/community-containers/container-management/readme.md b/community-containers/container-management/readme.md new file mode 100644 index 00000000..e8c17313 --- /dev/null +++ b/community-containers/container-management/readme.md @@ -0,0 +1,15 @@ +## Container-Management +This container allows to manage insides of other containers via a GUI inside a Web session by allowing to run docker commands from inside this container. + +### Notes +- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5804` in order to log in with the user `container-management` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). +- Then, you should see a terminal. There you can use any docker command. ⚠️ Be very carefully while doing that as can break your instance! +- There are also some pre-made scripts that make configuring some of the community containers easier. For example scripts for [LLDAP](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) and [Facerecognition](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition). +- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack + +### Repository +https://github.com/szaimen/aio-container-management + +### Maintainer +https://github.com/szaimen diff --git a/community-containers/facerecognition/readme.md b/community-containers/facerecognition/readme.md index c715d9c7..474ed1e2 100644 --- a/community-containers/facerecognition/readme.md +++ b/community-containers/facerecognition/readme.md @@ -4,7 +4,8 @@ This container bundles the external model of facerecognition and auto-configures ### Notes - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container. - The image analysis is currently set to fixed value of `1G`. See [this](https://github.com/search?q=repo%3Anextcloud%2Fall-in-one+1G+path%3A%2F%5Ecommunity-containers%5C%2Ffacerecognition%5C%2F%2F&type=code) -- Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container: +- Facerecognition is by default disabled for all users. If you want to enable facerecognition for all users, you can run the following commands before adding this container:
    +**Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /facerecognition.sh`. ```bash # Go into the container sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash @@ -22,7 +23,8 @@ This container bundles the external model of facerecognition and auto-configures # Exit the container shell exit ``` -- If facerecognition shall analyze shared files & folders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_shared_files --value true`), groupfolders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_group_files --value true`) and/or external storages (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_external_files --value true`) in Nextcloud, you need to enable support for it manually first by running the mentioned commands before adding this container. See https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings for further notes on each of these settings. +- If facerecognition shall analyze shared files & folders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_shared_files --value true`), groupfolders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_group_files --value true`) and/or external storages (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_external_files --value true`) in Nextcloud, you need to enable support for it manually first by running the mentioned commands before adding this container. See https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings for further notes on each of these settings.
    +**Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository diff --git a/community-containers/fail2ban/readme.md b/community-containers/fail2ban/readme.md index cb78639c..28ab21e3 100644 --- a/community-containers/fail2ban/readme.md +++ b/community-containers/fail2ban/readme.md @@ -4,7 +4,7 @@ This container bundles fail2ban and auto-configures it for you in order to block ### Notes - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`. - If you get an error like `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this. -- You can unban ip addresses like so for example: `docker exec -it nextcloud-aio-fail2ban fail2ban-client set nextcloud unbanip 203.113.167.162`. +- You can unban ip addresses like so for example: `docker exec -it nextcloud-aio-fail2ban fail2ban-client set nextcloud unbanip 203.113.167.162`. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index 74a51c61..ce4636bc 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -23,7 +23,8 @@ First, you need to retrieve the LLDAP admin password, this will be used later on sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS ``` -Now go into the Nextcloud container: +Now go into the Nextcloud container:
    +**Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /lldap.sh`. ```bash sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash ``` diff --git a/community-containers/npmplus/readme.md b/community-containers/npmplus/readme.md index 437c6771..a71b4af2 100644 --- a/community-containers/npmplus/readme.md +++ b/community-containers/npmplus/readme.md @@ -8,7 +8,7 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for - After the container was started the first time, please check the logs for errors. Then you can open NPMplus on `https://:81` and change the password. - The default password is `iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX9KfmDQiwkLZH1ZDR9xMjiG2QmoHXi` and the default email is `admin@example.org` - If you want to use NPMplus behind a domain and outside localhost just create a new proxy host inside the NPMplus which proxies to `https`, `127.0.0.1` and port `81` - all other settings should be the same as for the AIO host. -- If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume +- If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution! - **Important:** you always need to enable https for your hosts, since `DISABLE_HTTP` is set to true by default - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack diff --git a/community-containers/readme.md b/community-containers/readme.md index 84283d38..1631a952 100644 --- a/community-containers/readme.md +++ b/community-containers/readme.md @@ -17,4 +17,4 @@ Yes, see [this list](https://github.com/nextcloud/all-in-one/issues/5251) for al ## How to remove containers from AIOs stack? You can remove containers now via the web interface. -After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`). +After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`). **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management diff --git a/readme.md b/readme.md index 3052b303..bac0e0a0 100644 --- a/readme.md +++ b/readme.md @@ -567,16 +567,16 @@ On older TrueNAS SCALE releases with Kubernetes environment, there are two ways Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart. ### How to run `occ` commands? -Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run. +Simply run the following: `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management ### How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`? -Simply run the following command: `sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `US` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements +Simply run the following command: `sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `US` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management ### How to run multiple AIO instances on one server? See [multiple-instances.md](./multiple-instances.md) for some documentation on this. ### Bruteforce protection FAQ -Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. +Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management ### How to switch the channel? You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. @@ -658,10 +658,10 @@ Since Podman is not 100% compatible with the Docker API, Podman is not supported ### Access/Edit Nextcloud files/folders manually The files and folders that you add to Nextcloud are by default stored in the following docker directory: `nextcloud_aio_nextcloud:/mnt/ncdata/` (usually `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on linux host systems). If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state. -After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`. +After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management ### How to edit Nextclouds config.php file with a texteditor? -You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file. +You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management ### How to change default files by creating a custom skeleton directory? All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration. To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory). @@ -1057,7 +1057,7 @@ Netdata allows you to monitor your server using a GUI. You can install it by fol If you want to use the user_sql app, the easiest way is to create an additional database container and add it to the docker network `nextcloud-aio`. Then the Nextcloud container should be able to talk to the database container using its name. ### phpMyAdmin, Adminer or pgAdmin -It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/3061#discussioncomment-7307045 +It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/3061#discussioncomment-7307045 **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management ### Mail server You can configure one yourself by using either of these four recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Mailu](https://github.com/Mailu/Mailu), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server), [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------) or [Stalwart](https://stalw.art/). There is now a community container which allows to easily add Stalwart Mail server to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart From 58d79307a18e1ec3e292dac56d69396089283873 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Jun 2025 04:41:24 +0000 Subject: [PATCH 0382/1064] build(deps): bump onlyoffice/documentserver in /Containers/onlyoffice Bumps onlyoffice/documentserver from 8.3.3.1 to 9.0.2.1. --- updated-dependencies: - dependency-name: onlyoffice/documentserver dependency-version: 9.0.2.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index 97587907..8d841707 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:8.3.3.1 +FROM onlyoffice/documentserver:9.0.2.1 # USER root is probably used From 1c3b257107995d684ec87a707c5f0e92361517d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Jun 2025 04:41:28 +0000 Subject: [PATCH 0383/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.4-scratch to 2.11.5-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.5-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index a84864cc..7714a00f 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.4-scratch AS nats +FROM nats:2.11.5-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling FROM alpine:3.21.3 AS janus From d520f106c33daef5ab692100849624fcc74457d3 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Sat, 28 Jun 2025 12:02:55 +0000 Subject: [PATCH 0384/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 699d5dbb..73b56a53 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -3875,16 +3875,16 @@ }, { "name": "symfony/console", - "version": "v6.4.22", + "version": "v6.4.23", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3" + "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3", - "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3", + "url": "https://api.github.com/repos/symfony/console/zipball/9056771b8eca08d026cd3280deeec3cfd99c4d93", + "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93", "shasum": "" }, "require": { @@ -3949,7 +3949,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.22" + "source": "https://github.com/symfony/console/tree/v6.4.23" }, "funding": [ { @@ -3965,7 +3965,7 @@ "type": "tidelift" } ], - "time": "2025-05-07T07:05:04+00:00" + "time": "2025-06-27T19:37:22+00:00" }, { "name": "symfony/filesystem", From cca0ce9e72a0c2a38b838b08d065c164e90157e5 Mon Sep 17 00:00:00 2001 From: Prokop Schield <76836484+prokopschield@users.noreply.github.com> Date: Sun, 29 Jun 2025 12:58:14 +0200 Subject: [PATCH 0385/1064] fix: typo Signed-off-by: Prokop Schield <76836484+prokopschield@users.noreply.github.com> --- reverse-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index e9f603e5..84aad3d1 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -273,7 +273,7 @@ Although it does not seem like it is the case but from AIO perspective a Cloudfl ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. 1. Now continue with [point 2](#2-use-this-startup-command) but add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command - which will disable the domain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). -**Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown. +**Advice:** Make sure to [disable Cloudflare's Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
    From 5d1bebfd0b959336bd53388f5fa911a215ddceb6 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 1 Jul 2025 11:34:38 +0200 Subject: [PATCH 0386/1064] Revert "build(deps): bump onlyoffice/documentserver from 8.3.3.1 to 9.0.2.1 in /Containers/onlyoffice" --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index 8d841707..97587907 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:9.0.2.1 +FROM onlyoffice/documentserver:8.3.3.1 # USER root is probably used From 88541ffe26937fc0c276124bbfe871d557245a5b Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 1 Jul 2025 11:53:05 +0000 Subject: [PATCH 0387/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 0ec2cfb8..9b9ef61e 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.1.0 +version: 11.2.1 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index a263f3d0..5751c7bf 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-apache:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 8797054c..6d2678f8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-clamav:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 95def822..ce2417e4 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-collabora:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 02ab6cbb..450868ed 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 8b6a1508..53180a99 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index d11042f3..a452962e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index ce523d56..688ac9b4 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 command: - chmod - "777" @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250701_092737 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index e1357a83..480e046f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index ace321b6..0b79be44 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index d9532000..4120a5f5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-redis:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 67ea27ee..4424d662 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-talk:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index b73f6a95..e121f2e6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250701_092737 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index c748ce83..e3734f10 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250619_082329 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250701_092737 readinessProbe: exec: command: From fcc74e2105c37f04639a71327cf968fb04e30003 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 1 Jul 2025 15:01:10 +0200 Subject: [PATCH 0388/1064] DockerActionManager: always add a Hostname to each container Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 16f28e52..c73441b4 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -584,6 +584,8 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Mounts'] = $mounts; } + $requestBody['Hostname'] = $container->GetIdentifier(); + $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier()); try { $this->guzzleClient->request( From aec692208ede7973204f1b3c679621ae99c95dea Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Tue, 10 Jun 2025 16:43:18 +0200 Subject: [PATCH 0389/1064] libretranslate: add `(deprecated)` to its display name Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Signed-off-by: Simon L. --- community-containers/libretranslate/libretranslate.json | 2 +- php/containers-schema.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/community-containers/libretranslate/libretranslate.json b/community-containers/libretranslate/libretranslate.json index 98970db4..dad8d007 100644 --- a/community-containers/libretranslate/libretranslate.json +++ b/community-containers/libretranslate/libretranslate.json @@ -2,7 +2,7 @@ "aio_services_v1": [ { "container_name": "nextcloud-aio-libretranslate", - "display_name": "LibreTranslate", + "display_name": "LibreTranslate (deprecated)", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/libretranslate", "image": "ghcr.io/szaimen/aio-libretranslate", "image_tag": "v1", diff --git a/php/containers-schema.json b/php/containers-schema.json index 46782a33..cd746ebf 100644 --- a/php/containers-schema.json +++ b/php/containers-schema.json @@ -47,7 +47,7 @@ }, "display_name": { "type": "string", - "pattern": "^[A-Za-z 0-9-]+$" + "pattern": "^[()A-Za-z 0-9-]+$" }, "environment": { "type": "array", From 1b3e519cd76a989f5f8ba22572c0dca54f0fd960 Mon Sep 17 00:00:00 2001 From: Anupam Kumar Date: Tue, 1 Jul 2025 17:53:41 +0530 Subject: [PATCH 0390/1064] feat(talk): add SKIP_CERT_VERIFY env This environment variable when set to "true" will allow usage of self-signed certificates. Signed-off-by: Anupam Kumar Signed-off-by: Simon L. --- Containers/talk/Dockerfile | 1 + Containers/talk/start.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 7714a00f..4654ef44 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -37,6 +37,7 @@ RUN set -ex; \ FROM alpine:3.21.3 ENV ETURNAL_ETC_DIR="/conf" +ENV SKIP_CERT_VERIFY=false COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local COPY --from=eturnal --chmod=777 --chown=1000:1000 /opt/eturnal /opt/eturnal COPY --from=nats --chmod=777 --chown=1000:1000 /nats-server /usr/local/bin/nats-server diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh index 185dde8a..b07f5bc9 100644 --- a/Containers/talk/start.sh +++ b/Containers/talk/start.sh @@ -95,6 +95,7 @@ backends = backend-1 allowall = false timeout = 10 connectionsperhost = 8 +skipverify = ${SKIP_CERT_VERIFY} [backend-1] url = https://${NC_DOMAIN} From d20812b0e8d39fcb38eec5dd50d8e5ff96400fba Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 1 Jul 2025 17:43:36 +0200 Subject: [PATCH 0391/1064] add comment Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 1 + 1 file changed, 1 insertion(+) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index c73441b4..61cb41bb 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -584,6 +584,7 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Mounts'] = $mounts; } + // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589 $requestBody['Hostname'] = $container->GetIdentifier(); $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier()); From 9967aea70c11318bb63c4908a3857e2f58983e9b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 1 Jul 2025 17:58:27 +0200 Subject: [PATCH 0392/1064] CreateContainers: add `"com.centurylinklabs.watchtower.enable": "false"` to all managed containers Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 61cb41bb..b3560968 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -584,6 +584,9 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Mounts'] = $mounts; } + // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature. + $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "org.label-schema.vendor" => "Nextcloud"]; + // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589 $requestBody['Hostname'] = $container->GetIdentifier(); From df13ca077cb4bbc93eae61b8491255e42756c409 Mon Sep 17 00:00:00 2001 From: Olicorne <26625900+thiswillbeyourgithub@users.noreply.github.com> Date: Tue, 1 Jul 2025 18:52:44 +0200 Subject: [PATCH 0393/1064] readme: improve the `How to stop/start/update containers or trigger the daily backup from a script externally?` section (#6592) Signed-off-by: thiswillbeyourgithub <26625900+thiswillbeyourgithub@users.noreply.github.com> Signed-off-by: Simon L. --- readme.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/readme.md b/readme.md index 862202cf..9338ea4a 100644 --- a/readme.md +++ b/readme.md @@ -1033,11 +1033,13 @@ After doing a restore via the AIO interface, you might run into problems due to You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environment variables: - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards. - `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option. -- `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them. -- `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers. -- `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`. Please be aware that this option is non-blocking which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration. +- `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers at the start of the script. Implied by `DAILY_BACKUP=1`. +- `START_CONTAINERS` if set to `1`, it will automatically start the containers at the end of the script, without updating them. Implied by `DAILY_BACKUP=1`. +- `CHECK_BACKUP` if set to `1`, it will start the integrity check of all borg backups made by AIO. Note that the backup check is non blocking so containers can be kept running while the check lasts. That means you can't pass `DAILY_BACKUP=1` at the same time. The output of the check can be found in the logs of the container `nextcloud-aio-borgbackup`. -One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script. +One example to do a backup would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script. + +Likewise to do a backup check would be `sudo docker exec --env DAILY_BACKUP=0 --env CHECK_BACKUP=1 --env STOP_CONTAINERS=0 nextcloud-aio-mastercontainer /daily-backup.sh`. > [!NOTE] > None of the option returns error codes. So you need to check for the correct result yourself. From b561c59b9326b53ff67af94285eaad787429a1d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Jul 2025 04:27:41 +0000 Subject: [PATCH 0394/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.5-scratch to 2.11.6-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.6-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 4654ef44..67bb7e61 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.5-scratch AS nats +FROM nats:2.11.6-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling FROM alpine:3.21.3 AS janus From 306818dc10421b00936c6d2d2f305e96cd823f4c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Jul 2025 04:28:08 +0000 Subject: [PATCH 0395/1064] build(deps): bump nicholas-fedor/watchtower in /Containers/watchtower Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from 1.11.3 to 1.11.5. - [Release notes](https://github.com/nicholas-fedor/watchtower/releases) - [Changelog](https://github.com/nicholas-fedor/watchtower/blob/main/goreleaser.yml) - [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.3...v1.11.5) --- updated-dependencies: - dependency-name: nicholas-fedor/watchtower dependency-version: 1.11.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index ad4dd4b4..76cfd60f 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM ghcr.io/nicholas-fedor/watchtower:1.11.3 AS watchtower +FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower FROM alpine:3.21.3 From 07dc4de9fff7b9e52db1853c81154813ec16efb5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 3 Jul 2025 04:43:58 +0000 Subject: [PATCH 0396/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.2.1-alpine to 3.2.2-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.2.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 87fc99ab..bcc7ac71 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.2.1-alpine +FROM haproxy:3.2.2-alpine # hadolint ignore=DL3002 USER root From 3e9ce2be055286432e8983af7c11bcb2df0856af Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 3 Jul 2025 10:00:59 +0200 Subject: [PATCH 0397/1064] instance-restore: make sure that the configured borg restore location is not a children of or equal to NEXTCLOUD_DATADIR Signed-off-by: Simon L. --- php/src/Data/ConfigurationManager.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d4af26b1..5f950fc7 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -484,8 +484,13 @@ class ConfigurationManager } if (!$isValidPath) { - throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!"); + throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'! Another option is to use the docker volume name 'nextcloud_aio_backupdir'."); } + + if (str_starts_with($location, rtrim($this->GetNextcloudDatadirMount(), '/'))) { + throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->GetNextcloudDatadirMount()); + } + } else { $this->ValidateBorgRemoteRepo($repo); } From bf4cf0ad276fe9fbd66574cfc331f361ca75468c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 3 Jul 2025 10:28:47 +0200 Subject: [PATCH 0398/1064] increase to 11.3.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 428af83d..6d50efd4 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.2.1

    +

    Nextcloud AIO v11.3.0

    {# Add 2nd tab warning #} From 983e523bde3d24dc89de36185653c17f0d831bf5 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 3 Jul 2025 11:44:50 +0200 Subject: [PATCH 0399/1064] make the check for backup dir and datadir fail proof Signed-off-by: Simon L. --- php/src/Data/ConfigurationManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 5f950fc7..64542801 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -487,7 +487,7 @@ class ConfigurationManager throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'! Another option is to use the docker volume name 'nextcloud_aio_backupdir'."); } - if (str_starts_with($location, rtrim($this->GetNextcloudDatadirMount(), '/'))) { + if (str_starts_with($location . '/', rtrim($this->GetNextcloudDatadirMount(), '/') . '/')) { throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->GetNextcloudDatadirMount()); } From 362cad79dbfb0ec0c803111d62d51ff1e18d0143 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 3 Jul 2025 11:48:22 +0200 Subject: [PATCH 0400/1064] add comment with link Signed-off-by: Simon L. --- php/src/Data/ConfigurationManager.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 64542801..bfc59f7c 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -487,6 +487,8 @@ class ConfigurationManager throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'! Another option is to use the docker volume name 'nextcloud_aio_backupdir'."); } + // Prevent backup to be contained in Nextcloud Datadir as this will delete the backup archive upon restore + // See https://github.com/nextcloud/all-in-one/issues/6607 if (str_starts_with($location . '/', rtrim($this->GetNextcloudDatadirMount(), '/') . '/')) { throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->GetNextcloudDatadirMount()); } From 90b1a645720aa9f86d65f38bc1111de113e1e2ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Sch=C3=A4fer?= Date: Wed, 2 Jul 2025 11:27:26 +0200 Subject: [PATCH 0401/1064] Make elasticsearch connection configurable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Felix Schäfer --- Containers/nextcloud/entrypoint.sh | 4 ++-- manual-install/latest.yml | 3 +++ .../templates/nextcloud-aio-nextcloud-deployment.yaml | 6 ++++++ php/containers.json | 3 +++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 4b6df98f..70e44984 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -809,7 +809,7 @@ fi # Fulltextsearch if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then - while ! nc -z "$FULLTEXTSEARCH_HOST" 9200; do + while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT"; do echo "waiting for Fulltextsearch to become available..." sleep 5 done @@ -835,7 +835,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then php /var/www/html/occ app:update files_fulltextsearch fi php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}' - php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}" + php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXT_PORT\",\"elastic_index\":\"$FULLTEXT_INDEX\"}" php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}" # Do the index diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 04ac9193..84b113d3 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -165,6 +165,9 @@ services: - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT} - FULLTEXTSEARCH_ENABLED - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch + - FULLTEXTSEARCH_PORT=9200 + - FULLTEXTSEARCH_USER=elastic + - FULLTEXTSEARCH_INDEX=nextcloud-aio - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME} - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR} - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS} diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 688ac9b4..ca6704d4 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -110,6 +110,12 @@ spec: value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}" - name: FULLTEXTSEARCH_HOST value: nextcloud-aio-fulltextsearch + - name: FULLTEXTSEARCH_PORT + value: 9200 + - name: FULLTEXTSEARCH_USER + value: elastic + - name: FULLTEXTSEARCH_INDEX + value: nextcloud-aio - name: FULLTEXTSEARCH_PASSWORD value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}" - name: IMAGINARY_ENABLED diff --git a/php/containers.json b/php/containers.json index 38fdb09a..cead6d32 100644 --- a/php/containers.json +++ b/php/containers.json @@ -236,6 +236,9 @@ "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%", "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%", "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch", + "FULLTEXTSEARCH_PORT=9200", + "FULLTEXTSEARCH_USER=elastic", + "FULLTEXTSEARCH_INDEX=nextcloud-aio", "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%", "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%", "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%", From 4cf1a3839b5ac274938d3aff6d4c376303599f3b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 3 Jul 2025 15:12:00 +0200 Subject: [PATCH 0402/1064] collabora: change startup logs from trace to warning Signed-off-by: Simon L. --- php/containers.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/containers.json b/php/containers.json index 38fdb09a..a03cee1a 100644 --- a/php/containers.json +++ b/php/containers.json @@ -377,7 +377,7 @@ "internal_port": "9980", "environment": [ "aliasgroup1=https://%NC_DOMAIN%:443", - "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+", + "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+", "dictionaries=%COLLABORA_DICTIONARIES%", "TZ=%TIMEZONE%", "server_name=%NC_DOMAIN%", From 4e25a56edcbc77c4c801bdfa1321c33643e8335a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Jul 2025 04:42:43 +0000 Subject: [PATCH 0403/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.4.8-fpm-alpine3.21 to 8.4.10-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-version: 8.4.10-fpm-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index e5764d4c..8a8ac7ee 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:28.3.0-cli AS docker FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile -FROM php:8.4.8-fpm-alpine3.21 +FROM php:8.4.10-fpm-alpine3.21 ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git" ARG AIO_GIT_BRANCH="main" From b593f0388edeabeba80f6fbcd7d18017b7c4d052 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Jul 2025 04:42:45 +0000 Subject: [PATCH 0404/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.3.0-cli to 28.3.1-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.3.1-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index e5764d4c..3e8133c8 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.3.0-cli AS docker +FROM docker:28.3.1-cli AS docker # Caddy is a requirement FROM caddy:2.10.0-alpine AS caddy From d0df45bf522368847e20ee37da169d4c2f028064 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Jul 2025 04:43:06 +0000 Subject: [PATCH 0405/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.22-fpm-alpine3.21 to 8.3.23-fpm-alpine3.21. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.23-fpm-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index da201e06..9dbf231c 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.22-fpm-alpine3.21 +FROM php:8.3.23-fpm-alpine3.21 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From fc0d21cc49bca931ac84ee131abe428f588e965b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 4 Jul 2025 13:36:55 +0200 Subject: [PATCH 0406/1064] db-import: improve the import process by using the `smart` mode and a higher timeout Signed-off-by: Simon L. --- Containers/postgresql/start.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Containers/postgresql/start.sh b/Containers/postgresql/start.sh index dbb74196..551bb10e 100644 --- a/Containers/postgresql/start.sh +++ b/Containers/postgresql/start.sh @@ -128,7 +128,9 @@ EOSQL fi # Shut down the database to be able to start it again - pg_ctl stop -m fast + # The smart mode disallows new connections, then waits for all existing clients to disconnect and any online backup to finish + # Wait for 1800s to make sure that a checkpoint is completed successfully + pg_ctl stop -m smart -t 1800 # Change database port back to default export PGPORT=5432 From b538bc7155bd82b6aebe5f7e76a8300672164606 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 4 Jul 2025 19:31:51 +0200 Subject: [PATCH 0407/1064] restore-instance: make hint more visible that backup needs to be restored two times if the backup contained any community container data Signed-off-by: Simon L. --- php/templates/containers.twig | 4 ++-- php/tests/tests/restore-instance.spec.js | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 6d50efd4..8f917380 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -163,7 +163,7 @@ {% endif %}

    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!

    -

    Please note: If the backup that you want to restore contained any community container, but you did not specify the same community containers via environmental variable while creating this new AIO instance, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.

    +

    Important: If the backup that you want to restore contained any community container, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.

    @@ -173,7 +173,7 @@ {% endfor %}

    - +
    {% endif %} {% elseif borg_backup_mode == 'restore' %} diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js index 217218e5..c16f6700 100644 --- a/php/tests/tests/restore-instance.spec.js +++ b/php/tests/tests/restore-instance.spec.js @@ -59,6 +59,10 @@ test('Restore instance', async ({ page: setupPage }) => { // Check integrity and restore backup await containersPage.getByRole('button', { name: 'Check backup integrity' }).click(); await expect(containersPage.getByRole('main')).toContainText('Last check successful!', { timeout: 5 * 60 * 1000 }); + containersPage.once('dialog', dialog => { + console.log(`Dialog message: ${dialog.message()}`) + dialog.accept() + }); await containersPage.getByRole('button', { name: 'Restore selected backup' }).click(); await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 1 * 60 * 1000 }); From 8d59472c3846e63f458b65e0fc78f90136abedd6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Jul 2025 05:16:09 +0000 Subject: [PATCH 0408/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.3.1.1 to 25.04.3.2.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.3.2.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 5fd88186..d9086cb4 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.3.1.1 +FROM collabora/code:25.04.3.2.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 99b54546761f69b61c9d1236373afee8087c7934 Mon Sep 17 00:00:00 2001 From: Kai Biebel <38378574+seclution@users.noreply.github.com> Date: Mon, 7 Jul 2025 09:59:34 +0200 Subject: [PATCH 0409/1064] Update reverse-proxy.md Increase timeouts to prevent connection reset on uploads >100MB in clean Traefik setup Signed-off-by: Kai Biebel <38378574+seclution@users.noreply.github.com> --- reverse-proxy.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/reverse-proxy.md b/reverse-proxy.md index 84aad3d1..785e9ace 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -765,6 +765,9 @@ The examples below define the dynamic configuration in YAML files. If you rather entryPoints: https: address: ":443" # Create an entrypoint called "https" that uses port 443 + transport: + respondingTimeouts: + readTimeout: 30m # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links) # If you want to enable HTTP/3 support, uncomment the line below # http3: {} From 80d23c01d6e44e77a22704e507d8d11246994264 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Jul 2025 05:35:29 +0000 Subject: [PATCH 0410/1064] build(deps): bump redis in /Containers/redis Bumps redis from 7.2.9-alpine to 7.2.10-alpine. --- updated-dependencies: - dependency-name: redis dependency-version: 7.2.10-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/redis/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index 92f2b17c..98f3d3f0 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile -FROM redis:7.2.9-alpine +FROM redis:7.2.10-alpine COPY --chmod=775 start.sh /start.sh From c288949b432163765c7f9a8b935e95aa073880dd Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 8 Jul 2025 12:23:15 +0200 Subject: [PATCH 0411/1064] readme: add more explicit note that AIO is looking for contributors Signed-off-by: Simon L. --- readme.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/readme.md b/readme.md index 9338ea4a..81835401 100644 --- a/readme.md +++ b/readme.md @@ -1,4 +1,8 @@ # Nextcloud All-in-One + +> [!NOTE] +> Nextcloud AIO is actively looking for contributors. See [the forum post](https://help.nextcloud.com/t/nextcloud-aio-is-looking-for-contributors/205234). + The official Nextcloud installation method. Nextcloud AIO provides easy deployment and maintenance with most features included in this one Nextcloud instance. Included are: From e07a27990a5d332d4d695d324c9a90eb4fd3b4da Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 8 Jul 2025 12:28:44 +0200 Subject: [PATCH 0412/1064] update config.yml and bug-report template Signed-off-by: Simon L. --- .github/ISSUE_TEMPLATE/Bug_report.md | 6 +++--- .github/ISSUE_TEMPLATE/config.yml | 5 +---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md index 66681d2e..f5dd328f 100644 --- a/.github/ISSUE_TEMPLATE/Bug_report.md +++ b/.github/ISSUE_TEMPLATE/Bug_report.md @@ -6,9 +6,9 @@ labels: 0. Needs triage diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index bbeee846..0f14f48e 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -3,15 +3,12 @@ contact_links: - name: 📘 Documentation on Nextcloud AIO url: https://github.com/nextcloud/all-in-one#faq about: Please read the docs first before submitting any report or request! - - name: ⛑️ General questions and support + - name: ⛑️ Questions and support url: https://help.nextcloud.com/tag/aio about: For general questions, support and help - name: 💡 Suggest a new feature or discuss one url: https://github.com/nextcloud/all-in-one/discussions/categories/ideas about: For new feature requests and discussion of existing ones - - name: ❓ Questions about Nextcloud AIO - url: https://github.com/nextcloud/all-in-one/discussions/categories/questions - about: For questions specifically about AIO - name: 💼 Nextcloud Enterprise url: https://portal.nextcloud.com/ about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly From 61ed785c7201e96a25a2ab8c498c1973c6a82f23 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 8 Jul 2025 12:31:03 +0200 Subject: [PATCH 0413/1064] fix detail Signed-off-by: Simon L. --- .github/ISSUE_TEMPLATE/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 0f14f48e..72ae238a 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -5,7 +5,7 @@ contact_links: about: Please read the docs first before submitting any report or request! - name: ⛑️ Questions and support url: https://help.nextcloud.com/tag/aio - about: For general questions, support and help + about: For questions, support and help - name: 💡 Suggest a new feature or discuss one url: https://github.com/nextcloud/all-in-one/discussions/categories/ideas about: For new feature requests and discussion of existing ones From 7961dc2fc50ec67e8ddbeeb59dc622e623554014 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 8 Jul 2025 12:03:32 +0000 Subject: [PATCH 0414/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 73b56a53..825ff024 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -4504,16 +4504,16 @@ }, { "name": "vimeo/psalm", - "version": "6.12.0", + "version": "6.12.1", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "cf420941d061a57050b6c468ef2c778faf40aee2" + "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf420941d061a57050b6c468ef2c778faf40aee2", - "reference": "cf420941d061a57050b6c468ef2c778faf40aee2", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/e71404b0465be25cf7f8a631b298c01c5ddd864f", + "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f", "shasum": "" }, "require": { @@ -4618,7 +4618,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2025-05-28T12:52:06+00:00" + "time": "2025-07-04T09:56:28+00:00" }, { "name": "wapmorgan/php-deprecation-detector", From aeb133e86ca7e707d3e428fd9976deb8dcdb60bd Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 8 Jul 2025 15:53:30 +0200 Subject: [PATCH 0415/1064] CreateContainer: Also add `diun.enable: false` to all managed containers Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index b3560968..206bc904 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -585,7 +585,8 @@ readonly class DockerActionManager { } // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature. - $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "org.label-schema.vendor" => "Nextcloud"]; + // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels + $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud"]; // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589 $requestBody['Hostname'] = $container->GetIdentifier(); From 3270767272bf79707eb3d3dd2eea1d058262f081 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Jul 2025 04:44:55 +0000 Subject: [PATCH 0416/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.24.4-alpine3.21 to 1.24.5-alpine3.21. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.5-alpine3.21 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 08cabd2c..55e2a64a 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.4-alpine3.21 AS go +FROM golang:1.24.5-alpine3.21 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From 1c41122d393c15020ff8713fe47c0c937d697182 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 9 Jul 2025 16:11:28 +0200 Subject: [PATCH 0417/1064] Bug-report-template: add link to existing feature requests Signed-off-by: Simon L. --- .github/ISSUE_TEMPLATE/Bug_report.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md index f5dd328f..691221d7 100644 --- a/.github/ISSUE_TEMPLATE/Bug_report.md +++ b/.github/ISSUE_TEMPLATE/Bug_report.md @@ -9,6 +9,7 @@ labels: 0. Needs triage - Additional documentation is available here: https://github.com/nextcloud/all-in-one/discussions/categories/wiki - You should also read through existing questions and their answer here: https://github.com/nextcloud/all-in-one/discussions/categories/questions - Additional threads can be found here: https://help.nextcloud.com/tag/aio +- Existing feature requests are listed here: https://github.com/nextcloud/all-in-one/discussions/categories/ideas ---> From 0bab98fdec083a5aad0581885d425f805722fae6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Jul 2025 04:34:58 +0000 Subject: [PATCH 0418/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.2.2-alpine to 3.2.3-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.2.3-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index bcc7ac71..b14d553b 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.2.2-alpine +FROM haproxy:3.2.3-alpine # hadolint ignore=DL3002 USER root From a328f56fd08498d57f1668c2dd88d85cfbf6f00e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 10 Jul 2025 10:39:43 +0200 Subject: [PATCH 0419/1064] mastercontainer: add mountpoint check for `/var/www/docker-aio/php/containers.json` Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 9b948776..adb91c39 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -43,6 +43,11 @@ elif ! mountpoint -q "/mnt/docker-aio-config"; then echo "Please make sure to mount the nextcloud_aio_mastercontainer docker volume into /mnt/docker-aio-config inside the container!" echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale" exit 1 +elif mountpoint -q /var/www/docker-aio/php/containers.json; then + print_red "/var/www/docker-aio/php/containers.json is a mountpoint. Cannot proceed!" + echo "This is a not-supported customization of the mastercontainer!" + echo "Please remove this bind-mount from the mastercontainer." + exit 1 elif ! sudo -u www-data test -r /var/run/docker.sock; then echo "Trying to fix docker.sock permissions internally..." DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock) From 1e868d4e5460ace4011a378156b9fcff7e4ef747 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 10 Jul 2025 08:49:09 +0000 Subject: [PATCH 0420/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 9b9ef61e..1fd66dc9 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.2.1 +version: 11.3.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 5751c7bf..65bcef36 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-apache:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 6d2678f8..b40b4fd9 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-clamav:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index ce2417e4..a58cc9a5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-collabora:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 450868ed..ee6fe5d3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 53180a99..49bf6fc6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index a452962e..6d35fd39 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 688ac9b4..af427008 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 command: - chmod - "777" @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250710_082355 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 480e046f..6c2f653b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 0b79be44..2ece813f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 4120a5f5..b461b489 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-redis:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 4424d662..c55f6ee2 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-talk:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index e121f2e6..290d6436 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250710_082355 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index e3734f10..7cf1b406 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250701_092737 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250710_082355 readinessProbe: exec: command: From 22d27028d161466b063e9bc8453c2adc98368d0c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 10 Jul 2025 10:51:10 +0200 Subject: [PATCH 0421/1064] fix detail Signed-off-by: Simon L. --- php/templates/includes/optional-containers.twig | 2 -- 1 file changed, 2 deletions(-) diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 5f5b2d97..572af5f1 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -98,7 +98,6 @@ >

    - {% if is_onlyoffice_enabled == true %}

    - {% endif %}

    Date: Thu, 10 Jul 2025 10:51:28 +0200 Subject: [PATCH 0422/1064] update OO Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index 97587907..f23327cd 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:8.3.3.1 +FROM onlyoffice/documentserver:9.0.3.1 # USER root is probably used From 78ec604a4b05c22bb39a2289636702e2b6d0b71a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 10 Jul 2025 11:26:09 +0200 Subject: [PATCH 0423/1064] increase to 11.4.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 8f917380..a7689126 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@

    -

    Nextcloud AIO v11.3.0

    +

    Nextcloud AIO v11.4.0

    {# Add 2nd tab warning #} From 6ddcd3b1167473da1509ada3786651a68cce0357 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 10 Jul 2025 11:47:59 +0000 Subject: [PATCH 0424/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 9dbf231c..915f7239 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=31.0.6 +ENV NEXTCLOUD_VERSION=31.0.7 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 382108c971c64a971465f792fd98c675aca81f66 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 10 Jul 2025 12:03:56 +0000 Subject: [PATCH 0425/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 04ac9193..9d62923c 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -253,7 +253,7 @@ services: - "9980" environment: - aliasgroup1=https://${NC_DOMAIN}:443 - - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ + - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - dictionaries=${COLLABORA_DICTIONARIES} - TZ=${TIMEZONE} - server_name=${NC_DOMAIN} From 754ab219a86a172d642e23baeb022f69b32829b6 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 10 Jul 2025 15:56:42 +0200 Subject: [PATCH 0426/1064] add advice to `/var/www/docker-aio/php/containers.json` mountpoint warning Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index adb91c39..46a0eef0 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -47,6 +47,8 @@ elif mountpoint -q /var/www/docker-aio/php/containers.json; then print_red "/var/www/docker-aio/php/containers.json is a mountpoint. Cannot proceed!" echo "This is a not-supported customization of the mastercontainer!" echo "Please remove this bind-mount from the mastercontainer." + echo "If you need to customize things, feel free to use https://github.com/nextcloud/all-in-one/tree/main/manual-install" + echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml" exit 1 elif ! sudo -u www-data test -r /var/run/docker.sock; then echo "Trying to fix docker.sock permissions internally..." From 34e82410cf9dccfb74ac4644ef4b1cf8147bd85a Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Fri, 11 Jul 2025 04:20:57 +0000 Subject: [PATCH 0427/1064] Update psalm baseline Signed-off-by: GitHub --- php/psalm-baseline.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index c2056b48..a954c812 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,5 +1,5 @@ - + From 0350b9528f1c6e0cda83c919674a331088d7bc18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 11 Jul 2025 05:16:11 +0000 Subject: [PATCH 0428/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.18.2 to 8.18.3. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.18.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index ae7eee63..1d1ca4b6 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.18.2 +FROM elasticsearch:8.18.3 USER root From a28f1b9c13d785e77d8f09ee8c96d8f0760a8118 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 11 Jul 2025 16:14:58 +0200 Subject: [PATCH 0429/1064] mastercontainer: add check for http proxy variables Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index adb91c39..b356f1c0 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -37,6 +37,7 @@ if ! [ -a "/var/run/docker.sock" ]; then print_red "Docker socket is not available. Cannot continue." echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!" echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install." + echo "And https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml" exit 1 elif ! mountpoint -q "/mnt/docker-aio-config"; then print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!" @@ -274,6 +275,7 @@ if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then echo "Most likely is something blocking access to it." echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html" echo "Another solution is using https://github.com/nextcloud/all-in-one/tree/main/manual-install" + echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml" exit 1 fi @@ -284,6 +286,13 @@ if [ -n "$TZ" ]; then # Disable exit since it seems to be by default set on unraid and we dont want to break these instances # exit 1 fi +# Check that http proxy or no_proxy variable is not set which AIO does not support +if [ -n "$HTTP_PROXY" ] || [ -n "$http_proxy" ] || [ -n "$HTTPS_PROXY" ] || [ -n "$https_proxy" ] || [ -n "$NO_PROXY" ] || [ -n "$no_proxy" ]; then + print_red "The environmental variable HTTP_PROXY, http_proxy, HTTPS_PROXY, https_proxy, NO_PROXY or no_proxy has been set which is not supported by AIO." + echo "If you need this, then you should use https://github.com/nextcloud/all-in-one/tree/main/manual-install" + echo "See https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml" + exit 1 +fi if mountpoint -q /etc/localtime; then print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!" echo "The correct timezone can be set in the AIO interface later on!" From e6e93701c310d6826b00435e1ad3fac6d1715328 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Jul 2025 06:14:44 +0000 Subject: [PATCH 0430/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.3.1-cli to 28.3.2-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.3.2-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 663b7a30..685d92d5 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.3.1-cli AS docker +FROM docker:28.3.2-cli AS docker # Caddy is a requirement FROM caddy:2.10.0-alpine AS caddy From ccb06b3525a4ce1d0b94f706873e50e3f9690c83 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 14 Jul 2025 12:03:40 +0000 Subject: [PATCH 0431/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 825ff024..98146e2f 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -3563,16 +3563,16 @@ }, { "name": "phpstan/phpdoc-parser", - "version": "2.1.0", + "version": "2.2.0", "source": { "type": "git", "url": "https://github.com/phpstan/phpdoc-parser.git", - "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68" + "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/9b30d6fd026b2c132b3985ce6b23bec09ab3aa68", - "reference": "9b30d6fd026b2c132b3985ce6b23bec09ab3aa68", + "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/b9e61a61e39e02dd90944e9115241c7f7e76bfd8", + "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8", "shasum": "" }, "require": { @@ -3604,9 +3604,9 @@ "description": "PHPDoc parser with support for nullable, intersection and generic types", "support": { "issues": "https://github.com/phpstan/phpdoc-parser/issues", - "source": "https://github.com/phpstan/phpdoc-parser/tree/2.1.0" + "source": "https://github.com/phpstan/phpdoc-parser/tree/2.2.0" }, - "time": "2025-02-19T13:28:12+00:00" + "time": "2025-07-13T07:04:09+00:00" }, { "name": "revolt/event-loop", @@ -4504,16 +4504,16 @@ }, { "name": "vimeo/psalm", - "version": "6.12.1", + "version": "6.13.0", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f" + "reference": "70cdf647255a1362b426bb0f522a85817b8c791c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/e71404b0465be25cf7f8a631b298c01c5ddd864f", - "reference": "e71404b0465be25cf7f8a631b298c01c5ddd864f", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/70cdf647255a1362b426bb0f522a85817b8c791c", + "reference": "70cdf647255a1362b426bb0f522a85817b8c791c", "shasum": "" }, "require": { @@ -4618,7 +4618,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2025-07-04T09:56:28+00:00" + "time": "2025-07-14T09:59:17+00:00" }, { "name": "wapmorgan/php-deprecation-detector", From e6ac9ad4f8b6cae1bfeddee2bccd8714574a31f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 04:51:48 +0000 Subject: [PATCH 0432/1064] build(deps): bump alpine from 3.21.3 to 3.22.1 in /Containers/alpine Bumps alpine from 3.21.3 to 3.22.1. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/alpine/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile index 8d180272..429485b3 100644 --- a/Containers/alpine/Dockerfile +++ b/Containers/alpine/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21.3 +FROM alpine:3.22.1 RUN set -ex; \ apk upgrade --no-cache -a From 74ce18856fd3a5bc6eb8d43b29a12acbce3355dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 04:51:54 +0000 Subject: [PATCH 0433/1064] build(deps): bump alpine from 3.21.3 to 3.22.1 in /Containers/borgbackup Bumps alpine from 3.21.3 to 3.22.1. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/borgbackup/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile index 70d2ea11..74d87f45 100644 --- a/Containers/borgbackup/Dockerfile +++ b/Containers/borgbackup/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21.3 +FROM alpine:3.22.1 RUN set -ex; \ \ From 3b3dc1dcce1a210f8b50356b71cd4deb555a9c86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 04:51:57 +0000 Subject: [PATCH 0434/1064] build(deps): bump alpine from 3.21.3 to 3.22.1 in /Containers/clamav Bumps alpine from 3.21.3 to 3.22.1. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 2b7bd30b..d00e34a7 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21.3 +FROM alpine:3.22.1 RUN set -ex; \ apk upgrade --no-cache -a; \ From cc8414250f7665c0780d842827e3d194a7354c82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 04:52:03 +0000 Subject: [PATCH 0435/1064] build(deps): bump alpine in /Containers/domaincheck Bumps alpine from 3.21.3 to 3.22.1. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/domaincheck/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile index 9b248e39..99ae1184 100644 --- a/Containers/domaincheck/Dockerfile +++ b/Containers/domaincheck/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21.3 +FROM alpine:3.22.1 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache bash lighttpd netcat-openbsd; \ From 93d3e9e601a7694e10f9c90755c6afc23716cfd3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 04:52:07 +0000 Subject: [PATCH 0436/1064] build(deps): bump alpine from 3.21.3 to 3.22.1 in /Containers/imaginary Bumps alpine from 3.21.3 to 3.22.1. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 55e2a64a..4fd508e5 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -14,7 +14,7 @@ RUN set -ex; \ build-base; \ go install github.com/h2non/imaginary@"$IMAGINARY_HASH"; -FROM alpine:3.21.3 +FROM alpine:3.22.1 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ From 235f190020b9255c971422ac79026971f84a7d20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 04:52:39 +0000 Subject: [PATCH 0437/1064] build(deps): bump alpine in /Containers/notify-push Bumps alpine from 3.21.3 to 3.22.1. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/notify-push/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile index 18cbc0c4..8138582d 100644 --- a/Containers/notify-push/Dockerfile +++ b/Containers/notify-push/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.21.3 +FROM alpine:3.22.1 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 7da05ca65bb0691f103be5a2118b47d3f99334c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 04:52:47 +0000 Subject: [PATCH 0438/1064] build(deps): bump alpine from 3.21.3 to 3.22.1 in /Containers/talk Bumps alpine from 3.21.3 to 3.22.1. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 67bb7e61..00560697 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -2,7 +2,7 @@ FROM nats:2.11.6-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling -FROM alpine:3.21.3 AS janus +FROM alpine:3.22.1 AS janus ARG JANUS_VERSION=v1.3.1 WORKDIR /src @@ -35,7 +35,7 @@ RUN set -ex; \ make configs; \ rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample -FROM alpine:3.21.3 +FROM alpine:3.22.1 ENV ETURNAL_ETC_DIR="/conf" ENV SKIP_CERT_VERIFY=false COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local From 2973eb7fc822732cf3738c3d83063580404c3935 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 04:53:03 +0000 Subject: [PATCH 0439/1064] build(deps): bump alpine from 3.21.3 to 3.22.1 in /Containers/watchtower Bumps alpine from 3.21.3 to 3.22.1. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 76cfd60f..63ac8163 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower -FROM alpine:3.21.3 +FROM alpine:3.22.1 RUN set -ex; \ apk upgrade --no-cache -a; \ From 6463a2b04f63591993d0731f3c39a17a213b2e4a Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 17 Jul 2025 09:23:52 +0000 Subject: [PATCH 0440/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 20 insertions(+), 20 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 1fd66dc9..7bf3cdaa 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.3.0 +version: 11.4.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 65bcef36..1d60880b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-apache:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index b40b4fd9..df4d25d5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-clamav:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index a58cc9a5..ffb12a71 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -32,10 +32,10 @@ spec: - name: dictionaries value: "{{ .Values.COLLABORA_DICTIONARIES }}" - name: extra_params - value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ + value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-collabora:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index ee6fe5d3..2fd6db2d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 49bf6fc6..8a46606f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 6d35fd39..8877f8c4 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index af427008..bbb343e5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 command: - chmod - "777" @@ -182,7 +182,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250717_090710 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 6c2f653b..b1d771a1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 2ece813f..3ff8701a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index b461b489..334b1a5d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-redis:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index c55f6ee2..efb9dab4 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-talk:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 290d6436..c4d09e8f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250717_090710 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 7cf1b406..6d1f7d10 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250710_082355 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250717_090710 readinessProbe: exec: command: From b2a839a209a27c95b68125433c0021fc3d511f46 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 17 Jul 2025 11:57:35 +0200 Subject: [PATCH 0441/1064] update remaining images and docs to alpine v3.22 Signed-off-by: Simon L. --- Containers/apache/Dockerfile | 2 +- Containers/imaginary/Dockerfile | 4 ++-- Containers/mastercontainer/Dockerfile | 4 ++-- Containers/nextcloud/Dockerfile | 2 +- Containers/postgresql/Dockerfile | 2 +- Containers/talk-recording/Dockerfile | 2 +- readme.md | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index 615aeca4..bf342dca 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -2,7 +2,7 @@ FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile -FROM httpd:2.4.63-alpine3.21 +FROM httpd:2.4.63-alpine3.22 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 4fd508e5..ddbbe6d1 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.5-alpine3.21 AS go +FROM golang:1.24.5-alpine3.22 AS go -ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 +ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 RUN set -ex; \ apk upgrade --no-cache -a; \ diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 685d92d5..852ea63d 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -5,8 +5,8 @@ FROM docker:28.3.2-cli AS docker # Caddy is a requirement FROM caddy:2.10.0-alpine AS caddy -# From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile -FROM php:8.4.10-fpm-alpine3.21 +# From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile +FROM php:8.4.10-fpm-alpine3.22 ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git" ARG AIO_GIT_BRANCH="main" diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 915f7239..10f3057d 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.23-fpm-alpine3.21 +FROM php:8.3.23-fpm-alpine3.22 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index 36394b05..b29739d7 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -# From https://github.com/docker-library/postgres/blob/master/17/alpine3.21/Dockerfile +# From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile FROM postgres:17.5-alpine COPY --chmod=775 start.sh /start.sh diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index 634a5de3..ea3f77f8 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.13.5-alpine3.21 +FROM python:3.13.5-alpine3.22 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh diff --git a/readme.md b/readme.md index 81835401..9dc1aab5 100644 --- a/readme.md +++ b/readme.md @@ -449,7 +449,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st ### How to add OS packages permanently to the Nextcloud container? Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. -You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well. +You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.22. By default `imagemagick` is added. If you want to keep it, you need to specify it as well. ### How to add PHP extensions permanently to the Nextcloud container? Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. From e1408dc76ebb5d52a856a52b9c317bfef7b37af1 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 17 Jul 2025 13:57:18 +0200 Subject: [PATCH 0442/1064] adjust the naming of variables Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 70e44984..1575fac1 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -835,7 +835,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then php /var/www/html/occ app:update files_fulltextsearch fi php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}' - php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXT_PORT\",\"elastic_index\":\"$FULLTEXT_INDEX\"}" + php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}" php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}" # Do the index From 64539d5b5cd8da8f43136fc3b268780f04ac451f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 17 Jul 2025 12:03:42 +0000 Subject: [PATCH 0443/1064] imaginary-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index ddbbe6d1..e53f1b02 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM golang:1.24.5-alpine3.22 AS go -ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 +ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 RUN set -ex; \ apk upgrade --no-cache -a; \ From 2792994cc48142b3b6b371b60abb49209675a2ee Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 17 Jul 2025 12:04:56 +0000 Subject: [PATCH 0444/1064] talk-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 00560697..e34d9c1d 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling FROM alpine:3.22.1 AS janus -ARG JANUS_VERSION=v1.3.1 +ARG JANUS_VERSION=v1.3.2 WORKDIR /src RUN set -ex; \ apk upgrade --no-cache -a; \ From f5023ed88dd5e18c4de7e64d3c2c646c5b34ac18 Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Thu, 19 Jun 2025 18:12:36 -0700 Subject: [PATCH 0445/1064] Factor out getPlaceholderValue from CreateContainer Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/src/Docker/DockerActionManager.php | 317 +++++++++++++------------ 1 file changed, 160 insertions(+), 157 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 206bc904..e3c7456f 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -253,163 +253,7 @@ readonly class DockerActionManager { if (preg_match($patterns[0], $env, $out) === 1) { $replacements = array(); - - if ($out[1] === 'NC_DOMAIN') { - $replacements[1] = $this->configurationManager->GetDomain(); - } elseif ($out[1] === 'NC_BASE_DN') { - $replacements[1] = $this->configurationManager->GetBaseDN(); - } elseif ($out[1] === 'AIO_TOKEN') { - $replacements[1] = $this->configurationManager->GetToken(); - } elseif ($out[1] === 'BORGBACKUP_REMOTE_REPO') { - $replacements[1] = $this->configurationManager->GetBorgRemoteRepo(); - } elseif ($out[1] === 'BORGBACKUP_MODE') { - $replacements[1] = $this->configurationManager->GetBackupMode(); - } elseif ($out[1] === 'AIO_URL') { - $replacements[1] = $this->configurationManager->GetAIOURL(); - } elseif ($out[1] === 'SELECTED_RESTORE_TIME') { - $replacements[1] = $this->configurationManager->GetSelectedRestoreTime(); - } elseif ($out[1] === 'RESTORE_EXCLUDE_PREVIEWS') { - $replacements[1] = $this->configurationManager->GetRestoreExcludePreviews(); - } elseif ($out[1] === 'APACHE_PORT') { - $replacements[1] = $this->configurationManager->GetApachePort(); - } elseif ($out[1] === 'TALK_PORT') { - $replacements[1] = $this->configurationManager->GetTalkPort(); - } elseif ($out[1] === 'NEXTCLOUD_MOUNT') { - $replacements[1] = $this->configurationManager->GetNextcloudMount(); - } elseif ($out[1] === 'BACKUP_RESTORE_PASSWORD') { - $replacements[1] = $this->configurationManager->GetBorgRestorePassword(); - } elseif ($out[1] === 'CLAMAV_ENABLED') { - if ($this->configurationManager->isClamavEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'TALK_RECORDING_ENABLED') { - if ($this->configurationManager->isTalkRecordingEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'ONLYOFFICE_ENABLED') { - if ($this->configurationManager->isOnlyofficeEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'COLLABORA_ENABLED') { - if ($this->configurationManager->isCollaboraEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'TALK_ENABLED') { - if ($this->configurationManager->isTalkEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'UPDATE_NEXTCLOUD_APPS') { - if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'TIMEZONE') { - if ($this->configurationManager->GetTimezone() === '') { - $replacements[1] = 'Etc/UTC'; - } else { - $replacements[1] = $this->configurationManager->GetTimezone(); - } - } elseif ($out[1] === 'COLLABORA_DICTIONARIES') { - if ($this->configurationManager->GetCollaboraDictionaries() === '') { - $replacements[1] = 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru'; - } else { - $replacements[1] = $this->configurationManager->GetCollaboraDictionaries(); - } - } elseif ($out[1] === 'IMAGINARY_ENABLED') { - if ($this->configurationManager->isImaginaryEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'FULLTEXTSEARCH_ENABLED') { - if ($this->configurationManager->isFulltextsearchEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'DOCKER_SOCKET_PROXY_ENABLED') { - if ($this->configurationManager->isDockerSocketProxyEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'NEXTCLOUD_UPLOAD_LIMIT') { - $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit(); - } elseif ($out[1] === 'NEXTCLOUD_MEMORY_LIMIT') { - $replacements[1] = $this->configurationManager->GetNextcloudMemoryLimit(); - } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') { - $replacements[1] = $this->configurationManager->GetNextcloudMaxTime(); - } elseif ($out[1] === 'BORG_RETENTION_POLICY') { - $replacements[1] = $this->configurationManager->GetBorgRetentionPolicy(); - } elseif ($out[1] === 'FULLTEXTSEARCH_JAVA_OPTIONS') { - $replacements[1] = $this->configurationManager->GetFulltextsearchJavaOptions(); - } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') { - $replacements[1] = $this->configurationManager->GetTrustedCacertsDir(); - } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') { - if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'BORGBACKUP_HOST_LOCATION') { - $replacements[1] = $this->configurationManager->GetBorgBackupHostLocation(); - } elseif ($out[1] === 'APACHE_MAX_SIZE') { - $replacements[1] = $this->configurationManager->GetApacheMaxSize(); - } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') { - $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy(); - } elseif ($out[1] === 'NEXTCLOUD_STARTUP_APPS') { - $replacements[1] = $this->configurationManager->GetNextcloudStartupApps(); - } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_APKS') { - $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks(); - } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') { - $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions(); - } elseif ($out[1] === 'INSTALL_LATEST_MAJOR') { - if ($this->configurationManager->shouldLatestMajorGetInstalled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } elseif ($out[1] === 'REMOVE_DISABLED_APPS') { - if ($this->configurationManager->shouldDisabledAppsGetRemoved()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) - } elseif ($out[1] === 'AIO_DATABASE_HOST') { - $replacements[1] = gethostbyname('nextcloud-aio-database'); - // Allow to get local ip-address of caddy container and add it to trusted proxies automatically - } elseif ($out[1] === 'CADDY_IP_ADDRESS') { - $replacements[1] = ''; - $communityContainers = $this->configurationManager->GetEnabledCommunityContainers(); - if (in_array('caddy', $communityContainers, true)) { - $replacements[1] = gethostbyname('nextcloud-aio-caddy'); - } - } elseif ($out[1] === 'WHITEBOARD_ENABLED') { - if ($this->configurationManager->isWhiteboardEnabled()) { - $replacements[1] = 'yes'; - } else { - $replacements[1] = ''; - } - } else { - $secret = $this->configurationManager->GetSecret($out[1]); - if ($secret === "") { - throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json."); - } - $replacements[1] = $secret; - } - + $replacements[1] = $this->getPlaceholderValue($out[1]); $envs[$key] = preg_replace($patterns, $replacements, $env); } } @@ -644,6 +488,165 @@ readonly class DockerActionManager { } } + private function getPlaceholderValue($placeholder) { + if ($placeholder === 'NC_DOMAIN') { + return $this->configurationManager->GetDomain(); + } elseif ($placeholder === 'NC_BASE_DN') { + return $this->configurationManager->GetBaseDN(); + } elseif ($placeholder === 'AIO_TOKEN') { + return $this->configurationManager->GetToken(); + } elseif ($placeholder === 'BORGBACKUP_REMOTE_REPO') { + return $this->configurationManager->GetBorgRemoteRepo(); + } elseif ($placeholder === 'BORGBACKUP_MODE') { + return $this->configurationManager->GetBackupMode(); + } elseif ($placeholder === 'AIO_URL') { + return $this->configurationManager->GetAIOURL(); + } elseif ($placeholder === 'SELECTED_RESTORE_TIME') { + return $this->configurationManager->GetSelectedRestoreTime(); + } elseif ($placeholder === 'RESTORE_EXCLUDE_PREVIEWS') { + return $this->configurationManager->GetRestoreExcludePreviews(); + } elseif ($placeholder === 'APACHE_PORT') { + return $this->configurationManager->GetApachePort(); + } elseif ($placeholder === 'TALK_PORT') { + return $this->configurationManager->GetTalkPort(); + } elseif ($placeholder === 'NEXTCLOUD_MOUNT') { + return $this->configurationManager->GetNextcloudMount(); + } elseif ($placeholder === 'BACKUP_RESTORE_PASSWORD') { + return $this->configurationManager->GetBorgRestorePassword(); + } elseif ($placeholder === 'CLAMAV_ENABLED') { + if ($this->configurationManager->isClamavEnabled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'TALK_RECORDING_ENABLED') { + if ($this->configurationManager->isTalkRecordingEnabled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'ONLYOFFICE_ENABLED') { + if ($this->configurationManager->isOnlyofficeEnabled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'COLLABORA_ENABLED') { + if ($this->configurationManager->isCollaboraEnabled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'TALK_ENABLED') { + if ($this->configurationManager->isTalkEnabled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'UPDATE_NEXTCLOUD_APPS') { + if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'TIMEZONE') { + if ($this->configurationManager->GetTimezone() === '') { + return 'Etc/UTC'; + } else { + return $this->configurationManager->GetTimezone(); + } + } elseif ($placeholder === 'COLLABORA_DICTIONARIES') { + if ($this->configurationManager->GetCollaboraDictionaries() === '') { + return 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru'; + } else { + return $this->configurationManager->GetCollaboraDictionaries(); + } + } elseif ($placeholder === 'IMAGINARY_ENABLED') { + if ($this->configurationManager->isImaginaryEnabled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'FULLTEXTSEARCH_ENABLED') { + if ($this->configurationManager->isFulltextsearchEnabled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'DOCKER_SOCKET_PROXY_ENABLED') { + if ($this->configurationManager->isDockerSocketProxyEnabled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'NEXTCLOUD_UPLOAD_LIMIT') { + return $this->configurationManager->GetNextcloudUploadLimit(); + } elseif ($placeholder === 'NEXTCLOUD_MEMORY_LIMIT') { + return $this->configurationManager->GetNextcloudMemoryLimit(); + } elseif ($placeholder === 'NEXTCLOUD_MAX_TIME') { + return $this->configurationManager->GetNextcloudMaxTime(); + } elseif ($placeholder === 'BORG_RETENTION_POLICY') { + return $this->configurationManager->GetBorgRetentionPolicy(); + } elseif ($placeholder === 'FULLTEXTSEARCH_JAVA_OPTIONS') { + return $this->configurationManager->GetFulltextsearchJavaOptions(); + } elseif ($placeholder === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') { + return $this->configurationManager->GetTrustedCacertsDir(); + } elseif ($placeholder === 'ADDITIONAL_DIRECTORIES_BACKUP') { + if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'BORGBACKUP_HOST_LOCATION') { + return $this->configurationManager->GetBorgBackupHostLocation(); + } elseif ($placeholder === 'APACHE_MAX_SIZE') { + return $this->configurationManager->GetApacheMaxSize(); + } elseif ($placeholder === 'COLLABORA_SECCOMP_POLICY') { + return $this->configurationManager->GetCollaboraSeccompPolicy(); + } elseif ($placeholder === 'NEXTCLOUD_STARTUP_APPS') { + return $this->configurationManager->GetNextcloudStartupApps(); + } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_APKS') { + return $this->configurationManager->GetNextcloudAdditionalApks(); + } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') { + return $this->configurationManager->GetNextcloudAdditionalPhpExtensions(); + } elseif ($placeholder === 'INSTALL_LATEST_MAJOR') { + if ($this->configurationManager->shouldLatestMajorGetInstalled()) { + return 'yes'; + } else { + return ''; + } + } elseif ($placeholder === 'REMOVE_DISABLED_APPS') { + if ($this->configurationManager->shouldDisabledAppsGetRemoved()) { + return 'yes'; + } else { + return ''; + } + // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) + } elseif ($placeholder === 'AIO_DATABASE_HOST') { + return gethostbyname('nextcloud-aio-database'); + // Allow to get local ip-address of caddy container and add it to trusted proxies automatically + } elseif ($placeholder === 'CADDY_IP_ADDRESS') { + $communityContainers = $this->configurationManager->GetEnabledCommunityContainers(); + if (in_array('caddy', $communityContainers, true)) { + return gethostbyname('nextcloud-aio-caddy'); + } else { + return ''; + } + } elseif ($placeholder === 'WHITEBOARD_ENABLED') { + if ($this->configurationManager->isWhiteboardEnabled()) { + return 'yes'; + } else { + return ''; + } + } else { + $secret = $this->configurationManager->GetSecret($placeholder); + if ($secret === "") { + throw new \Exception("The secret " . $placeholder . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json."); + } + return $secret; + } + } + private function isContainerUpdateAvailable(string $id): string { $container = $this->containerDefinitionFetcher->GetContainerById($id); From 026707240f37568a614091f1d5d17f3822b48904 Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Thu, 19 Jun 2025 18:14:31 -0700 Subject: [PATCH 0446/1064] Support multiple placeholders in ENV values in containers.json Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/src/Docker/DockerActionManager.php | 41 ++++++++++++++++---------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index e3c7456f..b43e7a8c 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -240,22 +240,7 @@ readonly class DockerActionManager { $envs[] = $this->GetAllNextcloudExecCommands(); } foreach ($envs as $key => $env) { - // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs - if (str_starts_with($env, 'extra_params=')) { - $env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env); - $env = str_replace('%NC_DOMAIN%', $this->configurationManager->GetDomain(), $env); - $envs[$key] = $env; - continue; - } - - // Original implementation - $patterns = ['/%(.*)%/']; - - if (preg_match($patterns[0], $env, $out) === 1) { - $replacements = array(); - $replacements[1] = $this->getPlaceholderValue($out[1]); - $envs[$key] = preg_replace($patterns, $replacements, $env); - } + $envs[$key] = $this->replaceEnvPlaceholders($env); } if (count($envs) > 0) { @@ -488,6 +473,30 @@ readonly class DockerActionManager { } } + // Replaces placeholders in $envValue with their values. + // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000" + private function replaceEnvPlaceholders($envValue) { + // $pattern breaks down as: + // % - matches a literal percent sign + // ([^%]+) - capture group that matches one or more characters that are NOT percent signs + // % - matches the closing percent sign + // + // Assumes literal percent signs are always matched and there is no + // escaping. + $pattern = '/%([^%]+)%/'; + $matchCount = preg_match_all($pattern, $envValue, $matches); + if ($matchCount > 0) { + $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...] + $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...] + $placeholderToPattern = fn($placeholder) => '/' . $placeholder . '/'; + $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...] + $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"] + $result = preg_replace($placeholderPatterns, $placeholderValues, $envValue); + return $result; + } + return $envValue; + } + private function getPlaceholderValue($placeholder) { if ($placeholder === 'NC_DOMAIN') { return $this->configurationManager->GetDomain(); From d374fd2c1c9788205e2d6b1635b9daa683e1f7b1 Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Thu, 19 Jun 2025 17:49:42 -0700 Subject: [PATCH 0447/1064] Refactor getPlaceholderValue to use `match` Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/src/Docker/DockerActionManager.php | 204 +++++++------------------ 1 file changed, 51 insertions(+), 153 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index b43e7a8c..35da8663 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -498,162 +498,60 @@ readonly class DockerActionManager { } private function getPlaceholderValue($placeholder) { - if ($placeholder === 'NC_DOMAIN') { - return $this->configurationManager->GetDomain(); - } elseif ($placeholder === 'NC_BASE_DN') { - return $this->configurationManager->GetBaseDN(); - } elseif ($placeholder === 'AIO_TOKEN') { - return $this->configurationManager->GetToken(); - } elseif ($placeholder === 'BORGBACKUP_REMOTE_REPO') { - return $this->configurationManager->GetBorgRemoteRepo(); - } elseif ($placeholder === 'BORGBACKUP_MODE') { - return $this->configurationManager->GetBackupMode(); - } elseif ($placeholder === 'AIO_URL') { - return $this->configurationManager->GetAIOURL(); - } elseif ($placeholder === 'SELECTED_RESTORE_TIME') { - return $this->configurationManager->GetSelectedRestoreTime(); - } elseif ($placeholder === 'RESTORE_EXCLUDE_PREVIEWS') { - return $this->configurationManager->GetRestoreExcludePreviews(); - } elseif ($placeholder === 'APACHE_PORT') { - return $this->configurationManager->GetApachePort(); - } elseif ($placeholder === 'TALK_PORT') { - return $this->configurationManager->GetTalkPort(); - } elseif ($placeholder === 'NEXTCLOUD_MOUNT') { - return $this->configurationManager->GetNextcloudMount(); - } elseif ($placeholder === 'BACKUP_RESTORE_PASSWORD') { - return $this->configurationManager->GetBorgRestorePassword(); - } elseif ($placeholder === 'CLAMAV_ENABLED') { - if ($this->configurationManager->isClamavEnabled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'TALK_RECORDING_ENABLED') { - if ($this->configurationManager->isTalkRecordingEnabled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'ONLYOFFICE_ENABLED') { - if ($this->configurationManager->isOnlyofficeEnabled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'COLLABORA_ENABLED') { - if ($this->configurationManager->isCollaboraEnabled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'TALK_ENABLED') { - if ($this->configurationManager->isTalkEnabled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'UPDATE_NEXTCLOUD_APPS') { - if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'TIMEZONE') { - if ($this->configurationManager->GetTimezone() === '') { - return 'Etc/UTC'; - } else { - return $this->configurationManager->GetTimezone(); - } - } elseif ($placeholder === 'COLLABORA_DICTIONARIES') { - if ($this->configurationManager->GetCollaboraDictionaries() === '') { - return 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru'; - } else { - return $this->configurationManager->GetCollaboraDictionaries(); - } - } elseif ($placeholder === 'IMAGINARY_ENABLED') { - if ($this->configurationManager->isImaginaryEnabled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'FULLTEXTSEARCH_ENABLED') { - if ($this->configurationManager->isFulltextsearchEnabled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'DOCKER_SOCKET_PROXY_ENABLED') { - if ($this->configurationManager->isDockerSocketProxyEnabled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'NEXTCLOUD_UPLOAD_LIMIT') { - return $this->configurationManager->GetNextcloudUploadLimit(); - } elseif ($placeholder === 'NEXTCLOUD_MEMORY_LIMIT') { - return $this->configurationManager->GetNextcloudMemoryLimit(); - } elseif ($placeholder === 'NEXTCLOUD_MAX_TIME') { - return $this->configurationManager->GetNextcloudMaxTime(); - } elseif ($placeholder === 'BORG_RETENTION_POLICY') { - return $this->configurationManager->GetBorgRetentionPolicy(); - } elseif ($placeholder === 'FULLTEXTSEARCH_JAVA_OPTIONS') { - return $this->configurationManager->GetFulltextsearchJavaOptions(); - } elseif ($placeholder === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') { - return $this->configurationManager->GetTrustedCacertsDir(); - } elseif ($placeholder === 'ADDITIONAL_DIRECTORIES_BACKUP') { - if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'BORGBACKUP_HOST_LOCATION') { - return $this->configurationManager->GetBorgBackupHostLocation(); - } elseif ($placeholder === 'APACHE_MAX_SIZE') { - return $this->configurationManager->GetApacheMaxSize(); - } elseif ($placeholder === 'COLLABORA_SECCOMP_POLICY') { - return $this->configurationManager->GetCollaboraSeccompPolicy(); - } elseif ($placeholder === 'NEXTCLOUD_STARTUP_APPS') { - return $this->configurationManager->GetNextcloudStartupApps(); - } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_APKS') { - return $this->configurationManager->GetNextcloudAdditionalApks(); - } elseif ($placeholder === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') { - return $this->configurationManager->GetNextcloudAdditionalPhpExtensions(); - } elseif ($placeholder === 'INSTALL_LATEST_MAJOR') { - if ($this->configurationManager->shouldLatestMajorGetInstalled()) { - return 'yes'; - } else { - return ''; - } - } elseif ($placeholder === 'REMOVE_DISABLED_APPS') { - if ($this->configurationManager->shouldDisabledAppsGetRemoved()) { - return 'yes'; - } else { - return ''; - } + return match ($placeholder) { + 'NC_DOMAIN' => $this->configurationManager->GetDomain(), + 'NC_BASE_DN' => $this->configurationManager->GetBaseDN(), + 'AIO_TOKEN' => $this->configurationManager->GetToken(), + 'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(), + 'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(), + 'AIO_URL' => $this->configurationManager->GetAIOURL(), + 'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(), + 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(), + 'APACHE_PORT' => $this->configurationManager->GetApachePort(), + 'TALK_PORT' => $this->configurationManager->GetTalkPort(), + 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), + 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(), + 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled() ? 'yes' : '', + 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '', + 'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled() ? 'yes' : '', + 'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled() ? 'yes' : '', + 'TALK_ENABLED' => $this->configurationManager->isTalkEnabled() ? 'yes' : '', + 'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '', + 'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(), + 'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(), + 'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled() ? 'yes' : '', + 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled() ? 'yes' : '', + 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled() ? 'yes' : '', + 'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(), + 'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(), + 'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(), + 'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(), + 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(), + 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(), + 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', + 'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->GetBorgBackupHostLocation(), + 'APACHE_MAX_SIZE' => $this->configurationManager->GetApacheMaxSize(), + 'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(), + 'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(), + 'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(), + 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->configurationManager->GetNextcloudAdditionalPhpExtensions(), + 'INSTALL_LATEST_MAJOR' => $this->configurationManager->shouldLatestMajorGetInstalled() ? 'yes' : '', + 'REMOVE_DISABLED_APPS' => $this->configurationManager->shouldDisabledAppsGetRemoved() ? 'yes' : '', // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) - } elseif ($placeholder === 'AIO_DATABASE_HOST') { - return gethostbyname('nextcloud-aio-database'); + 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), // Allow to get local ip-address of caddy container and add it to trusted proxies automatically - } elseif ($placeholder === 'CADDY_IP_ADDRESS') { - $communityContainers = $this->configurationManager->GetEnabledCommunityContainers(); - if (in_array('caddy', $communityContainers, true)) { - return gethostbyname('nextcloud-aio-caddy'); - } else { - return ''; - } - } elseif ($placeholder === 'WHITEBOARD_ENABLED') { - if ($this->configurationManager->isWhiteboardEnabled()) { - return 'yes'; - } else { - return ''; - } - } else { - $secret = $this->configurationManager->GetSecret($placeholder); - if ($secret === "") { - throw new \Exception("The secret " . $placeholder . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json."); - } - return $secret; + 'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '', + 'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '', + default => $this->getSecretOrThrow($placeholder), + }; + } + + private function getSecretOrThrow($secretName) { + $secret = $this->configurationManager->GetSecret($secretName); + if ($secret === "") { + throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json."); } + return $secret; } private function isContainerUpdateAvailable(string $id): string { From 0f858dc3fe3738d5d5c0c93053197debb0cfc5c8 Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Fri, 20 Jun 2025 20:32:26 +0000 Subject: [PATCH 0448/1064] Fix psalm errors in DockerActionManager env handling code Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/src/Docker/DockerActionManager.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 35da8663..5e113072 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -475,7 +475,7 @@ readonly class DockerActionManager { // Replaces placeholders in $envValue with their values. // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000" - private function replaceEnvPlaceholders($envValue) { + private function replaceEnvPlaceholders(string $envValue): string { // $pattern breaks down as: // % - matches a literal percent sign // ([^%]+) - capture group that matches one or more characters that are NOT percent signs @@ -488,16 +488,17 @@ readonly class DockerActionManager { if ($matchCount > 0) { $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...] $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...] - $placeholderToPattern = fn($placeholder) => '/' . $placeholder . '/'; + $placeholderToPattern = fn(string $p): string => '/' . $p . '/'; $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...] $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"] - $result = preg_replace($placeholderPatterns, $placeholderValues, $envValue); + // Guaranteed to be non-null because we found the placeholders in the preg_match_all. + $result = (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue); return $result; } return $envValue; } - private function getPlaceholderValue($placeholder) { + private function getPlaceholderValue(string $placeholder) : string { return match ($placeholder) { 'NC_DOMAIN' => $this->configurationManager->GetDomain(), 'NC_BASE_DN' => $this->configurationManager->GetBaseDN(), @@ -530,7 +531,7 @@ readonly class DockerActionManager { 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(), 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', 'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->GetBorgBackupHostLocation(), - 'APACHE_MAX_SIZE' => $this->configurationManager->GetApacheMaxSize(), + 'APACHE_MAX_SIZE' => (string)($this->configurationManager->GetApacheMaxSize()), 'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(), 'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(), 'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(), @@ -546,7 +547,7 @@ readonly class DockerActionManager { }; } - private function getSecretOrThrow($secretName) { + private function getSecretOrThrow(string $secretName): string { $secret = $this->configurationManager->GetSecret($secretName); if ($secret === "") { throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json."); From 0b929d74de9b42ddc0c3e9ad1cd06ea8473aa3a0 Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Mon, 23 Jun 2025 14:57:34 +0000 Subject: [PATCH 0449/1064] Use guard clause in replaceEnvPlaceholders to reduce indentation Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/src/Docker/DockerActionManager.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 5e113072..3667294c 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -485,17 +485,18 @@ readonly class DockerActionManager { // escaping. $pattern = '/%([^%]+)%/'; $matchCount = preg_match_all($pattern, $envValue, $matches); - if ($matchCount > 0) { - $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...] - $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...] - $placeholderToPattern = fn(string $p): string => '/' . $p . '/'; - $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...] - $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"] - // Guaranteed to be non-null because we found the placeholders in the preg_match_all. - $result = (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue); - return $result; + + if ($matchCount === 0) { + return $envValue; } - return $envValue; + + $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...] + $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...] + $placeholderToPattern = fn(string $p): string => '/' . $p . '/'; + $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...] + $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"] + // Guaranteed to be non-null because we found the placeholders in the preg_match_all. + return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue); } private function getPlaceholderValue(string $placeholder) : string { From f81d22cf930b5cc6bdf25b8dea9f608179912cc3 Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Mon, 23 Jun 2025 15:05:19 +0000 Subject: [PATCH 0450/1064] Inline placeholderToPattern and use preg_quote Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/src/Docker/DockerActionManager.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 3667294c..8072b2fc 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -492,8 +492,7 @@ readonly class DockerActionManager { $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...] $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...] - $placeholderToPattern = fn(string $p): string => '/' . $p . '/'; - $placeholderPatterns = array_map($placeholderToPattern, $placeholders); // ["/%PLACEHOLDER1%/", ...] + $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...] $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"] // Guaranteed to be non-null because we found the placeholders in the preg_match_all. return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue); From f7d158c6322571116bd4d62d36b6706da1af560e Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Mon, 23 Jun 2025 15:05:43 +0000 Subject: [PATCH 0451/1064] Use modern callable syntax for $placeholderValues array_map Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/src/Docker/DockerActionManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 8072b2fc..0ccdcf58 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -493,7 +493,7 @@ readonly class DockerActionManager { $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...] $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...] $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...] - $placeholderValues = array_map([$this, 'getPlaceholderValue'], $placeholderNames); // ["val1", "val2"] + $placeholderValues = array_map($this->getPlaceholderValue(...), $placeholderNames); // ["val1", "val2"] // Guaranteed to be non-null because we found the placeholders in the preg_match_all. return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue); } From 1ce5430f77f59097f78f2e7069e0d395085dada2 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 17 Jul 2025 14:16:43 +0200 Subject: [PATCH 0452/1064] increase to 11.5.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index a7689126..9eb25002 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.4.0

    +

    Nextcloud AIO v11.5.0

    {# Add 2nd tab warning #} From c8f76e067a4d6bf76169e43aa4ec0ed6c5142de9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 17 Jul 2025 15:04:57 +0200 Subject: [PATCH 0453/1064] fulltextsearch: adjust default log level to Warn Signed-off-by: Simon L. --- php/containers.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/containers.json b/php/containers.json index f83fa242..c9d57466 100644 --- a/php/containers.json +++ b/php/containers.json @@ -795,7 +795,7 @@ "bootstrap.memory_lock=true", "cluster.name=nextcloud-aio", "discovery.type=single-node", - "logger.org.elasticsearch.discovery=WARN", + "logger.level=WARN", "http.port=9200", "xpack.license.self_generated.type=basic", "xpack.security.enabled=false", From d6e5bcc0aca7c3a4ed46eb94d2f1cfc83110db5e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Jul 2025 04:49:37 +0000 Subject: [PATCH 0454/1064] build(deps): bump httpd in /Containers/apache Bumps httpd from 2.4.63-alpine3.22 to 2.4.64-alpine3.22. --- updated-dependencies: - dependency-name: httpd dependency-version: 2.4.64-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/apache/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index bf342dca..ad6bbd14 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -2,7 +2,7 @@ FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile -FROM httpd:2.4.63-alpine3.22 +FROM httpd:2.4.64-alpine3.22 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy From ed460405f234bc320774007707dd34ef5d63e0ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Jul 2025 04:49:45 +0000 Subject: [PATCH 0455/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.3.2.1 to 25.04.4.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.4.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index d9086cb4..84e8a63f 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.3.2.1 +FROM collabora/code:25.04.4.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 5f0e63a752f58c08e40629965cbb4de3910ba5bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 18 Jul 2025 04:50:35 +0000 Subject: [PATCH 0456/1064] build(deps): bump nicholas-fedor/watchtower in /Containers/watchtower --- updated-dependencies: - dependency-name: nicholas-fedor/watchtower dependency-version: 1.11.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 63ac8163..da2af750 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower +FROM ghcr.io/nicholas-fedor/watchtower:1.11.6 AS watchtower FROM alpine:3.22.1 From 2757630c41021f78804014d8bee02de06b6c902b Mon Sep 17 00:00:00 2001 From: Felix Stupp Date: Tue, 15 Jul 2025 09:12:04 +0000 Subject: [PATCH 0457/1064] add hint to UI about SSH pubkey for remote backups Signed-off-by: Felix Stupp --- php/templates/containers.twig | 1 + 1 file changed, 1 insertion(+) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 9eb25002..2c63f491 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -371,6 +371,7 @@

    To store backups remotely instead, fill in the remote borg repo url and submit it. + You will be provided with an SSH public key for authorization at the remote afterwards.


    From 1adfac39fc57e724f8a4cb58bfd29ffe0eb52c8b Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 18 Jul 2025 12:04:09 +0000 Subject: [PATCH 0458/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index f61f8c40..2ed51c59 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -440,7 +440,7 @@ services: - bootstrap.memory_lock=true - cluster.name=nextcloud-aio - discovery.type=single-node - - logger.org.elasticsearch.discovery=WARN + - logger.level=WARN - http.port=9200 - xpack.license.self_generated.type=basic - xpack.security.enabled=false From 78e9466877b29322ae511f913bf6c768b5295877 Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Sat, 19 Jul 2025 04:16:11 +0000 Subject: [PATCH 0459/1064] Update psalm baseline Signed-off-by: GitHub --- php/psalm-baseline.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index a954c812..516a92aa 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,5 +1,5 @@ - + From 834d3b36cdfb38aa1c78b4005f8679ae3c4590da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Jul 2025 05:02:17 +0000 Subject: [PATCH 0460/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.18.3 to 8.18.4. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.18.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 1d1ca4b6..71434410 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.18.3 +FROM elasticsearch:8.18.4 USER root From 7fffb1840f2f208401dcef83dc672363a229f5dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Jul 2025 05:11:15 +0000 Subject: [PATCH 0461/1064] build(deps): bump httpd in /Containers/apache Bumps httpd from 2.4.64-alpine3.22 to 2.4.65-alpine3.22. --- updated-dependencies: - dependency-name: httpd dependency-version: 2.4.65-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/apache/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index ad6bbd14..58e2ae05 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -2,7 +2,7 @@ FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile -FROM httpd:2.4.64-alpine3.22 +FROM httpd:2.4.65-alpine3.22 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy From 99117072ce5b568d65df5aa7671f1e7c25f29661 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 24 Jul 2025 13:40:49 +0200 Subject: [PATCH 0462/1064] nextcloud: allow to configure custom appstoreurl Signed-off-by: Simon L. --- Containers/nextcloud/config/apps.config.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Containers/nextcloud/config/apps.config.php b/Containers/nextcloud/config/apps.config.php index c890e787..99bf5e40 100644 --- a/Containers/nextcloud/config/apps.config.php +++ b/Containers/nextcloud/config/apps.config.php @@ -16,3 +16,6 @@ $CONFIG = array ( if (getenv('APPS_ALLOWLIST')) { $CONFIG['appsallowlist'] = explode(" ", getenv('APPS_ALLOWLIST')); } +if (getenv('NEXTCLOUD_APP_STORE_URL')) { + $CONFIG['appstoreurl'] = getenv('NEXTCLOUD_APP_STORE_URL'); +} From adeee71982a3686cb8441a8d5ea9d2b1fc0d488b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 24 Jul 2025 10:36:27 +0200 Subject: [PATCH 0463/1064] PerformRecursiveContainerStop: Fix the stop order Signed-off-by: Simon L. --- php/containers.json | 4 ++-- php/src/Controller/DockerController.php | 15 +++++++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/php/containers.json b/php/containers.json index c9d57466..5c15c079 100644 --- a/php/containers.json +++ b/php/containers.json @@ -8,9 +8,9 @@ "nextcloud-aio-onlyoffice", "nextcloud-aio-collabora", "nextcloud-aio-talk", - "nextcloud-aio-nextcloud", "nextcloud-aio-notify-push", - "nextcloud-aio-whiteboard" + "nextcloud-aio-whiteboard", + "nextcloud-aio-nextcloud" ], "display_name": "Apache", "image": "ghcr.io/nextcloud-releases/aio-apache", diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 13e8bdda..e8f9d591 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -22,6 +22,7 @@ readonly class DockerController { private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void { $container = $this->containerDefinitionFetcher->GetContainerById($id); + // Start all dependencies first and then itself foreach($container->GetDependsOn() as $dependency) { $this->PerformRecursiveContainerStart($dependency, $pullImage); } @@ -227,13 +228,19 @@ readonly class DockerController { private function PerformRecursiveContainerStop(string $id) : void { $container = $this->containerDefinitionFetcher->GetContainerById($id); + + // This is a hack but no better solution was found for the meantime + // Stop Collabora first to make sure it force-saves + // See https://github.com/nextcloud/richdocuments/issues/3799 + if ($id === self::TOP_CONTAINER) { + $this->PerformRecursiveContainerStop('nextcloud-aio-collabora'); + } + + // Stop itself first and then all the dependencies + $this->dockerActionManager->StopContainer($container); foreach($container->GetDependsOn() as $dependency) { $this->PerformRecursiveContainerStop($dependency); } - - // Disconnecting is not needed. This also allows to start the containers manually via docker-cli - //$this->dockerActionManager->DisconnectContainerFromNetwork($container); - $this->dockerActionManager->StopContainer($container); } public function StopContainer(Request $request, Response $response, array $args) : Response From 001d0678ddedf212a407d813ca8a78759a99285e Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 25 Jul 2025 12:03:57 +0000 Subject: [PATCH 0464/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 2ed51c59..867f848b 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -10,15 +10,15 @@ services: nextcloud-aio-talk: condition: service_started required: false - nextcloud-aio-nextcloud: - condition: service_started - required: false nextcloud-aio-notify-push: condition: service_started required: false nextcloud-aio-whiteboard: condition: service_started required: false + nextcloud-aio-nextcloud: + condition: service_started + required: false image: ghcr.io/nextcloud-releases/aio-apache:latest user: "33" init: true From b4e4e736162540952daf889b3e2ad3daeddcdc9e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 25 Jul 2025 09:53:16 +0200 Subject: [PATCH 0465/1064] daily-backup: implement a dedicated imagepull before stopping containers which should reduce the downtime Signed-off-by: Simon L. --- Containers/mastercontainer/daily-backup.sh | 6 ++++ php/src/Controller/DockerController.php | 39 +++++++++++----------- php/src/Cron/PullContainerImages.php | 20 +++++++++++ php/src/Docker/DockerActionManager.php | 25 +++++++++++++- 4 files changed, 69 insertions(+), 21 deletions(-) create mode 100644 php/src/Cron/PullContainerImages.php diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index c68835ea..5c97c0ca 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -64,6 +64,12 @@ if [ "$AUTOMATIC_UPDATES" = 1 ]; then done fi +# Update container images to reduce downtime later on +if [ "$AUTOMATIC_UPDATES" = 1 ]; then + echo "Updating container images..." + sudo -u www-data php /var/www/docker-aio/php/src/Cron/PullContainerImages.php +fi + # Stop containers if required # shellcheck disable=SC2235 if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index e8f9d591..378ddab6 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -34,33 +34,32 @@ readonly class DockerController { return; } - // Skip database image pull if the last shutdown was not clean - if ($id === 'nextcloud-aio-database') { - if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) { - $pullImage = false; - error_log('Not pulling the latest database image because the container was not correctly shut down.'); - } - } - - // Check if registry is reachable in order to make sure that we do not try to pull an image if it is down - // and try to mitigate issues that are arising due to that - if ($pullImage) { - if (!$this->dockerActionManager->isRegistryReachable($container)) { - $pullImage = false; - error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.'); - } - } - $this->dockerActionManager->DeleteContainer($container); $this->dockerActionManager->CreateVolumes($container); - if ($pullImage) { - $this->dockerActionManager->PullImage($container); - } + $this->dockerActionManager->PullImage($container, $pullImage); $this->dockerActionManager->CreateContainer($container); $this->dockerActionManager->StartContainer($container); $this->dockerActionManager->ConnectContainerToNetwork($container); } + private function PerformRecursiveImagePull(string $id) : void { + $container = $this->containerDefinitionFetcher->GetContainerById($id); + + // Pull all dependencies first and then itself + foreach($container->GetDependsOn() as $dependency) { + $this->PerformRecursiveImagePull($dependency); + } + + $this->dockerActionManager->PullImage($container, true); + } + + public function PullAllContainerImages(): void { + + $id = self::TOP_CONTAINER; + + $this->PerformRecursiveImagePull($id); + } + public function GetLogs(Request $request, Response $response, array $args) : Response { $requestParams = $request->getQueryParams(); diff --git a/php/src/Cron/PullContainerImages.php b/php/src/Cron/PullContainerImages.php new file mode 100644 index 00000000..43c87d28 --- /dev/null +++ b/php/src/Cron/PullContainerImages.php @@ -0,0 +1,20 @@ +get(\AIO\Controller\DockerController::class); + +// Pull all containers +$dockerController->PullAllContainerImages(); diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 0ccdcf58..2c8e365e 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -450,7 +450,30 @@ readonly class DockerActionManager { } } - public function PullImage(Container $container): void { + public function PullImage(Container $container, bool $pullImage = true): void { + + // Skip database image pull if the last shutdown was not clean + if ($container->GetIdentifier() === 'nextcloud-aio-database') { + if ($this->GetDatabasecontainerExitCode() > 0) { + $pullImage = false; + error_log('Not pulling the latest database image because the container was not correctly shut down.'); + } + } + + // Check if registry is reachable in order to make sure that we do not try to pull an image if it is down + // and try to mitigate issues that are arising due to that + if ($pullImage) { + if (!$this->isRegistryReachable($container)) { + $pullImage = false; + error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.'); + } + } + + // Do not continue if $pullImage is false + if (!$pullImage) { + return; + } + $imageName = $this->BuildImageName($container); $encodedImageName = urlencode($imageName); $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName)); From e568ee91dfbc8b471dea5c197da997b2e348ba99 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 28 Jul 2025 12:03:49 +0000 Subject: [PATCH 0466/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 98146e2f..b08a92c4 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -3330,16 +3330,16 @@ }, { "name": "nikic/php-parser", - "version": "v5.5.0", + "version": "v5.6.0", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "ae59794362fe85e051a58ad36b289443f57be7a9" + "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/ae59794362fe85e051a58ad36b289443f57be7a9", - "reference": "ae59794362fe85e051a58ad36b289443f57be7a9", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/221b0d0fdf1369c71047ad1d18bb5880017bbc56", + "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56", "shasum": "" }, "require": { @@ -3382,9 +3382,9 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v5.5.0" + "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.0" }, - "time": "2025-05-31T08:24:38+00:00" + "time": "2025-07-27T20:03:57+00:00" }, { "name": "phpdocumentor/reflection-common", From 2a95bc25f9a6e3cf7e9bb9f90c570b6ab4c315c6 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 28 Jul 2025 14:31:43 +0200 Subject: [PATCH 0467/1064] aio-interface: allow to force-stop Nextcloud container via API Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 22 +++++++++++++++------- php/src/Docker/DockerActionManager.php | 9 +++++++-- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 378ddab6..39befc63 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -83,17 +83,18 @@ readonly class DockerController { } public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response { - $this->startBackup(); + $forceStopNextcloud = true; + $this->startBackup($forceStopNextcloud); return $response->withStatus(201)->withHeader('Location', '/'); } - public function startBackup() : void { + public function startBackup(bool $forceStopNextcloud = false) : void { $config = $this->configurationManager->GetConfig(); $config['backup-mode'] = 'backup'; $this->configurationManager->WriteConfig($config); $id = self::TOP_CONTAINER; - $this->PerformRecursiveContainerStop($id); + $this->PerformRecursiveContainerStop($id, $forceStopNextcloud); $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); @@ -125,7 +126,8 @@ readonly class DockerController { $this->configurationManager->WriteConfig($config); $id = self::TOP_CONTAINER; - $this->PerformRecursiveContainerStop($id); + $forceStopNextcloud = true; + $this->PerformRecursiveContainerStop($id, $forceStopNextcloud); $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); @@ -224,7 +226,7 @@ readonly class DockerController { $this->PerformRecursiveContainerStart($id); } - private function PerformRecursiveContainerStop(string $id) : void + private function PerformRecursiveContainerStop(string $id, bool $forceStopNextcloud = false) : void { $container = $this->containerDefinitionFetcher->GetContainerById($id); @@ -236,7 +238,12 @@ readonly class DockerController { } // Stop itself first and then all the dependencies - $this->dockerActionManager->StopContainer($container); + if ($id !== 'nextcloud-aio-nextcloud') { + $this->dockerActionManager->StopContainer($container); + } else { + // We want to stop the Nextcloud container after 10s and not wait for the configured stop_grace_period + $this->dockerActionManager->StopContainer($container, $forceStopNextcloud); + } foreach($container->GetDependsOn() as $dependency) { $this->PerformRecursiveContainerStop($dependency); } @@ -245,7 +252,8 @@ readonly class DockerController { public function StopContainer(Request $request, Response $response, array $args) : Response { $id = self::TOP_CONTAINER; - $this->PerformRecursiveContainerStop($id); + $forceStopNextcloud = true; + $this->PerformRecursiveContainerStop($id, $forceStopNextcloud); return $response->withStatus(201)->withHeader('Location', '/'); } diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 2c8e365e..f6ffbdc3 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -898,8 +898,13 @@ readonly class DockerActionManager { } } - public function StopContainer(Container $container): void { - $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $container->GetMaxShutdownTime())); + public function StopContainer(Container $container, bool $forceStopContainer = false): void { + if ($forceStopContainer) { + $maxShutDownTime = 10; + } else { + $maxShutDownTime = $container->GetMaxShutdownTime(); + } + $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $maxShutDownTime)); try { $this->guzzleClient->post($url); } catch (RequestException $e) { From 5a31396e18edf534f3a3079974789f63b99144d6 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 28 Jul 2025 15:54:56 +0200 Subject: [PATCH 0468/1064] fix PerformRecursiveContainerStop detail Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 39befc63..ac3e7e8f 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -245,7 +245,7 @@ readonly class DockerController { $this->dockerActionManager->StopContainer($container, $forceStopNextcloud); } foreach($container->GetDependsOn() as $dependency) { - $this->PerformRecursiveContainerStop($dependency); + $this->PerformRecursiveContainerStop($dependency, $forceStopNextcloud); } } From f2ff7451b4813a026542c9c276ebea72a5d1d63c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 28 Jul 2025 16:31:19 +0200 Subject: [PATCH 0469/1064] initial-setup-test: adjust timeouts Signed-off-by: Simon L. --- php/tests/tests/initial-setup.spec.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js index ca8bc077..c88cd8e3 100644 --- a/php/tests/tests/initial-setup.spec.js +++ b/php/tests/tests/initial-setup.spec.js @@ -60,8 +60,8 @@ test('Initial setup', async ({ page: setupPage }) => { // Start containers and wait for starting message await containersPage.getByRole('button', { name: 'Download and start containers' }).click(); - await expect(containersPage.getByRole('main')).toContainText('Containers are currently starting.', { timeout: 3 * 60 * 1000 }); - await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 2 * 60 * 1000 }); + await expect(containersPage.getByRole('main')).toContainText('Containers are currently starting.', { timeout: 5 * 60 * 1000 }); + await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 3 * 60 * 1000 }); await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toHaveAttribute('href', 'https://example.com'); // Extract initial nextcloud password From 8f99db7bea6a996ea3798e06e31eb0d4c35aeefd Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 28 Jul 2025 17:58:39 +0200 Subject: [PATCH 0470/1064] try to improve debugging of playwright.yml Signed-off-by: Simon L. --- .github/workflows/playwright.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 67653783..8ddc2712 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -45,7 +45,14 @@ jobs: sleep 10 - name: Run Playwright tests for initial setup - run: cd php/tests && DEBUG=pw:api npx playwright test tests/initial-setup.spec.js + run: | + cd php/tests + export DEBUG=pw:api + if ! npx playwright test tests/initial-setup.spec.js; then + docker logs nextcloud-aio-mastercontainer + docker logs nextcloud-aio-borgbackup + exit 1 + fi - name: Start fresh development server run: | @@ -66,7 +73,14 @@ jobs: sleep 10 - name: Run Playwright tests for backup restore - run: cd php/tests && DEBUG=pw:api npx playwright test tests/restore-instance.spec.js + run: | + cd php/tests + export DEBUG=pw:api + if ! npx playwright test tests/restore-instance.spec.js; then + docker logs nextcloud-aio-mastercontainer + docker logs nextcloud-aio-borgbackup + exit 1 + fi - uses: actions/upload-artifact@v4 if: ${{ !cancelled() }} From 4758f2d34102ea7fa418e3d3a8cc59055a0ab355 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 28 Jul 2025 18:22:09 +0200 Subject: [PATCH 0471/1064] PerformRecursiveContainerStop: fix error if collabora is not enabled Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index ac3e7e8f..f9aa6379 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -233,7 +233,7 @@ readonly class DockerController { // This is a hack but no better solution was found for the meantime // Stop Collabora first to make sure it force-saves // See https://github.com/nextcloud/richdocuments/issues/3799 - if ($id === self::TOP_CONTAINER) { + if ($id === self::TOP_CONTAINER && $this->configurationManager->isCollaboraEnabled()) { $this->PerformRecursiveContainerStop('nextcloud-aio-collabora'); } From 27eac870643e13cad3103c77d6a6aaafd85537ab Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 28 Jul 2025 18:47:06 +0200 Subject: [PATCH 0472/1064] restore-instance: fix domain check? Signed-off-by: Simon L. --- php/tests/tests/restore-instance.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js index c16f6700..e93cf340 100644 --- a/php/tests/tests/restore-instance.spec.js +++ b/php/tests/tests/restore-instance.spec.js @@ -28,7 +28,7 @@ test('Restore instance', async ({ page: setupPage }) => { await containersPage.locator('#domain').click(); await containersPage.locator('#domain').fill('example.com'); await containersPage.getByRole('button', { name: 'Submit domain' }).click(); - await expect(containersPage.locator('body')).toContainText('Domain does not point to this server or the reverse proxy is not configured correctly.'); + await expect(containersPage.locator('body')).toContainText('Domain does not point to this server or the reverse proxy is not configured correctly.', { timeout: 15 * 1000 }); // Reject invalid backup location await containersPage.locator('#borg_restore_host_location').click(); From 7c65bf1942f166e7e75d4c74f9cdf9859ee22943 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Jul 2025 13:09:50 +0000 Subject: [PATCH 0473/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.34.1 to 2.35.1. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/0f7f1d08e3e32076e51cae65eb0b0c871405b16e...2282b6a082fc605c8320908a4cca3a5d1ca6c6fe) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.35.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index a7b0c5ff..9515ed3a 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 + - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 005af782..91746681 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 + uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index 2bfe200e..c2800e7c 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 + uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 304f9393..16da7620 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 + uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 4e168ab7..1f72f849 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 + uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 2c40b1ce..9750f25d 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2 + uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 with: php-version: 8.4 extensions: apcu From aa6c8882343d035c654c7d53d1967b75d7d53240 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Jul 2025 04:27:25 +0000 Subject: [PATCH 0474/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.3.2-cli to 28.3.3-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.3.3-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 852ea63d..de283469 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.3.2-cli AS docker +FROM docker:28.3.3-cli AS docker # Caddy is a requirement FROM caddy:2.10.0-alpine AS caddy From 5604c2bbe257f08e9ac50a3ded844dff78f4a0bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Jul 2025 13:02:19 +0000 Subject: [PATCH 0475/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.1 to 2.35.2. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/2282b6a082fc605c8320908a4cca3a5d1ca6c6fe...ccf2c627fe61b1b4d924adfcbd19d661a18133a0) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.35.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 9515ed3a..7ac407c4 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 + - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 91746681..54bc0eb0 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 + uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index c2800e7c..d579b529 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 + uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 16da7620..926c6195 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 + uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 1f72f849..185a2410 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 + uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 9750f25d..dad5b0c6 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@2282b6a082fc605c8320908a4cca3a5d1ca6c6fe # v2 + uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 with: php-version: 8.4 extensions: apcu From 1e8efbcacaf58e3d41b09cc01fd55d37ea512a20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 05:07:30 +0000 Subject: [PATCH 0476/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.4.1.1 to 25.04.4.2.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.4.2.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 84e8a63f..b6088f30 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.4.1.1 +FROM collabora/code:25.04.4.2.1 USER root ARG DEBIAN_FRONTEND=noninteractive From c07d66f0eea89420b97654bb0067f54f1d13b906 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 05:07:35 +0000 Subject: [PATCH 0477/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.18.4 to 8.19.0. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 71434410..4ada3ea2 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.18.4 +FROM elasticsearch:8.19.0 USER root From be73586fa17b3f8b0c2f9407292b3bdc33976881 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Aug 2025 10:17:31 +0000 Subject: [PATCH 0478/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.4.10-fpm-alpine3.22 to 8.4.11-fpm-alpine3.22. --- updated-dependencies: - dependency-name: php dependency-version: 8.4.11-fpm-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 852ea63d..8bf33d13 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:28.3.2-cli AS docker FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile -FROM php:8.4.10-fpm-alpine3.22 +FROM php:8.4.11-fpm-alpine3.22 ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git" ARG AIO_GIT_BRANCH="main" From 667e191371d2e654b28430989bde96ad188b26f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Aug 2025 11:27:21 +0000 Subject: [PATCH 0479/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.23-fpm-alpine3.22 to 8.3.24-fpm-alpine3.22. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.24-fpm-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 10f3057d..82a3ba1b 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.23-fpm-alpine3.22 +FROM php:8.3.24-fpm-alpine3.22 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From 2e44343e446e0921e626b7b307cfb1b3e00dfd77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Aug 2025 12:50:28 +0000 Subject: [PATCH 0480/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.6-scratch to 2.11.7-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.7-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index e34d9c1d..adc1fb2b 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.6-scratch AS nats +FROM nats:2.11.7-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling FROM alpine:3.22.1 AS janus From 041508ca5768f989b1e680bdc5567da3dc8ae959 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Aug 2025 04:28:30 +0000 Subject: [PATCH 0481/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.24.5-alpine3.22 to 1.24.6-alpine3.22. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.6-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index e53f1b02..2e39d5ee 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.5-alpine3.22 AS go +FROM golang:1.24.6-alpine3.22 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From 6b13db8be6dbf8bc801322079a7f6f1c63e0a63d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Aug 2025 05:15:36 +0000 Subject: [PATCH 0482/1064] build(deps): bump python in /Containers/talk-recording Bumps python from 3.13.5-alpine3.22 to 3.13.6-alpine3.22. --- updated-dependencies: - dependency-name: python dependency-version: 3.13.6-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk-recording/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index ea3f77f8..0c2b78ed 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.13.5-alpine3.22 +FROM python:3.13.6-alpine3.22 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 10b1ec5c6697d28ad0530e775ee423ada8643e49 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 11 Aug 2025 10:36:52 +0200 Subject: [PATCH 0483/1064] clamav: print out version during startup of container Signed-off-by: Simon L. --- Containers/clamav/start.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh index fa10d0e5..bda4add5 100644 --- a/Containers/clamav/start.sh +++ b/Containers/clamav/start.sh @@ -2,6 +2,9 @@ sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf +# Print out clamav version for compliance reasons +clamscan --version + echo "Clamav started" exec "$@" From 1c08ae5c31fb6e14cbe7d3938a34293f8d30913a Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 11 Aug 2025 12:01:50 +0000 Subject: [PATCH 0484/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../nextcloud-aio-fulltextsearch-deployment.yaml | 6 +++--- .../nextcloud-aio-imaginary-deployment.yaml | 2 +- .../nextcloud-aio-nextcloud-deployment.yaml | 12 ++++++------ .../nextcloud-aio-notify-push-deployment.yaml | 2 +- .../nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 24 insertions(+), 24 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 7bf3cdaa..8e013c81 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.4.0 +version: 11.5.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 1d60880b..4375d0bb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-apache:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index df4d25d5..73f8dd8e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-clamav:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index ffb12a71..57f07917 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-collabora:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 2fd6db2d..0b32650c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 8a46606f..512f3f28 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 command: - chmod - "777" @@ -48,13 +48,13 @@ spec: value: single-node - name: http.port value: "9200" - - name: logger.org.elasticsearch.discovery + - name: logger.level value: WARN - name: xpack.license.self_generated.type value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 8877f8c4..48b88216 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 92decf2e..54879be4 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 command: - chmod - "777" @@ -110,14 +110,14 @@ spec: value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}" - name: FULLTEXTSEARCH_HOST value: nextcloud-aio-fulltextsearch - - name: FULLTEXTSEARCH_PORT - value: 9200 - - name: FULLTEXTSEARCH_USER - value: elastic - name: FULLTEXTSEARCH_INDEX value: nextcloud-aio - name: FULLTEXTSEARCH_PASSWORD value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}" + - name: FULLTEXTSEARCH_PORT + value: "9200" + - name: FULLTEXTSEARCH_USER + value: elastic - name: IMAGINARY_ENABLED value: "{{ .Values.IMAGINARY_ENABLED }}" - name: IMAGINARY_HOST @@ -188,7 +188,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250811_115851 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index b1d771a1..e4b4a88f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 3ff8701a..19a56a42 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 334b1a5d..4a5fa0df 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-redis:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index efb9dab4..837665ce 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-talk:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index c4d09e8f..4408d64f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250811_115851 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 6d1f7d10..cf25046d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250717_090710 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250811_115851 readinessProbe: exec: command: From 5775a3a9165f0eb7c302eaa2837bd5b892c57686 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 11 Aug 2025 12:03:39 +0000 Subject: [PATCH 0485/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/mastercontainer/Dockerfile | 2 +- php/composer.lock | 74 ++++++++++++++++----------- 2 files changed, 46 insertions(+), 30 deletions(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 852ea63d..e339fe5a 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -45,7 +45,7 @@ RUN set -ex; \ apk add --no-cache --virtual .build-deps \ autoconf \ build-base; \ - pecl install APCu-5.1.24; \ + pecl install APCu-5.1.26; \ docker-php-ext-enable apcu; \ rm -r /tmp/pear; \ runDeps="$( \ diff --git a/php/composer.lock b/php/composer.lock index b08a92c4..69161cfa 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -3875,16 +3875,16 @@ }, { "name": "symfony/console", - "version": "v6.4.23", + "version": "v6.4.24", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93" + "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/9056771b8eca08d026cd3280deeec3cfd99c4d93", - "reference": "9056771b8eca08d026cd3280deeec3cfd99c4d93", + "url": "https://api.github.com/repos/symfony/console/zipball/59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350", + "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350", "shasum": "" }, "require": { @@ -3949,7 +3949,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.23" + "source": "https://github.com/symfony/console/tree/v6.4.24" }, "funding": [ { @@ -3960,25 +3960,29 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" } ], - "time": "2025-06-27T19:37:22+00:00" + "time": "2025-07-30T10:38:54+00:00" }, { "name": "symfony/filesystem", - "version": "v7.3.0", + "version": "v7.3.2", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "b8dce482de9d7c9fe2891155035a7248ab5c7fdb" + "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/b8dce482de9d7c9fe2891155035a7248ab5c7fdb", - "reference": "b8dce482de9d7c9fe2891155035a7248ab5c7fdb", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/edcbb768a186b5c3f25d0643159a787d3e63b7fd", + "reference": "edcbb768a186b5c3f25d0643159a787d3e63b7fd", "shasum": "" }, "require": { @@ -4015,7 +4019,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v7.3.0" + "source": "https://github.com/symfony/filesystem/tree/v7.3.2" }, "funding": [ { @@ -4026,25 +4030,29 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" } ], - "time": "2024-10-25T15:15:23+00:00" + "time": "2025-07-07T08:17:47+00:00" }, { "name": "symfony/finder", - "version": "v6.4.17", + "version": "v6.4.24", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7" + "reference": "73089124388c8510efb8d2d1689285d285937b08" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7", - "reference": "1d0e8266248c5d9ab6a87e3789e6dc482af3c9c7", + "url": "https://api.github.com/repos/symfony/finder/zipball/73089124388c8510efb8d2d1689285d285937b08", + "reference": "73089124388c8510efb8d2d1689285d285937b08", "shasum": "" }, "require": { @@ -4079,7 +4087,7 @@ "description": "Finds files and directories via an intuitive fluent interface", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/finder/tree/v6.4.17" + "source": "https://github.com/symfony/finder/tree/v6.4.24" }, "funding": [ { @@ -4090,12 +4098,16 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" } ], - "time": "2024-12-29T13:51:37+00:00" + "time": "2025-07-15T12:02:45+00:00" }, { "name": "symfony/polyfill-intl-grapheme", @@ -4417,16 +4429,16 @@ }, { "name": "symfony/string", - "version": "v7.3.0", + "version": "v7.3.2", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125" + "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/f3570b8c61ca887a9e2938e85cb6458515d2b125", - "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125", + "url": "https://api.github.com/repos/symfony/string/zipball/42f505aff654e62ac7ac2ce21033818297ca89ca", + "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca", "shasum": "" }, "require": { @@ -4484,7 +4496,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.3.0" + "source": "https://github.com/symfony/string/tree/v7.3.2" }, "funding": [ { @@ -4495,25 +4507,29 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" } ], - "time": "2025-04-20T20:19:01+00:00" + "time": "2025-07-10T08:47:49+00:00" }, { "name": "vimeo/psalm", - "version": "6.13.0", + "version": "6.13.1", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "70cdf647255a1362b426bb0f522a85817b8c791c" + "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/70cdf647255a1362b426bb0f522a85817b8c791c", - "reference": "70cdf647255a1362b426bb0f522a85817b8c791c", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51", + "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51", "shasum": "" }, "require": { @@ -4618,7 +4634,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2025-07-14T09:59:17+00:00" + "time": "2025-08-06T10:10:28+00:00" }, { "name": "wapmorgan/php-deprecation-detector", From 3b05cfd60936690ec23b31b6bdeb8b2a49792863 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 11 Aug 2025 12:14:36 +0000 Subject: [PATCH 0486/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 10f3057d..69bd46dd 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -79,7 +79,7 @@ RUN set -ex; \ \ # pecl will claim success even if one install fails, so we need to perform each install separately pecl install -o igbinary-3.2.16; \ - pecl install APCu-5.1.24; \ + pecl install APCu-5.1.26; \ pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \ pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \ pecl install -o imagick-3.8.0; \ From 29a189ac299a32bf00279281714aa1dcf92c7928 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 11 Aug 2025 14:18:11 +0200 Subject: [PATCH 0487/1064] update OO Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index f23327cd..42c72e5f 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:9.0.3.1 +FROM onlyoffice/documentserver:9.0.4.1 # USER root is probably used From 5ce5d8cf9ca39468fa30d40d2dc81fd181452abc Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 11 Aug 2025 14:28:12 +0200 Subject: [PATCH 0488/1064] fix shellcheck Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 2 +- Containers/nextcloud/entrypoint.sh | 1 + Containers/watchtower/start.sh | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index dba54e12..0882ebd7 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -33,7 +33,7 @@ if [ "$*" != "" ]; then fi # Check if socket is available and readable -if ! [ -a "/var/run/docker.sock" ]; then +if ! [ -e "/var/run/docker.sock" ]; then print_red "Docker socket is not available. Cannot continue." echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!" echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install." diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 1575fac1..433a4ea7 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -234,6 +234,7 @@ DATADIR_PERMISSION_CONF if [ -z "$POSTGRES_PORT" ]; then POSTGRES_PORT=5432 fi + # shellcheck disable=SC2153 INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT") echo "Starting Nextcloud installation..." diff --git a/Containers/watchtower/start.sh b/Containers/watchtower/start.sh index bec4d3a2..cf16e7a4 100644 --- a/Containers/watchtower/start.sh +++ b/Containers/watchtower/start.sh @@ -1,7 +1,7 @@ #!/bin/bash # Check if socket is available and readable -if ! [ -a "/var/run/docker.sock" ]; then +if ! [ -e "/var/run/docker.sock" ]; then echo "Docker socket is not available. Cannot continue." exit 1 elif ! test -r /var/run/docker.sock; then From 7a12d5343e500e04ecb0ec12c05b77c792547f75 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 29 Jul 2025 16:05:18 +0200 Subject: [PATCH 0489/1064] nextcloud: allow to add custom certs to Nextcloud's trusted cert store Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 433a4ea7..c37630e6 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -578,6 +578,24 @@ else fi # AIO app end # Do not remove or change this line! +# Allow to add custom certs to Nextcloud's trusted cert store +if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then + set -x + TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')" + mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES" + CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates" + mkdir -p "$CERTIFICATES_ROOT_DIR" + for certificate in "${TRUSTED_CERTIFICATES[@]}"; do + # shellcheck disable=SC2001 + CERTIFICATE_NAME="$(echo "$certificate" | sed 's|^NEXTCLOUD_TRUSTED_CERTIFICATES_||')" + if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then + echo "${!certificate}" > "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" + php /var/www/html/occ security:certificates:import "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" + fi + done + set +x +fi + # Notify push if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then php /var/www/html/occ app:install notify_push From b3d550b09fcf6e0a905329c169dc46cad8e5dff9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 17:14:37 +0000 Subject: [PATCH 0490/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.2 to 2.35.3. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/ccf2c627fe61b1b4d924adfcbd19d661a18133a0...20529878ed81ef8e78ddf08b480401e6101a850f) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.35.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 7ac407c4..b5b60b77 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 + - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 54bc0eb0..0b1708c9 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 + uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index d579b529..fdb771cc 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 + uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 926c6195..ebccf3a3 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 + uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 185a2410..e51f9065 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 + uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index dad5b0c6..b49dd152 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@ccf2c627fe61b1b4d924adfcbd19d661a18133a0 # v2 + uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 with: php-version: 8.4 extensions: apcu From 14a169068cea1d5c38dc4633cb01e6a76c82613e Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Tue, 12 Aug 2025 04:14:35 +0000 Subject: [PATCH 0491/1064] Update psalm baseline Signed-off-by: GitHub --- php/psalm-baseline.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index 516a92aa..93ddb312 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,5 +1,5 @@ - + From 45a4e9b1e2bb32a8042eca8cce15676590214904 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 12 Aug 2025 10:40:04 +0200 Subject: [PATCH 0492/1064] nextcloud: update link to opcache settings docs Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 33cabc39..e03dacb7 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -107,7 +107,7 @@ RUN set -ex; \ } >> /usr/local/etc/php/conf.d/docker-php-ext-igbinary.ini; \ \ # set recommended PHP.ini settings -# see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache +# see https://docs.nextcloud.com/server/stable/admin_manual/installation/server_tuning.html#enable-php-opcache and below { \ echo 'opcache.max_accelerated_files=10000'; \ echo 'opcache.memory_consumption=256'; \ From 981bff08e6338060a9c5b060c17c3f1c0287f738 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 11:29:26 +0000 Subject: [PATCH 0493/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.0 to 8.19.1. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 4ada3ea2..3ab1971d 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.0 +FROM elasticsearch:8.19.1 USER root From 005544b308cf36259b52cf8973475b093537db65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 05:34:30 +0000 Subject: [PATCH 0494/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.1 to 8.19.2. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 3ab1971d..b8a39213 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.1 +FROM elasticsearch:8.19.2 USER root From 78c4d56fcfd06ca7bbd97b3d4d2282ef82924b06 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 05:35:22 +0000 Subject: [PATCH 0495/1064] build(deps): bump nicholas-fedor/watchtower in /Containers/watchtower Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from 1.11.6 to v1.11.7. - [Release notes](https://github.com/nicholas-fedor/watchtower/releases) - [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.6...v1.11.7) --- updated-dependencies: - dependency-name: nicholas-fedor/watchtower dependency-version: v1.11.7 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index da2af750..aabb1978 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM ghcr.io/nicholas-fedor/watchtower:1.11.6 AS watchtower +FROM ghcr.io/nicholas-fedor/watchtower:v1.11.7 AS watchtower FROM alpine:3.22.1 From 4f07118a37be6b36ea73eac4b3d213bdecf8ed22 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 13 Aug 2025 14:05:31 +0200 Subject: [PATCH 0496/1064] nextcloud-entrypoint: do not wait indefinitely if FTS is not reachable Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 79 +++++++++++++++++------------- 1 file changed, 44 insertions(+), 35 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index c37630e6..ca28f684 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -828,45 +828,54 @@ fi # Fulltextsearch if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then - while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT"; do + count=0 + while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT" && [ "$count" -lt 90 ]; do echo "waiting for Fulltextsearch to become available..." + count=$((count+5)) sleep 5 done - if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then - php /var/www/html/occ app:install fulltextsearch - elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then - php /var/www/html/occ app:enable fulltextsearch - elif [ "$SKIP_UPDATE" != 1 ]; then - php /var/www/html/occ app:update fulltextsearch - fi - if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then - php /var/www/html/occ app:install fulltextsearch_elasticsearch - elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then - php /var/www/html/occ app:enable fulltextsearch_elasticsearch - elif [ "$SKIP_UPDATE" != 1 ]; then - php /var/www/html/occ app:update fulltextsearch_elasticsearch - fi - if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then - php /var/www/html/occ app:install files_fulltextsearch - elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then - php /var/www/html/occ app:enable files_fulltextsearch - elif [ "$SKIP_UPDATE" != 1 ]; then - php /var/www/html/occ app:update files_fulltextsearch - fi - php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}' - php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}" - php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}" + if [ "$count" -ge 90 ]; then + echo "Fulltextsearch did not start in time. Skipping initialization and disabling fulltextsearch apps." + php /var/www/html/occ app:disable fulltextsearch + php /var/www/html/occ app:disable fulltextsearch_elasticsearch + php /var/www/html/occ app:disable files_fulltextsearch + else + if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then + php /var/www/html/occ app:install fulltextsearch + elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then + php /var/www/html/occ app:enable fulltextsearch + elif [ "$SKIP_UPDATE" != 1 ]; then + php /var/www/html/occ app:update fulltextsearch + fi + if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then + php /var/www/html/occ app:install fulltextsearch_elasticsearch + elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then + php /var/www/html/occ app:enable fulltextsearch_elasticsearch + elif [ "$SKIP_UPDATE" != 1 ]; then + php /var/www/html/occ app:update fulltextsearch_elasticsearch + fi + if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then + php /var/www/html/occ app:install files_fulltextsearch + elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then + php /var/www/html/occ app:enable files_fulltextsearch + elif [ "$SKIP_UPDATE" != 1 ]; then + php /var/www/html/occ app:update files_fulltextsearch + fi + php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}' + php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}" + php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}" - # Do the index - if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then - echo "Waiting 10s before activating FTS..." - sleep 10 - echo "Activating fulltextsearch..." - if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then - touch "$NEXTCLOUD_DATA_DIR/fts-index.done" - else - echo "Fulltextsearch failed. Could not index." - echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future." + # Do the index + if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then + echo "Waiting 10s before activating FTS..." + sleep 10 + echo "Activating fulltextsearch..." + if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then + touch "$NEXTCLOUD_DATA_DIR/fts-index.done" + else + echo "Fulltextsearch failed. Could not index." + echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future." + fi fi fi else From a429bf7b0f2cff8edbb7e5b0e55cc811823f8853 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Aug 2025 05:12:21 +0000 Subject: [PATCH 0497/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.2.3-alpine to 3.2.4-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.2.4-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index b14d553b..094d3fd5 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.2.3-alpine +FROM haproxy:3.2.4-alpine # hadolint ignore=DL3002 USER root From d6c20a3ea3905b663e04df9302f00744dab6dec5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Aug 2025 05:13:40 +0000 Subject: [PATCH 0498/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.24.6-alpine3.22 to 1.25.0-alpine3.22. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.0-alpine3.22 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 2e39d5ee..3b70e229 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.24.6-alpine3.22 AS go +FROM golang:1.25.0-alpine3.22 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From c665bdf6365fcdb5e6888cf6963ff5ec0ca09b99 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 14 Aug 2025 08:36:10 +0000 Subject: [PATCH 0499/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index e03dacb7..76bb2aa1 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=31.0.7 +ENV NEXTCLOUD_VERSION=31.0.8 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 1ba5cca0c5b49160837178f2870c85554294f6e5 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 14 Aug 2025 11:16:31 +0200 Subject: [PATCH 0500/1064] increase to 11.6.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 2c63f491..596db85f 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.5.0

    +

    Nextcloud AIO v11.6.0

    {# Add 2nd tab warning #} From b9e52fef5cb5f6980844b2caaf82d8ea983f1617 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Aug 2025 04:44:01 +0000 Subject: [PATCH 0501/1064] build(deps): bump postgres in /Containers/postgresql Bumps postgres from 17.5-alpine to 17.6-alpine. --- updated-dependencies: - dependency-name: postgres dependency-version: 17.6-alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/postgresql/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index b29739d7..2533a5d1 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile -FROM postgres:17.5-alpine +FROM postgres:17.6-alpine COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From de2dfcc7ed5cb3ceaa17f89f64ccfef185e83f7b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Aug 2025 04:44:08 +0000 Subject: [PATCH 0502/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.7-scratch to 2.11.8-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.8-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index adc1fb2b..c2be580b 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.7-scratch AS nats +FROM nats:2.11.8-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling FROM alpine:3.22.1 AS janus From 149febb8d3b72400c6e7ae8c82e21aa0598c953b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 07:51:58 +0000 Subject: [PATCH 0503/1064] build(deps): bump python in /Containers/talk-recording Bumps python from 3.13.6-alpine3.22 to 3.13.7-alpine3.22. --- updated-dependencies: - dependency-name: python dependency-version: 3.13.7-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk-recording/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index 0c2b78ed..40b01470 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.13.6-alpine3.22 +FROM python:3.13.7-alpine3.22 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 25f0021a812df86ead48e6926eedf8c02f845fae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Aug 2025 14:25:49 +0000 Subject: [PATCH 0504/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.1.2 to v1.1.3. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.1.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index bbf0cc6e..02e9344f 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.2 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.3 USER root RUN set -ex; \ From 01dc07e8f1a0fa93043056f5122778fb6b3c51a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Aug 2025 16:10:27 +0000 Subject: [PATCH 0505/1064] build(deps): bump strukturag/nextcloud-spreed-signaling Bumps strukturag/nextcloud-spreed-signaling from 2.0.3 to 2.0.4. --- updated-dependencies: - dependency-name: strukturag/nextcloud-spreed-signaling dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index adc1fb2b..9149e6bb 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM nats:2.11.7-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal -FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling +FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling FROM alpine:3.22.1 AS janus ARG JANUS_VERSION=v1.3.2 From 74b8363f9d535ca09579b5164596fba78f12dc99 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Aug 2025 13:17:33 +0000 Subject: [PATCH 0506/1064] build(deps): bump azure/setup-helm in /.github/workflows Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/b9e51907a09c216f16ebe8536097933489208112...1a275c3b69536ee54be43f2070a358922e12c8d4) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-version: 4.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-release.yml | 2 +- .github/workflows/lint-helm.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 50b161ea..15248c33 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -32,7 +32,7 @@ jobs: # See https://github.com/helm/chart-releaser-action/issues/6 - name: Set up Helm - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 with: version: v3.6.3 diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml index 476c1925..d24c75d2 100644 --- a/.github/workflows/lint-helm.yml +++ b/.github/workflows/lint-helm.yml @@ -16,7 +16,7 @@ jobs: fetch-depth: 0 - name: Install Helm - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 with: version: v3.11.1 From 9ffb91bd04196ccbac5fd72e56389bb5645858a1 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Wed, 20 Aug 2025 22:23:09 +0200 Subject: [PATCH 0507/1064] Update stalwart.json Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/stalwart/stalwart.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/community-containers/stalwart/stalwart.json b/community-containers/stalwart/stalwart.json index e2061688..b9a48091 100644 --- a/community-containers/stalwart/stalwart.json +++ b/community-containers/stalwart/stalwart.json @@ -48,7 +48,8 @@ "environment": [ "TZ=%TIMEZONE%", "NC_DOMAIN=%NC_DOMAIN%", - "STALWART_USER_PASS=%STALWART_USER_PASS%" + "STALWART_USER_PASS=%STALWART_USER_PASS%", + "CLAMAV_ENABLED=%CLAMAV_ENABLED%" ], "secrets": [ "STALWART_USER_PASS" From 0eb6bceb6fa15cd074ca35905c9dfb9661c0b05e Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 21 Aug 2025 12:03:50 +0000 Subject: [PATCH 0508/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 138 ++++++++++++++++++++++++++-------------------- 1 file changed, 79 insertions(+), 59 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 69161cfa..ea0361a5 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -557,16 +557,16 @@ }, { "name": "php-di/php-di", - "version": "7.0.11", + "version": "7.1.1", "source": { "type": "git", "url": "https://github.com/PHP-DI/PHP-DI.git", - "reference": "32f111a6d214564520a57831d397263e8946c1d2" + "reference": "f88054cc052e40dbe7b383c8817c19442d480352" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/32f111a6d214564520a57831d397263e8946c1d2", - "reference": "32f111a6d214564520a57831d397263e8946c1d2", + "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/f88054cc052e40dbe7b383c8817c19442d480352", + "reference": "f88054cc052e40dbe7b383c8817c19442d480352", "shasum": "" }, "require": { @@ -614,7 +614,7 @@ ], "support": { "issues": "https://github.com/PHP-DI/PHP-DI/issues", - "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.11" + "source": "https://github.com/PHP-DI/PHP-DI/tree/7.1.1" }, "funding": [ { @@ -626,7 +626,7 @@ "type": "tidelift" } ], - "time": "2025-06-03T07:45:57+00:00" + "time": "2025-08-16T11:10:48+00:00" }, { "name": "php-di/slim-bridge", @@ -1398,7 +1398,7 @@ }, { "name": "symfony/polyfill-ctype", - "version": "v1.32.0", + "version": "v1.33.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", @@ -1457,7 +1457,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.32.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.33.0" }, "funding": [ { @@ -1468,6 +1468,10 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" @@ -1477,7 +1481,7 @@ }, { "name": "symfony/polyfill-mbstring", - "version": "v1.32.0", + "version": "v1.33.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", @@ -1538,7 +1542,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.32.0" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.33.0" }, "funding": [ { @@ -1549,6 +1553,10 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" @@ -1558,7 +1566,7 @@ }, { "name": "symfony/polyfill-php81", - "version": "v1.32.0", + "version": "v1.33.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php81.git", @@ -1614,7 +1622,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php81/tree/v1.32.0" + "source": "https://github.com/symfony/polyfill-php81/tree/v1.33.0" }, "funding": [ { @@ -1625,6 +1633,10 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" @@ -2602,16 +2614,16 @@ }, { "name": "composer/semver", - "version": "3.4.3", + "version": "3.4.4", "source": { "type": "git", "url": "https://github.com/composer/semver.git", - "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12" + "reference": "198166618906cb2de69b95d7d47e5fa8aa1b2b95" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/semver/zipball/4313d26ada5e0c4edfbd1dc481a92ff7bff91f12", - "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12", + "url": "https://api.github.com/repos/composer/semver/zipball/198166618906cb2de69b95d7d47e5fa8aa1b2b95", + "reference": "198166618906cb2de69b95d7d47e5fa8aa1b2b95", "shasum": "" }, "require": { @@ -2663,7 +2675,7 @@ "support": { "irc": "ircs://irc.libera.chat:6697/composer", "issues": "https://github.com/composer/semver/issues", - "source": "https://github.com/composer/semver/tree/3.4.3" + "source": "https://github.com/composer/semver/tree/3.4.4" }, "funding": [ { @@ -2673,13 +2685,9 @@ { "url": "https://github.com/composer", "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/composer/composer", - "type": "tidelift" } ], - "time": "2024-09-19T14:15:21+00:00" + "time": "2025-08-20T19:15:30+00:00" }, { "name": "composer/xdebug-handler", @@ -2986,16 +2994,16 @@ }, { "name": "fidry/cpu-core-counter", - "version": "1.2.0", + "version": "1.3.0", "source": { "type": "git", "url": "https://github.com/theofidry/cpu-core-counter.git", - "reference": "8520451a140d3f46ac33042715115e290cf5785f" + "reference": "db9508f7b1474469d9d3c53b86f817e344732678" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/8520451a140d3f46ac33042715115e290cf5785f", - "reference": "8520451a140d3f46ac33042715115e290cf5785f", + "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/db9508f7b1474469d9d3c53b86f817e344732678", + "reference": "db9508f7b1474469d9d3c53b86f817e344732678", "shasum": "" }, "require": { @@ -3005,10 +3013,10 @@ "fidry/makefile": "^0.2.0", "fidry/php-cs-fixer-config": "^1.1.2", "phpstan/extension-installer": "^1.2.0", - "phpstan/phpstan": "^1.9.2", - "phpstan/phpstan-deprecation-rules": "^1.0.0", - "phpstan/phpstan-phpunit": "^1.2.2", - "phpstan/phpstan-strict-rules": "^1.4.4", + "phpstan/phpstan": "^2.0", + "phpstan/phpstan-deprecation-rules": "^2.0.0", + "phpstan/phpstan-phpunit": "^2.0", + "phpstan/phpstan-strict-rules": "^2.0", "phpunit/phpunit": "^8.5.31 || ^9.5.26", "webmozarts/strict-phpunit": "^7.5" }, @@ -3035,7 +3043,7 @@ ], "support": { "issues": "https://github.com/theofidry/cpu-core-counter/issues", - "source": "https://github.com/theofidry/cpu-core-counter/tree/1.2.0" + "source": "https://github.com/theofidry/cpu-core-counter/tree/1.3.0" }, "funding": [ { @@ -3043,7 +3051,7 @@ "type": "github" } ], - "time": "2024-08-06T10:04:20+00:00" + "time": "2025-08-14T07:29:31+00:00" }, { "name": "kelunik/certificate", @@ -3330,16 +3338,16 @@ }, { "name": "nikic/php-parser", - "version": "v5.6.0", + "version": "v5.6.1", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56" + "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/221b0d0fdf1369c71047ad1d18bb5880017bbc56", - "reference": "221b0d0fdf1369c71047ad1d18bb5880017bbc56", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2", + "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2", "shasum": "" }, "require": { @@ -3358,7 +3366,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "5.0-dev" + "dev-master": "5.x-dev" } }, "autoload": { @@ -3382,9 +3390,9 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.0" + "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.1" }, - "time": "2025-07-27T20:03:57+00:00" + "time": "2025-08-13T20:13:15+00:00" }, { "name": "phpdocumentor/reflection-common", @@ -3441,16 +3449,16 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "5.6.2", + "version": "5.6.3", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62" + "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/92dde6a5919e34835c506ac8c523ef095a95ed62", - "reference": "92dde6a5919e34835c506ac8c523ef095a95ed62", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/94f8051919d1b0369a6bcc7931d679a511c03fe9", + "reference": "94f8051919d1b0369a6bcc7931d679a511c03fe9", "shasum": "" }, "require": { @@ -3499,9 +3507,9 @@ "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "support": { "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues", - "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.2" + "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.3" }, - "time": "2025-04-13T19:20:35+00:00" + "time": "2025-08-01T19:43:32+00:00" }, { "name": "phpdocumentor/type-resolver", @@ -4111,16 +4119,16 @@ }, { "name": "symfony/polyfill-intl-grapheme", - "version": "v1.32.0", + "version": "v1.33.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-grapheme.git", - "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe" + "reference": "380872130d3a5dd3ace2f4010d95125fde5d5c70" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe", - "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe", + "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/380872130d3a5dd3ace2f4010d95125fde5d5c70", + "reference": "380872130d3a5dd3ace2f4010d95125fde5d5c70", "shasum": "" }, "require": { @@ -4169,7 +4177,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.32.0" + "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.33.0" }, "funding": [ { @@ -4180,16 +4188,20 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" } ], - "time": "2024-09-09T11:45:10+00:00" + "time": "2025-06-27T09:58:17+00:00" }, { "name": "symfony/polyfill-intl-normalizer", - "version": "v1.32.0", + "version": "v1.33.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-normalizer.git", @@ -4250,7 +4262,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.32.0" + "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.33.0" }, "funding": [ { @@ -4261,6 +4273,10 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" @@ -4270,16 +4286,16 @@ }, { "name": "symfony/polyfill-php84", - "version": "v1.32.0", + "version": "v1.33.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php84.git", - "reference": "000df7860439609837bbe28670b0be15783b7fbf" + "reference": "d8ced4d875142b6a7426000426b8abc631d6b191" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/000df7860439609837bbe28670b0be15783b7fbf", - "reference": "000df7860439609837bbe28670b0be15783b7fbf", + "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/d8ced4d875142b6a7426000426b8abc631d6b191", + "reference": "d8ced4d875142b6a7426000426b8abc631d6b191", "shasum": "" }, "require": { @@ -4326,7 +4342,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php84/tree/v1.32.0" + "source": "https://github.com/symfony/polyfill-php84/tree/v1.33.0" }, "funding": [ { @@ -4337,12 +4353,16 @@ "url": "https://github.com/fabpot", "type": "github" }, + { + "url": "https://github.com/nicolas-grekas", + "type": "github" + }, { "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", "type": "tidelift" } ], - "time": "2025-02-20T12:04:08+00:00" + "time": "2025-06-24T13:30:11+00:00" }, { "name": "symfony/service-contracts", From 3e71a789e123ac7c6c2b67293bba39837f763041 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 21 Aug 2025 12:04:43 +0000 Subject: [PATCH 0509/1064] talk-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/talk/server.conf.in | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/Containers/talk/server.conf.in b/Containers/talk/server.conf.in index 85630d5a..8f437e30 100644 --- a/Containers/talk/server.conf.in +++ b/Containers/talk/server.conf.in @@ -84,7 +84,8 @@ internalsecret = the-shared-secret-for-internal-clients # For backend type "etcd": # Key prefix of backend entries. All keys below will be watched and assumed to # contain a JSON document with the following entries: -# - "url": Url of the Nextcloud instance. +# - "urls": List of urls of the Nextcloud instance. +# - "url": Url of the Nextcloud instance (deprecated). # - "secret": Shared secret for requests from and to the backend servers. # # Additional optional entries: @@ -93,8 +94,8 @@ internalsecret = the-shared-secret-for-internal-clients # - "sessionlimit": Number of sessions that are allowed to connect. # # Example: -# "/signaling/backend/one" -> {"url": "https://nextcloud.domain1.invalid", ...} -# "/signaling/backend/two" -> {"url": "https://domain2.invalid/nextcloud", ...} +# "/signaling/backend/one" -> {"urls": ["https://nextcloud.domain1.invalid"], ...} +# "/signaling/backend/two" -> {"urls": ["https://domain2.invalid/nextcloud"], ...} #backendprefix = /signaling/backend # Allow any hostname as backend endpoint. This is extremely insecure and should @@ -122,8 +123,8 @@ connectionsperhost = 8 # Backend configurations as defined in the "[backend]" section above. The # section names must match the ids used in "backends" above. #[backend-id] -# URL of the Nextcloud instance -#url = https://cloud.domain.invalid +# Comma-separated list of urls of the Nextcloud instance +#urls = https://cloud.domain.invalid # Shared secret for requests from and to the backend servers. Leave empty to use # the common shared secret from above. @@ -143,8 +144,8 @@ connectionsperhost = 8 #maxscreenbitrate = 2097152 #[another-backend] -# URL of the Nextcloud instance -#url = https://cloud.otherdomain.invalid +# Comma-separated list of urls of the Nextcloud instance +#urls = https://cloud.otherdomain.invalid # Shared secret for requests from and to the backend servers. Leave empty to use # the common shared secret from above. @@ -179,6 +180,13 @@ connectionsperhost = 8 # proxy server that is used. #maxscreenbitrate = 2097152 +# List of IP addresses / subnets that are allowed to be used by clients in +# candidates. The allowed list has preference over the blocked list below. +#allowedcandidates = 10.0.0.0/8 + +# List of IP addresses / subnets to filter from candidates received by clients. +#blockedcandidates = 1.2.3.0/24 + # For type "proxy": timeout in seconds for requests to the proxy server. #proxytimeout = 2 From 1e750fdcf61020eaf88d8a6c84328a444abbbbc9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 21 Aug 2025 15:05:59 +0200 Subject: [PATCH 0510/1064] collabora: add further caps Signed-off-by: Simon L. --- php/containers.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/php/containers.json b/php/containers.json index 5c15c079..87746514 100644 --- a/php/containers.json +++ b/php/containers.json @@ -397,6 +397,8 @@ "cap_add": [ "MKNOD", "SYS_ADMIN", + "SYS_CHROOT", + "FOWNER", "CHOWN" ], "cap_drop": [ From afde995ac6fe6dab6c00bd43620bf2729bbd7b44 Mon Sep 17 00:00:00 2001 From: Thomas Lavocat Date: Thu, 21 Aug 2025 16:00:43 +0200 Subject: [PATCH 0511/1064] documentation: use force to prune docker resources In the documentation there is reference of a manipulation to perform in case the collabora container is missing some permissions to access the filesystem, however `docker system prune` might not clean what's needed. Adding `-a` is very broad however but will most definitely clean the image. Fixes #6776 Signed-off-by: Thomas Lavocat --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 9dc1aab5..9321f4fb 100644 --- a/readme.md +++ b/readme.md @@ -409,7 +409,7 @@ You can move the whole docker library and all its files including all Nextcloud 1. Stop all the containers from the AIO Interface. 2. Go to your terminal and delete the Collabora container (`docker rm nextcloud-aio-collabora`) AND the Collabora image (`docker image rm nextcloud/aio-collabora`). -3. You might also want to prune your Docker (`docker system prune`) (no data will be lost). +3. You might also want to prune your Docker (`docker system prune -a`) (no data will be lost). 4. Restart your containers from the AIO Interface. This should solve the problem. From c3d1d96d1905909f397fe17d768ab2a47039306e Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 22 Aug 2025 11:32:53 +0000 Subject: [PATCH 0512/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-apache-service.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-clamav-service.yaml | 2 +- .../templates/nextcloud-aio-collabora-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-collabora-service.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-database-service.yaml | 2 +- .../nextcloud-aio-fulltextsearch-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-fulltextsearch-service.yaml | 2 +- .../templates/nextcloud-aio-imaginary-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-imaginary-service.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-nextcloud-service.yaml | 2 +- .../templates/nextcloud-aio-notify-push-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-notify-push-service.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-onlyoffice-service.yaml | 2 +- .../templates/nextcloud-aio-redis-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-redis-service.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 6 +++--- .../nextcloud-aio-talk-recording-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-talk-recording-service.yaml | 2 +- .../templates/nextcloud-aio-talk-service.yaml | 4 ++-- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-whiteboard-service.yaml | 2 +- 27 files changed, 59 insertions(+), 59 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 8e013c81..ac1e2abb 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.5.0 +version: 11.6.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 4375d0bb..0ad86edc 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-apache name: nextcloud-aio-apache @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-apache spec: @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-apache:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml index f496a3f8..404ee626 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-apache name: nextcloud-aio-apache diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 73f8dd8e..e34de43f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-clamav name: nextcloud-aio-clamav @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-clamav spec: @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-clamav:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml index 67a05650..8dc8597d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-clamav name: nextcloud-aio-clamav diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 57f07917..830a9a9f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-collabora name: nextcloud-aio-collabora @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-collabora spec: @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-collabora:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml index 081a8131..ebe7bf3f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-collabora name: nextcloud-aio-collabora diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 0b32650c..c550779f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-database name: nextcloud-aio-database @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-database spec: @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml index e0abad63..9451d908 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-database name: nextcloud-aio-database diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 512f3f28..79c5b8f0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-fulltextsearch name: nextcloud-aio-fulltextsearch @@ -18,13 +18,13 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-fulltextsearch spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml index 29dc4871..ae759475 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-fulltextsearch name: nextcloud-aio-fulltextsearch diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 48b88216..206ac177 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-imaginary name: nextcloud-aio-imaginary @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-imaginary spec: @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml index 28bc08be..a5fb3266 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-imaginary name: nextcloud-aio-imaginary diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 54879be4..84e79629 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-nextcloud name: nextcloud-aio-nextcloud @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-nextcloud spec: @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 command: - chmod - "777" @@ -188,7 +188,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250822_112758 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml index 6394b6fc..18cf84d8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-nextcloud name: nextcloud-aio-nextcloud diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index e4b4a88f..fda97c0e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-notify-push name: nextcloud-aio-notify-push @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-notify-push spec: @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml index 58bc411b..2b7bfccd 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-notify-push name: nextcloud-aio-notify-push diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 19a56a42..0ceebe1f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-onlyoffice name: nextcloud-aio-onlyoffice @@ -18,13 +18,13 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-onlyoffice spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml index 08ea4965..6ff9afa1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-onlyoffice name: nextcloud-aio-onlyoffice diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 4a5fa0df..f12da040 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-redis name: nextcloud-aio-redis @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-redis spec: @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-redis:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml index 3deae463..af82a0bb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-redis name: nextcloud-aio-redis diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 837665ce..2432c09f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-talk spec: @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-talk:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 4408d64f..49401e8a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-talk-recording name: nextcloud-aio-talk-recording @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-talk-recording spec: @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml index 9fe10d57..4410ed72 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-talk-recording name: nextcloud-aio-talk-recording diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml index 1b7f1a05..675a2729 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk-public @@ -28,7 +28,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index cf25046d..14c42eb8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-whiteboard name: nextcloud-aio-whiteboard @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-whiteboard spec: @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250811_115851 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250822_112758 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml index 29232bee..8c8cb5aa 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.36.0 (ae2a39403) + kompose.version: 1.37.0 (fb0539e64) labels: io.kompose.service: nextcloud-aio-whiteboard name: nextcloud-aio-whiteboard From 49aa732ec5fb41a2e54888422387a8534e72c518 Mon Sep 17 00:00:00 2001 From: Alan Savage Date: Fri, 22 Aug 2025 04:43:55 -0700 Subject: [PATCH 0513/1064] add CGNAT range to Caddy and document support for additional trusted proxies to rp docs (#6703) Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> Signed-off-by: Alan Savage Signed-off-by: Simon L. Co-authored-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> Co-authored-by: Simon L. --- Containers/apache/start.sh | 4 ++- php/src/Data/ConfigurationManager.php | 2 +- php/templates/containers.twig | 2 +- reverse-proxy.md | 36 ++++++++++++++++++++++----- 4 files changed, 35 insertions(+), 9 deletions(-) diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh index 9d69eb47..5a85aa08 100644 --- a/Containers/apache/start.sh +++ b/Containers/apache/start.sh @@ -46,7 +46,9 @@ echo "$CADDYFILE" > /tmp/Caddyfile # Change the trusted_proxies in case of reverse proxies if [ "$APACHE_PORT" != '443' ]; then - CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)" + # Here the 100.64.0.0/10 range gets added which is the CGNAT range used by Tailscale nodes + # See https://github.com/nextcloud/all-in-one/pull/6703 for reference + CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges 100.64.0.0/10|' /tmp/Caddyfile)" else CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)" fi diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index bfc59f7c..257e69d0 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -389,7 +389,7 @@ class ConfigurationManager if ($port === '443') { $notice .= " If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443."; } else { - error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!'); + error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#how-to-debug in order to debug things!'); } throw new InvalidSettingConfigurationException($notice); } diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 596db85f..dbb37208 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -123,7 +123,7 @@

    If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow this documentation.

    If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.

    {% if apache_port != '443' %} -

    If you run into issues with your domain being accepted, see these steps for how to debug things.

    +

    If you run into issues with your domain being accepted, see these steps for how to debug things.

    {% endif %}

    Hint: If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following this documentation.

    diff --git a/reverse-proxy.md b/reverse-proxy.md index 84aad3d1..7ad5e97b 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -42,7 +42,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest - `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at. - `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container) - `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below) -- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#6-how-to-debug-things). +- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things). - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on. - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install. - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used. @@ -51,7 +51,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
    > [!Note] -> If you run into troubles, see [the debug section](#6-how-to-debug-things). +> If you run into troubles, see [the debug section](#7-how-to-debug-things). --- @@ -68,8 +68,9 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1 1. **Use this startup command! See [point 2](#2-use-this-startup-command)** 1. Optional: if the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container) 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)** -1. Optional: get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface) -1. Optional: how to debug things? See [point 6](#6-how-to-debug-things) +1. Optional: if the reverse proxy is outside the host network, configure AIO to trust it. See [point 5](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001) +1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface) +1. Optional: how to debug things? See [point 7](#7-how-to-debug-things) ## 1. Configure the reverse proxy @@ -990,7 +991,28 @@ After starting AIO, you should be able to access the AIO Interface via `https:// ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)
    Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! -## 5. Optional: get a valid certificate for the AIO interface +## 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1 +If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1* you must make the following configuration changes + +*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1` + +### Nextcloud trusted proxies +Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this: + +``` +sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value=ip.address.of.proxy +``` + +### Collabora WOPI allow list +If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain* and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`. + +*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.) + +### External reverse proxies connecting via VPN (e.g. Tailscale) + +If your reverse proxy is outside your LAN and connecting via VPN such as Tailscale, you may want to set `APACHE_IP_BINDING=AIO.VPN.host.IP` to ensure only traffic coming from the VPN can connect. + +## 6. Optional: get a valid certificate for the AIO interface If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile: @@ -1007,7 +1029,9 @@ https://:8443 { Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://:443` instead of `https://:8443` in the Caddyfile and use that to access the AIO interface. -## 6. How to debug things? +## 7. How to debug things? + + If something does not work, follow the steps below: 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom! From dd495d76a175814cb4cdc9682efb2eacdebfbc53 Mon Sep 17 00:00:00 2001 From: Alan Savage Date: Fri, 22 Aug 2025 04:47:29 -0700 Subject: [PATCH 0514/1064] Add support for bypass_container_update param for easier local build and testing (#6702) Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> Signed-off-by: Simon L. Signed-off-by: Alan Savage Co-authored-by: Alan Savage Co-authored-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> Co-authored-by: Simon L. --- Containers/mastercontainer/Dockerfile | 17 +++++++---------- Containers/nextcloud/Dockerfile | 24 ++++++++++-------------- develop.md | 25 +++++++++++++++++++------ php/public/index.php | 2 ++ php/src/Controller/DockerController.php | 8 +++++++- php/templates/containers.twig | 1 + 6 files changed, 46 insertions(+), 31 deletions(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index c6b7cafa..395fa645 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -8,9 +8,6 @@ FROM caddy:2.10.0-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile FROM php:8.4.11-fpm-alpine3.22 -ARG AIO_GIT_URL="https://github.com/nextcloud-releases/all-in-one.git" -ARG AIO_GIT_BRANCH="main" - EXPOSE 80 EXPOSE 8080 EXPOSE 8443 @@ -18,6 +15,13 @@ EXPOSE 8443 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker +COPY community-containers /var/www/docker-aio/community-containers +COPY php /var/www/docker-aio/php +COPY --chmod=775 Containers/mastercontainer/*.sh / +COPY --chmod=664 Containers/mastercontainer/Caddyfile /Caddyfile +COPY --chmod=664 Containers/mastercontainer/supervisord.conf /supervisord.conf +COPY Containers/mastercontainer/mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf + WORKDIR /var/www/docker-aio # hadolint ignore=SC2086,DL3047,DL3003,DL3004 @@ -67,8 +71,6 @@ RUN set -ex; \ wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \ chmod +x /usr/local/bin/composer; \ cd /var/www/docker-aio; \ - git clone "$AIO_GIT_URL" --depth 1 --single-branch --branch "$AIO_GIT_BRANCH" .; \ - find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \ rm -r ./php/tests; \ chown www-data:www-data -R /var/www/docker-aio; \ cd php; \ @@ -120,11 +122,6 @@ RUN set -ex; \ mkdir /var/log/supervisord; \ mkdir /var/run/supervisord; -COPY --chmod=775 *.sh / -COPY --chmod=664 Caddyfile /Caddyfile -COPY --chmod=664 supervisord.conf /supervisord.conf -COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf - LABEL org.label-schema.vendor="Nextcloud" # hadolint ignore=DL3002 diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 76bb2aa1..a46f649c 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -13,11 +13,15 @@ ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! -COPY --chmod=775 *.sh / -COPY --chmod=774 upgrade.exclude /upgrade.exclude -COPY config/*.php / -COPY supervisord.conf /supervisord.conf -COPY root.motd /root.motd +COPY --chmod=775 Containers/nextcloud/*.sh / +COPY --chmod=774 Containers/nextcloud/upgrade.exclude /upgrade.exclude +COPY Containers/nextcloud/config/*.php / +COPY Containers/nextcloud/supervisord.conf /supervisord.conf + +# AIO cloning start # Do not remove or change this line! +COPY app /usr/src/nextcloud/apps/nextcloud-aio +COPY Containers/nextcloud/root.motd /root.motd +# AIO cloning end # Do not remove or change this line! VOLUME /mnt/ncdata VOLUME /var/www/html @@ -242,15 +246,7 @@ RUN set -ex; \ sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \ sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \ \ -# AIO cloning start # Do not remove or change this line! - rm -rf /tmp/nextcloud-aio && \ - mkdir -p /tmp/nextcloud-aio && \ - cd /tmp/nextcloud-aio && \ - git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \ - mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \ - cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \ - echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \ -# AIO cloning end # Do not remove or change this line! + echo "[ -n \"\$TERM\" ] && [ -f /root.motd ] && cat /root.motd" >> /root/.bashrc; \ \ chown www-data:root -R /usr/src && \ chmod 777 -R /usr/local/etc/php/conf.d && \ diff --git a/develop.md b/develop.md index abf52208..6c5faf2d 100644 --- a/develop.md +++ b/develop.md @@ -26,7 +26,7 @@ Simply use https://github.com/nextcloud/all-in-one/issues/6198 as template. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`. ## How to test things correctly? -Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml. +Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml. There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details. @@ -48,12 +48,25 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m ## How to connect to the database? Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in. -## How to locally build and test changes to mastercontainer? -1. Push changes to your own git fork and branch. -1. Use below commands to build mastercontainer image for a custom git url and branch: +## How to locally build and test changes to mastercontainer +1. Ensure you are on the developer channel per the instructions above. +1. Use the commands below from the project root to build the mastercontainer image: ``` -cd Containers/mastercontainer -docker buildx build -t ghcr.io/nextcloud-releases/all-in-one:latest --build-arg AIO_GIT_URL="https://github.com/my-fork-repo/all-in-one.git" --build-arg AIO_GIT_BRANCH="my-feature-branch" --load . +docker buildx build --file Containers/mastercontainer/Dockerfile --tag ghcr.io/nextcloud-releases/all-in-one:develop --load . ``` 1. Start a container with above built image. 1. Since the hash of a locally built image doesn't match the latest release mastercontainer, it prompts for a mandatory update. To temporarily bypass the update suffix `?bypass_mastercontainer_update` to the URL. Eg: `https://localhost:8080/containers?bypass_mastercontainer_update` + +## How to locally build and test changes to other containers using the bypass_container_update param +1. Ensure you are on the developer channel per the instructions above. +1. Use the commands below from the project root to build the container image: +``` +# For the "nextcloud" container +docker buildx build --file Containers/nextcloud/Dockerfile --tag ghcr.io/nextcloud-releases/aio-nextcloud:develop --load . + +# For all other containers +docker buildx build --file Containers/{container}/Dockerfile --tag ghcr.io/nextcloud-releases/aio-{container}:develop --load Containers/{container} +``` +1. Stop the containers using the AIO admin interface. +1. Reload the AIO admin interface with the param `bypass_container_update` to avoid overwriting your local changes, e.g. `https://localhost:8080/containers?bypass_container_update`. +1. Click "Start and update containers" and test your changes. Containers will not be updated, despite the button text. diff --git a/php/public/index.php b/php/public/index.php index 712f1463..aac83826 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -86,6 +86,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ // Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image. $params = $request->getQueryParams(); $bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']); + $bypass_container_update = isset($params['bypass_container_update']); return $view->render($response, 'containers.twig', [ 'domain' => $configurationManager->GetDomain(), @@ -136,6 +137,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(), 'community_containers' => $configurationManager->listAvailableCommunityContainers(), 'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(), + 'bypass_container_update' => $bypass_container_update, ]); })->setName('profile'); $app->get('/login', function (Request $request, Response $response, array $args) use ($container) { diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index f9aa6379..8c45e5a6 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -191,8 +191,14 @@ readonly class DockerController { $config['install_latest_major'] = $installLatestMajor; $this->configurationManager->WriteConfig($config); + // Do not pull container images in case 'bypass_container_update' is set via url params + // Needed for local testing + $pullImage = !isset($request->getParsedBody()['bypass_container_update']); + if ($pullImage === false) { + error_log('WARNING: Not pulling container images. Instead, using local ones.'); + } // Start container - $this->startTopContainer(true); + $this->startTopContainer($pullImage); // Clear apcu cache in order to check if container updates are available // Temporarily disabled as it leads much faster to docker rate limits diff --git a/php/templates/containers.twig b/php/templates/containers.twig index dbb37208..2c9e4cd5 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -352,6 +352,7 @@ + {% endif %} From 423ba1cc3c34269abbb09192bc3e3ccd2e374f76 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 22 Aug 2025 13:51:35 +0200 Subject: [PATCH 0515/1064] talk: update script to use the new urls syntax Signed-off-by: Simon L. --- Containers/talk/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/start.sh b/Containers/talk/start.sh index b07f5bc9..f89949f3 100644 --- a/Containers/talk/start.sh +++ b/Containers/talk/start.sh @@ -98,7 +98,7 @@ connectionsperhost = 8 skipverify = ${SKIP_CERT_VERIFY} [backend-1] -url = https://${NC_DOMAIN} +urls = https://${NC_DOMAIN} secret = ${SIGNALING_SECRET} maxstreambitrate = ${TALK_MAX_STREAM_BITRATE} maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE} From 13b09e2497cde1a57a073d8b7597cf89d7443600 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 22 Aug 2025 12:03:41 +0000 Subject: [PATCH 0516/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 867f848b..236ab444 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -267,6 +267,8 @@ services: cap_add: - MKNOD - SYS_ADMIN + - SYS_CHROOT + - FOWNER - CHOWN cap_drop: - NET_RAW From 52975f35ee86b898706d8ca3c5609d32950b4653 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Sat, 23 Aug 2025 12:02:56 +0000 Subject: [PATCH 0517/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index ea0361a5..889b34f4 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -134,16 +134,16 @@ }, { "name": "guzzlehttp/promises", - "version": "2.2.0", + "version": "2.3.0", "source": { "type": "git", "url": "https://github.com/guzzle/promises.git", - "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c" + "reference": "481557b130ef3790cf82b713667b43030dc9c957" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c", - "reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c", + "url": "https://api.github.com/repos/guzzle/promises/zipball/481557b130ef3790cf82b713667b43030dc9c957", + "reference": "481557b130ef3790cf82b713667b43030dc9c957", "shasum": "" }, "require": { @@ -151,7 +151,7 @@ }, "require-dev": { "bamarni/composer-bin-plugin": "^1.8.2", - "phpunit/phpunit": "^8.5.39 || ^9.6.20" + "phpunit/phpunit": "^8.5.44 || ^9.6.25" }, "type": "library", "extra": { @@ -197,7 +197,7 @@ ], "support": { "issues": "https://github.com/guzzle/promises/issues", - "source": "https://github.com/guzzle/promises/tree/2.2.0" + "source": "https://github.com/guzzle/promises/tree/2.3.0" }, "funding": [ { @@ -213,7 +213,7 @@ "type": "tidelift" } ], - "time": "2025-03-27T13:27:01+00:00" + "time": "2025-08-22T14:34:08+00:00" }, { "name": "guzzlehttp/psr7", From 676398f3af6d8376a52422a4d21b6e8494eef4f1 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Sun, 24 Aug 2025 12:02:49 +0000 Subject: [PATCH 0518/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 889b34f4..36729b94 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -8,22 +8,22 @@ "packages": [ { "name": "guzzlehttp/guzzle", - "version": "7.9.3", + "version": "7.10.0", "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77" + "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77", - "reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b51ac707cfa420b7bfd4e4d5e510ba8008e822b4", + "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4", "shasum": "" }, "require": { "ext-json": "*", - "guzzlehttp/promises": "^1.5.3 || ^2.0.3", - "guzzlehttp/psr7": "^2.7.0", + "guzzlehttp/promises": "^2.3", + "guzzlehttp/psr7": "^2.8", "php": "^7.2.5 || ^8.0", "psr/http-client": "^1.0", "symfony/deprecation-contracts": "^2.2 || ^3.0" @@ -114,7 +114,7 @@ ], "support": { "issues": "https://github.com/guzzle/guzzle/issues", - "source": "https://github.com/guzzle/guzzle/tree/7.9.3" + "source": "https://github.com/guzzle/guzzle/tree/7.10.0" }, "funding": [ { @@ -130,7 +130,7 @@ "type": "tidelift" } ], - "time": "2025-03-27T13:37:11+00:00" + "time": "2025-08-23T22:36:01+00:00" }, { "name": "guzzlehttp/promises", @@ -217,16 +217,16 @@ }, { "name": "guzzlehttp/psr7", - "version": "2.7.1", + "version": "2.8.0", "source": { "type": "git", "url": "https://github.com/guzzle/psr7.git", - "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16" + "reference": "21dc724a0583619cd1652f673303492272778051" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16", - "reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/21dc724a0583619cd1652f673303492272778051", + "reference": "21dc724a0583619cd1652f673303492272778051", "shasum": "" }, "require": { @@ -242,7 +242,7 @@ "require-dev": { "bamarni/composer-bin-plugin": "^1.8.2", "http-interop/http-factory-tests": "0.9.0", - "phpunit/phpunit": "^8.5.39 || ^9.6.20" + "phpunit/phpunit": "^8.5.44 || ^9.6.25" }, "suggest": { "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" @@ -313,7 +313,7 @@ ], "support": { "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/2.7.1" + "source": "https://github.com/guzzle/psr7/tree/2.8.0" }, "funding": [ { @@ -329,7 +329,7 @@ "type": "tidelift" } ], - "time": "2025-03-27T12:30:47+00:00" + "time": "2025-08-23T21:21:41+00:00" }, { "name": "http-interop/http-factory-guzzle", From 0ddc2d4ea90d1cf000ef3962f26fd13da028dd18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 06:43:28 +0000 Subject: [PATCH 0519/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.4.2.1 to 25.04.4.3.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.4.3.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index b6088f30..ac8ed4b9 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.4.2.1 +FROM collabora/code:25.04.4.3.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 913179c7a697f161fdac425eaff51d7a3845917d Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 25 Aug 2025 12:13:50 +0000 Subject: [PATCH 0520/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 36729b94..578378e4 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -1150,22 +1150,22 @@ }, { "name": "slim/slim", - "version": "4.14.0", + "version": "4.15.0", "source": { "type": "git", "url": "https://github.com/slimphp/Slim.git", - "reference": "5943393b88716eb9e82c4161caa956af63423913" + "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/slimphp/Slim/zipball/5943393b88716eb9e82c4161caa956af63423913", - "reference": "5943393b88716eb9e82c4161caa956af63423913", + "url": "https://api.github.com/repos/slimphp/Slim/zipball/17eba5182975878a0ab9b27982cd2e2cfcb67ea2", + "reference": "17eba5182975878a0ab9b27982cd2e2cfcb67ea2", "shasum": "" }, "require": { "ext-json": "*", "nikic/fast-route": "^1.3", - "php": "^7.4 || ^8.0", + "php": "~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0", "psr/container": "^1.0 || ^2.0", "psr/http-factory": "^1.1", "psr/http-message": "^1.1 || ^2.0", @@ -1174,7 +1174,7 @@ "psr/log": "^1.1 || ^2.0 || ^3.0" }, "require-dev": { - "adriansuter/php-autoload-override": "^1.4", + "adriansuter/php-autoload-override": "^1.4 || ^2", "ext-simplexml": "*", "guzzlehttp/psr7": "^2.6", "httpsoft/http-message": "^1.1", @@ -1184,12 +1184,12 @@ "nyholm/psr7-server": "^1.1", "phpspec/prophecy": "^1.19", "phpspec/prophecy-phpunit": "^2.1", - "phpstan/phpstan": "^1.11", + "phpstan/phpstan": "^1 || ^2", "phpunit/phpunit": "^9.6", "slim/http": "^1.3", "slim/psr7": "^1.6", "squizlabs/php_codesniffer": "^3.10", - "vimeo/psalm": "^5.24" + "vimeo/psalm": "^5 || ^6" }, "suggest": { "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware", @@ -1216,17 +1216,17 @@ { "name": "Andrew Smith", "email": "a.smith@silentworks.co.uk", - "homepage": "http://silentworks.co.uk" + "homepage": "https://silentworks.co.uk" }, { "name": "Rob Allen", "email": "rob@akrabat.com", - "homepage": "http://akrabat.com" + "homepage": "https://akrabat.com" }, { "name": "Pierre Berube", "email": "pierre@lgse.com", - "homepage": "http://www.lgse.com" + "homepage": "https://www.lgse.com" }, { "name": "Gabriel Manricks", @@ -1262,7 +1262,7 @@ "type": "tidelift" } ], - "time": "2024-06-13T08:54:48+00:00" + "time": "2025-08-20T18:16:16+00:00" }, { "name": "slim/twig-view", From 6d44c1d47784a105998dba9baa3745f982032d79 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Aug 2025 01:05:44 +0000 Subject: [PATCH 0521/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.3 to 2.35.4. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/20529878ed81ef8e78ddf08b480401e6101a850f...ec406be512d7077f68eed36e63f4d91bc006edc4) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.35.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index b5b60b77..14efd520 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 + - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 0b1708c9..30f6831b 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 + uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index fdb771cc..4022272f 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 + uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index ebccf3a3..ba33886b 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up php - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 + uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index e51f9065..2e12971d 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 + uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index b49dd152..e02ccb5b 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@20529878ed81ef8e78ddf08b480401e6101a850f # v2 + uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 with: php-version: 8.4 extensions: apcu From 84f92cd0ac95924de62c47bf25e0065eaebf3f76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Aug 2025 12:53:34 +0000 Subject: [PATCH 0522/1064] build(deps): bump actions/checkout from 4 to 5 in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codespell.yml | 2 +- .github/workflows/community-containers.yml | 2 +- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/docker-lint.yml | 2 +- .github/workflows/helm-release.yml | 2 +- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/json-validator.yml | 2 +- .github/workflows/lint-helm.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/playwright.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- .github/workflows/update-copyright.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- 20 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 51548e24..9104a88d 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Check spelling uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2 with: diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml index 2df5173d..eddc2be1 100644 --- a/.github/workflows/community-containers.yml +++ b/.github/workflows/community-containers.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Validate structure run: | CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)" diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 14efd520..cb3eb33d 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -10,7 +10,7 @@ jobs: name: Run dependency update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 with: php-version: 8.4 diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml index b1a2cd87..1551c48a 100644 --- a/.github/workflows/docker-lint.yml +++ b/.github/workflows/docker-lint.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install hadolint run: | diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 15248c33..ec4eec6a 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Turnstyle uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2 diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index 707a4d7d..4b7fe096 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -10,7 +10,7 @@ jobs: name: update to latest imaginary commit on master branch runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run imaginary-update run: | # Imaginary diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml index 3db0032d..e22ca689 100644 --- a/.github/workflows/json-validator.yml +++ b/.github/workflows/json-validator.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Validate Json run: | sudo apt-get update diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml index d24c75d2..650ae709 100644 --- a/.github/workflows/lint-helm.yml +++ b/.github/workflows/lint-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 30f6831b..1beac885 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index 96ecef69..7d153d7b 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -11,7 +11,7 @@ jobs: name: Run nextcloud-update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run nextcloud-update script run: | # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index 4022272f..62aea81e 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -16,7 +16,7 @@ jobs: name: PHP Deprecation Detector runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up php uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 with: diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 8ddc2712..d93fd5e7 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-node@v4 with: diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index ba33886b..a35394aa 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up php uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 2e12971d..ea70f8e8 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -26,7 +26,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1 - name: Set up php uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index d474d95f..4924d9bc 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -15,7 +15,7 @@ jobs: name: Check Shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run Shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 with: diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index 1b541dd4..ed04851a 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -10,7 +10,7 @@ jobs: name: update talk runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run talk-container-update run: | # Recording diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index e02ccb5b..93c4b572 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml index fa00f9b1..364b3aae 100644 --- a/.github/workflows/update-copyright.yml +++ b/.github/workflows/update-copyright.yml @@ -8,4 +8,4 @@ jobs: name: update copyright runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 9b261a78..b10fb430 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: update helm chart run: | set -x diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index dca81879..d8c6c6e0 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: update yaml files run: | sudo bash manual-install/update-yaml.sh From 681cd2cb17519abb9f5c93492a8a9453d07108a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Aug 2025 13:55:56 +0000 Subject: [PATCH 0523/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.4.3.1 to 25.04.5.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.5.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index ac8ed4b9..f86d2f61 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.4.3.1 +FROM collabora/code:25.04.5.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From bc04ee6aeae6a469976b78c26984e0d22be5500f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Aug 2025 05:49:58 +0000 Subject: [PATCH 0524/1064] build(deps): bump caddy in /Containers/mastercontainer Bumps caddy from 2.10.0-alpine to 2.10.2-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.10.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 395fa645..19b621cb 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -3,7 +3,7 @@ FROM docker:28.3.3-cli AS docker # Caddy is a requirement -FROM caddy:2.10.0-alpine AS caddy +FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile FROM php:8.4.11-fpm-alpine3.22 From 1e579b049e2104101747e3303f4541605852da04 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Aug 2025 05:55:45 +0000 Subject: [PATCH 0525/1064] build(deps): bump caddy in /Containers/apache Bumps caddy from 2.10.0-alpine to 2.10.2-alpine. --- updated-dependencies: - dependency-name: caddy dependency-version: 2.10.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/apache/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index 58e2ae05..d9602864 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM caddy:2.10.0-alpine AS caddy +FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile FROM httpd:2.4.65-alpine3.22 From a2394e4621c0871a9cbbb9d8b67a96dd4579f407 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 27 Aug 2025 19:22:28 +0200 Subject: [PATCH 0526/1064] clamav: set permissions for `/var/lib/clamav` correctly Signed-off-by: Simon L. --- Containers/clamav/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index d00e34a7..c7353629 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -4,8 +4,9 @@ FROM alpine:3.22.1 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache tzdata clamav supervisor bash; \ - mkdir -p /run/clamav /var/log/supervisord /var/run/supervisord; \ + mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \ chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \ + chown -R 100:100 /var/lib/clamav; \ sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \ From 3badbf2d05754f7d6c18bc6e62a341bfac18a94c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 28 Aug 2025 15:59:37 +0200 Subject: [PATCH 0527/1064] compose.yaml: move the security_opt setting up for easier discovery Signed-off-by: Simon L. --- compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose.yaml b/compose.yaml index 93a6b7af..361c8a3f 100644 --- a/compose.yaml +++ b/compose.yaml @@ -12,6 +12,7 @@ services: - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - 8080:8080 - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md + # security_opt: ["label:disable"] # Is needed when using SELinux # environment: # Is needed when using any of the options below # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md @@ -35,7 +36,6 @@ services: # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' - # security_opt: ["label:disable"] # Is needed when using SELinux # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575 # # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439 From e2518d93a8fe395b6a2d7d80737b9a8108c9210e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 Aug 2025 04:20:22 +0000 Subject: [PATCH 0528/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.4.11-fpm-alpine3.22 to 8.4.12-fpm-alpine3.22. --- updated-dependencies: - dependency-name: php dependency-version: 8.4.12-fpm-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 19b621cb..223d2b92 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:28.3.3-cli AS docker FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile -FROM php:8.4.11-fpm-alpine3.22 +FROM php:8.4.12-fpm-alpine3.22 EXPOSE 80 EXPOSE 8080 From b9a840904795eafaeff2717377e4cbe327a0215c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 Aug 2025 04:20:39 +0000 Subject: [PATCH 0529/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.24-fpm-alpine3.22 to 8.3.25-fpm-alpine3.22. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.25-fpm-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index a46f649c..68902f33 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.24-fpm-alpine3.22 +FROM php:8.3.25-fpm-alpine3.22 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From 2e54b15544490f6d1cd4112cd6758bcf32929e30 Mon Sep 17 00:00:00 2001 From: Lorenzo Moscati Date: Fri, 29 Aug 2025 10:16:13 +0200 Subject: [PATCH 0530/1064] Add docs how to adjust MTU size of the docker network (#6779) Signed-off-by: Lorenzo Moscati --- compose.yaml | 10 +++++++++- readme.md | 10 ++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/compose.yaml b/compose.yaml index 361c8a3f..dae365c6 100644 --- a/compose.yaml +++ b/compose.yaml @@ -7,7 +7,8 @@ services: volumes: - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'! - network_mode: bridge # add to the same network as docker run would do + network_mode: bridge # This adds the container to the same network as docker run would do. Comment this line and uncomment the line below and the networks section at the end of the file if you want to define a custom MTU size for the docker network + # networks: ["nextcloud-aio"] ports: - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - 8080:8080 @@ -69,3 +70,10 @@ volumes: # If you want to store the data on a different drive, see https://githu # caddy_config: # caddy_data: # caddy_sites: + +# # Adjust the MTU size of the docker network. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-mtu-size-of-the-docker-network +# networks: +# nextcloud-aio: +# name: nextcloud-aio +# driver_opts: +# com.docker.network.driver.mtu: 1440 diff --git a/readme.md b/readme.md index 9321f4fb..47bb1e50 100644 --- a/readme.md +++ b/readme.md @@ -171,6 +171,7 @@ If your firewall/router has port 80 and 8443 open/forwarded and you point a doma - [How to skip the domain validation?](#how-to-skip-the-domain-validation) - [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others) - [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error) + - [How to adjust the MTU size of the docker network](#how-to-adjust-the-mtu-size-of-the-docker-network) - [Infrastructure](#infrastructure) - [Which CPU architectures are supported?](#which-cpu-architectures-are-supported) - [Disrecommended VPS providers](#disrecommended-vps-providers) @@ -353,6 +354,15 @@ See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue- ### What can I do to fix the internal or reserved ip-address error? If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation. +### How to adjust the MTU size of the docker network +You can adjust the MTU size of the docker network by creating it beforehand with the custom MTU: +``` +docker network create --driver bridge --opt com.docker.network.driver.mtu=1440 nextcloud-aio +``` +When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `aio-nextcloud` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `aio-nextcloud` network and recreate it with the new configuration. + +If you want to use docker compose, you can check out the comments in the `compose.yaml` file for more details. + ## Infrastructure ### Which CPU architectures are supported? From 78bbb8a1111eeca83e05933ad1d00d7afdedcfc4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 28 Aug 2025 16:08:33 +0200 Subject: [PATCH 0531/1064] compose.yaml: add some more explanation and links to docs Signed-off-by: Simon L. --- compose.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/compose.yaml b/compose.yaml index dae365c6..e916d85a 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,8 +1,8 @@ services: nextcloud-aio-mastercontainer: - image: ghcr.io/nextcloud-releases/all-in-one:latest - init: true - restart: always + image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel + init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init + restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly volumes: - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work @@ -11,9 +11,9 @@ services: # networks: ["nextcloud-aio"] ports: - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - - 8080:8080 + - 8080:8080 # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md - # security_opt: ["label:disable"] # Is needed when using SELinux + # security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled # environment: # Is needed when using any of the options below # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md From 76be50d42d7b1aa24184e5a8fec8bbab212c25af Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 29 Aug 2025 10:52:06 +0200 Subject: [PATCH 0532/1064] increase to 11.7.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 2c9e4cd5..61eed40d 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.6.0

    +

    Nextcloud AIO v11.7.0

    {# Add 2nd tab warning #} From 5f067cc03ef4b2bda838b31417722c082319b60f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 29 Aug 2025 11:00:37 +0200 Subject: [PATCH 0533/1064] clamav: fix initial freshclam update Signed-off-by: Simon L. --- Containers/clamav/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index c7353629..216ea1c9 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -12,14 +12,15 @@ RUN set -ex; \ sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \ - sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \ - freshclam --foreground --stdout + sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh COPY --chmod=664 supervisord.conf /supervisord.conf USER 100 +RUN set -ex; \ + freshclam --foreground --stdout VOLUME /var/lib/clamav ENTRYPOINT ["/start.sh"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] From 0f84872fbf8e2ead9c464ad8ee77e06705ea320f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 29 Aug 2025 11:21:42 +0200 Subject: [PATCH 0534/1064] fix start and update of containers after #6702 Signed-off-by: Simon L. --- php/templates/containers.twig | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 61eed40d..e9b7ce7c 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -352,7 +352,9 @@
    - + {% if bypass_container_update == true %} + + {% endif %}
    {% endif %} From 1f7ccba5c8a782a0d3711516c6712f164fecb17f Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Thu, 19 Jun 2025 19:18:49 -0700 Subject: [PATCH 0535/1064] Configure WOPI requests to remain within the Docker network Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- Containers/apache/Caddyfile | 1 + php/containers.json | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile index 64fb5f93..bda4c44c 100644 --- a/Containers/apache/Caddyfile +++ b/Containers/apache/Caddyfile @@ -15,6 +15,7 @@ } https://{$ADDITIONAL_TRUSTED_DOMAIN}:443, +http://${APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} { header -Server header -X-Powered-By diff --git a/php/containers.json b/php/containers.json index c9d57466..d71c085f 100644 --- a/php/containers.json +++ b/php/containers.json @@ -379,7 +379,7 @@ ], "internal_port": "9980", "environment": [ - "aliasgroup1=https://%NC_DOMAIN%:443", + "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:%APACHE_PORT%", "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+", "dictionaries=%COLLABORA_DICTIONARIES%", "TZ=%TIMEZONE%", @@ -389,7 +389,7 @@ "restart": "unless-stopped", "nextcloud_exec_commands": [ "echo 'Activating Collabora config...'", - "php /var/www/html/occ richdocuments:activate-config" + "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-collabora:9980' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'" ], "profiles": [ "collabora" From b26b2b440028031c7aa3d1df7abe94343607982b Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Sat, 30 Aug 2025 10:24:45 -0700 Subject: [PATCH 0536/1064] Use nextcloud-aio-apache for the wopi-url This makes all the WOPI requests go through a single point making debugging easier. Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/containers.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/containers.json b/php/containers.json index d71c085f..8de22b0f 100644 --- a/php/containers.json +++ b/php/containers.json @@ -389,7 +389,7 @@ "restart": "unless-stopped", "nextcloud_exec_commands": [ "echo 'Activating Collabora config...'", - "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-collabora:9980' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'" + "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:%APACHE_PORT%' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'" ], "profiles": [ "collabora" From 43b04b36f5445799be8a04e04bc42600a9018fd0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 3 Sep 2025 21:04:22 +0200 Subject: [PATCH 0537/1064] update docs with new tailscale guide Signed-off-by: Simon L. --- compose.yaml | 2 +- local-instance.md | 2 +- php/templates/containers.twig | 2 +- readme.md | 14 +++++++------- reverse-proxy.md | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/compose.yaml b/compose.yaml index e916d85a..f2026388 100644 --- a/compose.yaml +++ b/compose.yaml @@ -39,7 +39,7 @@ services: # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575 -# # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439 +# # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/6817 # # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 # caddy: diff --git a/local-instance.md b/local-instance.md index 4633bc08..1da26280 100644 --- a/local-instance.md +++ b/local-instance.md @@ -9,7 +9,7 @@ It is possible due to several reasons that you do not want or cannot open Nextcl - [5. Buy a certificate and use that](#5-buy-a-certificate-and-use-that) ## 1. Tailscale -This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 +This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817 ## 2. The normal way The normal way is the following: diff --git a/php/templates/containers.twig b/php/templates/containers.twig index e9b7ce7c..50c1de88 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -118,7 +118,7 @@

    Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.

    Click here for further hints -

    If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use Tailscale

    +

    If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use Tailscale

    If you have a dynamic public IP-address, you can use e.g. DDclient with a compatible domain provider for DNS updates.

    If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow this documentation.

    If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.

    diff --git a/readme.md b/readme.md index 47bb1e50..4c0712aa 100644 --- a/readme.md +++ b/readme.md @@ -32,7 +32,7 @@ Included are: - A+ security in Nextcloud security scan - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel) -- Can be used via [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) +- Can be used via [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case) - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads) - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud) @@ -282,7 +282,7 @@ Only those (if you access the Mastercontainer Interface internally via port 8080 - `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open/forwarded in your firewall/router ### Notes on Cloudflare (proxy/tunnel) -Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible. +Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) if possible. - Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you. - Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel. - It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation @@ -300,7 +300,7 @@ Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed b Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. ### How to run Nextcloud via Tailscale? -For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 +For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817 ### How to get Nextcloud running using the ACME DNS-challenge? You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic. @@ -309,22 +309,22 @@ You can install AIO in reverse proxy mode where is also documented how to get it If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly. ### Can I use an ip-address for Nextcloud instead of a domain? -No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439). +No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). ### Can I run AIO offline or in an airgapped system? No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more. ### Are self-signed certificates supported for Nextcloud? -No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439). +No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). ### Can I use AIO with multiple domains? No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain. ### Are other ports than the default 443 for Nextcloud supported? -No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443. +No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443. ### Can I run Nextcloud in a subdirectory on my domain? -No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. +No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817) if you want to publish it online. ### How can I access Nextcloud locally? Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work. diff --git a/reverse-proxy.md b/reverse-proxy.md index 7ad5e97b..e07a54c8 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -4,7 +4,7 @@ > Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO. > [!TIP] -> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/5439). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575). +> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575). ## Introduction In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to: @@ -905,7 +905,7 @@ Add the following `web.config` file to the root of the site you created as the r click here to expand -For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439 +For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
    From e255f298188ca731e5ce1be96259a8af28581ebb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Sep 2025 20:59:02 +0000 Subject: [PATCH 0538/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.2 to 8.19.3. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index b8a39213..ff683d33 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.2 +FROM elasticsearch:8.19.3 USER root From 213388b65d3690e8c435dcd3da6a653d91028764 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 4 Sep 2025 12:16:12 +0000 Subject: [PATCH 0539/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/mastercontainer/Dockerfile | 2 +- php/composer.lock | 74 +++++++++++++-------------- 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 223d2b92..99b199e3 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -49,7 +49,7 @@ RUN set -ex; \ apk add --no-cache --virtual .build-deps \ autoconf \ build-base; \ - pecl install APCu-5.1.26; \ + pecl install APCu-5.1.27; \ docker-php-ext-enable apcu; \ rm -r /tmp/pear; \ runDeps="$( \ diff --git a/php/composer.lock b/php/composer.lock index 578378e4..34e3534b 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -502,16 +502,16 @@ }, { "name": "php-di/invoker", - "version": "2.3.6", + "version": "2.3.7", "source": { "type": "git", "url": "https://github.com/PHP-DI/Invoker.git", - "reference": "59f15608528d8a8838d69b422a919fd6b16aa576" + "reference": "3c1ddfdef181431fbc4be83378f6d036d59e81e1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/59f15608528d8a8838d69b422a919fd6b16aa576", - "reference": "59f15608528d8a8838d69b422a919fd6b16aa576", + "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/3c1ddfdef181431fbc4be83378f6d036d59e81e1", + "reference": "3c1ddfdef181431fbc4be83378f6d036d59e81e1", "shasum": "" }, "require": { @@ -521,7 +521,7 @@ "require-dev": { "athletic/athletic": "~0.1.8", "mnapoli/hard-mode": "~0.3.0", - "phpunit/phpunit": "^9.0" + "phpunit/phpunit": "^9.0 || ^10 || ^11 || ^12" }, "type": "library", "autoload": { @@ -545,7 +545,7 @@ ], "support": { "issues": "https://github.com/PHP-DI/Invoker/issues", - "source": "https://github.com/PHP-DI/Invoker/tree/2.3.6" + "source": "https://github.com/PHP-DI/Invoker/tree/2.3.7" }, "funding": [ { @@ -553,7 +553,7 @@ "type": "github" } ], - "time": "2025-01-17T12:49:27+00:00" + "time": "2025-08-30T10:22:22+00:00" }, { "name": "php-di/php-di", @@ -1727,16 +1727,16 @@ "packages-dev": [ { "name": "amphp/amp", - "version": "v3.1.0", + "version": "v3.1.1", "source": { "type": "git", "url": "https://github.com/amphp/amp.git", - "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9" + "reference": "fa0ab33a6f47a82929c38d03ca47ebb71086a93f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/amphp/amp/zipball/7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9", - "reference": "7cf7fef3d667bfe4b2560bc87e67d5387a7bcde9", + "url": "https://api.github.com/repos/amphp/amp/zipball/fa0ab33a6f47a82929c38d03ca47ebb71086a93f", + "reference": "fa0ab33a6f47a82929c38d03ca47ebb71086a93f", "shasum": "" }, "require": { @@ -1796,7 +1796,7 @@ ], "support": { "issues": "https://github.com/amphp/amp/issues", - "source": "https://github.com/amphp/amp/tree/v3.1.0" + "source": "https://github.com/amphp/amp/tree/v3.1.1" }, "funding": [ { @@ -1804,7 +1804,7 @@ "type": "github" } ], - "time": "2025-01-26T16:07:39+00:00" + "time": "2025-08-27T21:42:00+00:00" }, { "name": "amphp/byte-stream", @@ -2037,16 +2037,16 @@ }, { "name": "amphp/parallel", - "version": "v2.3.1", + "version": "v2.3.2", "source": { "type": "git", "url": "https://github.com/amphp/parallel.git", - "reference": "5113111de02796a782f5d90767455e7391cca190" + "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/amphp/parallel/zipball/5113111de02796a782f5d90767455e7391cca190", - "reference": "5113111de02796a782f5d90767455e7391cca190", + "url": "https://api.github.com/repos/amphp/parallel/zipball/321b45ae771d9c33a068186b24117e3cd1c48dce", + "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce", "shasum": "" }, "require": { @@ -2109,7 +2109,7 @@ ], "support": { "issues": "https://github.com/amphp/parallel/issues", - "source": "https://github.com/amphp/parallel/tree/v2.3.1" + "source": "https://github.com/amphp/parallel/tree/v2.3.2" }, "funding": [ { @@ -2117,7 +2117,7 @@ "type": "github" } ], - "time": "2024-12-21T01:56:09+00:00" + "time": "2025-08-27T21:55:40+00:00" }, { "name": "amphp/parser", @@ -3571,16 +3571,16 @@ }, { "name": "phpstan/phpdoc-parser", - "version": "2.2.0", + "version": "2.3.0", "source": { "type": "git", "url": "https://github.com/phpstan/phpdoc-parser.git", - "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8" + "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/b9e61a61e39e02dd90944e9115241c7f7e76bfd8", - "reference": "b9e61a61e39e02dd90944e9115241c7f7e76bfd8", + "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/1e0cd5370df5dd2e556a36b9c62f62e555870495", + "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495", "shasum": "" }, "require": { @@ -3612,9 +3612,9 @@ "description": "PHPDoc parser with support for nullable, intersection and generic types", "support": { "issues": "https://github.com/phpstan/phpdoc-parser/issues", - "source": "https://github.com/phpstan/phpdoc-parser/tree/2.2.0" + "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.0" }, - "time": "2025-07-13T07:04:09+00:00" + "time": "2025-08-30T15:50:23+00:00" }, { "name": "revolt/event-loop", @@ -3883,16 +3883,16 @@ }, { "name": "symfony/console", - "version": "v6.4.24", + "version": "v6.4.25", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350" + "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350", - "reference": "59266a5bf6a596e3e0844fd95e6ad7ea3c1d3350", + "url": "https://api.github.com/repos/symfony/console/zipball/273fd29ff30ba0a88ca5fb83f7cf1ab69306adae", + "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae", "shasum": "" }, "require": { @@ -3957,7 +3957,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.24" + "source": "https://github.com/symfony/console/tree/v6.4.25" }, "funding": [ { @@ -3977,7 +3977,7 @@ "type": "tidelift" } ], - "time": "2025-07-30T10:38:54+00:00" + "time": "2025-08-22T10:21:53+00:00" }, { "name": "symfony/filesystem", @@ -4449,16 +4449,16 @@ }, { "name": "symfony/string", - "version": "v7.3.2", + "version": "v7.3.3", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca" + "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/42f505aff654e62ac7ac2ce21033818297ca89ca", - "reference": "42f505aff654e62ac7ac2ce21033818297ca89ca", + "url": "https://api.github.com/repos/symfony/string/zipball/17a426cce5fd1f0901fefa9b2a490d0038fd3c9c", + "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c", "shasum": "" }, "require": { @@ -4516,7 +4516,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.3.2" + "source": "https://github.com/symfony/string/tree/v7.3.3" }, "funding": [ { @@ -4536,7 +4536,7 @@ "type": "tidelift" } ], - "time": "2025-07-10T08:47:49+00:00" + "time": "2025-08-25T06:35:40+00:00" }, { "name": "vimeo/psalm", From b65ee977027c25f6fae875e5cd44a27bd9945c5b Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 4 Sep 2025 12:18:45 +0000 Subject: [PATCH 0540/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 68902f33..554a101b 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ \ # pecl will claim success even if one install fails, so we need to perform each install separately pecl install -o igbinary-3.2.16; \ - pecl install APCu-5.1.26; \ + pecl install APCu-5.1.27; \ pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \ pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \ pecl install -o imagick-3.8.0; \ From 8d5726af7c7d8428b3e6217f7b0f057f250349ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 14:18:48 +0000 Subject: [PATCH 0541/1064] build(deps): bump actions/setup-node from 4 to 5 in /.github/workflows Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/playwright.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 8ddc2712..2f2a4363 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v5 with: node-version: lts/* From 5f4fae140acedf2099b076b3c659abfe8cc3ae70 Mon Sep 17 00:00:00 2001 From: Alan Savage Date: Thu, 4 Sep 2025 08:57:40 -0700 Subject: [PATCH 0542/1064] Make APACHE_HOST an optional param in apache/Caddyfile Co-authored-by: Simon L. Signed-off-by: Alan Savage --- Containers/apache/Caddyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile index bda4c44c..9b5362b1 100644 --- a/Containers/apache/Caddyfile +++ b/Containers/apache/Caddyfile @@ -15,7 +15,7 @@ } https://{$ADDITIONAL_TRUSTED_DOMAIN}:443, -http://${APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback +http://{$APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} { header -Server header -X-Powered-By From bccdb62e80b970da327d043cd7335e8e11751c3c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 04:21:14 +0000 Subject: [PATCH 0543/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.3.3-cli to 28.4.0-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.4.0-cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 223d2b92..a4b93ad8 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.3.3-cli AS docker +FROM docker:28.4.0-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From f5dfa3193c6168214c9e0ce4b9046cbfce1993de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Sep 2025 04:21:52 +0000 Subject: [PATCH 0544/1064] build(deps): bump nicholas-fedor/watchtower in /Containers/watchtower Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from v1.11.7 to 1.11.8. - [Release notes](https://github.com/nicholas-fedor/watchtower/releases) - [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.7...v1.11.8) --- updated-dependencies: - dependency-name: nicholas-fedor/watchtower dependency-version: 1.11.8 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index aabb1978..82472ec7 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM ghcr.io/nicholas-fedor/watchtower:v1.11.7 AS watchtower +FROM ghcr.io/nicholas-fedor/watchtower:1.11.8 AS watchtower FROM alpine:3.22.1 From 1e9afb833ce344fdf79b9abe9b5ebed04f5379b8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 5 Sep 2025 12:12:33 +0200 Subject: [PATCH 0545/1064] fix update-helm script detail Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index d3a84a9c..80882854 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -27,7 +27,7 @@ cp latest.yml latest.yml.backup # Additional config # shellcheck disable=SC1083 -sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml +sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN|SYS_CHROOT|FOWNER)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml cp sample.conf /tmp/ sed -i 's|^|export |' /tmp/sample.conf # shellcheck disable=SC1091 From d50e1d2dfcc1f22685371997c06e7c65427b5431 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 5 Sep 2025 10:14:26 +0000 Subject: [PATCH 0546/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 4 +++- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 21 insertions(+), 19 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index ac1e2abb..e406a494 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.6.0 +version: 11.7.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 0ad86edc..7a103567 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-apache:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index e34de43f..c3e022fa 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-clamav:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 830a9a9f..f49da097 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-collabora:20250905_100617 readinessProbe: exec: command: @@ -61,5 +61,7 @@ spec: add: - MKNOD - CAP_SYS_ADMIN + - SYS_CHROOT + - FOWNER - CHOWN {{- end }} diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index c550779f..5edd6701 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 79c5b8f0..663e3438 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 206ac177..61ad3e5c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 84e79629..6d93dd7d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 command: - chmod - "777" @@ -188,7 +188,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250905_100617 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index fda97c0e..eabd0372 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 0ceebe1f..e94a1a93 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index f12da040..8cb961ed 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-redis:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 2432c09f..d3b8ee2a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-talk:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 49401e8a..d54a6376 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250905_100617 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 14c42eb8..9729c473 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250822_112758 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250905_100617 readinessProbe: exec: command: From ca0e7980b3b5732d82320d05debc956c1025e92c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 5 Sep 2025 12:57:57 +0200 Subject: [PATCH 0547/1064] increase to 11.8.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 50c1de88..e686e3a8 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.7.0

    +

    Nextcloud AIO v11.8.0

    {# Add 2nd tab warning #} From d2e944f7dc0ae461497bd385ec233e1012dddabd Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Fri, 5 Sep 2025 06:18:18 -0700 Subject: [PATCH 0548/1064] Use a fixed port for internal WOPI requests and callbacks This fixes the issue where Caddy fails to start when APACHE_PORT was 443. Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- Containers/apache/Caddyfile | 2 +- php/containers.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile index 9b5362b1..4b92d807 100644 --- a/Containers/apache/Caddyfile +++ b/Containers/apache/Caddyfile @@ -15,7 +15,7 @@ } https://{$ADDITIONAL_TRUSTED_DOMAIN}:443, -http://{$APACHE_HOST}:{$APACHE_PORT}, # For Collabora callback +http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} { header -Server header -X-Powered-By diff --git a/php/containers.json b/php/containers.json index 998adc5e..4506c09e 100644 --- a/php/containers.json +++ b/php/containers.json @@ -379,7 +379,7 @@ ], "internal_port": "9980", "environment": [ - "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:%APACHE_PORT%", + "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973", "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+", "dictionaries=%COLLABORA_DICTIONARIES%", "TZ=%TIMEZONE%", @@ -389,7 +389,7 @@ "restart": "unless-stopped", "nextcloud_exec_commands": [ "echo 'Activating Collabora config...'", - "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:%APACHE_PORT%' --callback-url='http://nextcloud-aio-apache:%APACHE_PORT%'" + "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:23973' --callback-url='http://nextcloud-aio-apache:23973'" ], "profiles": [ "collabora" From f37d857b7b29c785edc2063117f7d64dd2996bb6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 04:30:50 +0000 Subject: [PATCH 0549/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.25.0-alpine3.22 to 1.25.1-alpine3.22. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.1-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 3b70e229..afeb69a4 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.0-alpine3.22 AS go +FROM golang:1.25.1-alpine3.22 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From bb342bc64ac6d7ff0dddd8594ba253d3268c25a4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 8 Sep 2025 11:10:02 +0200 Subject: [PATCH 0550/1064] facerecognition-cc: update json to use actual secret for api key Signed-off-by: Simon L. --- community-containers/facerecognition/facerecognition.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/community-containers/facerecognition/facerecognition.json b/community-containers/facerecognition/facerecognition.json index 4078bada..d97d5c08 100644 --- a/community-containers/facerecognition/facerecognition.json +++ b/community-containers/facerecognition/facerecognition.json @@ -10,18 +10,21 @@ "restart": "unless-stopped", "environment": [ "TZ=%TIMEZONE%", - "API_KEY=some-super-secret-api-key", + "API_KEY=%FACERECOGNITION_API_KEY%", "FACE_MODEL=3" ], "aio_variables": [ "nextcloud_memory_limit=2048M" ], + "secrets": [ + "FACERECOGNITION_API_KEY" + ], "enable_nvidia_gpu": false, "nextcloud_exec_commands": [ "php /var/www/html/occ app:install facerecognition", "php /var/www/html/occ app:enable facerecognition", "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000", - "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key", + "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value %FACERECOGNITION_API_KEY%", "php /var/www/html/occ face:setup -m 5", "php /var/www/html/occ face:setup -M 1G", "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000", From 6648cfbd65a98225aa1171c90c2a14bdfd45ab56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 12:35:20 +0000 Subject: [PATCH 0551/1064] build(deps): bump softprops/turnstyle in /.github/workflows Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 2.4.0 to 3.0.0. - [Release notes](https://github.com/softprops/turnstyle/releases) - [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/turnstyle/compare/807f6009e7cee5c2c9faa41ccef03a8bb24b06ab...bff843227669a0c34c7f791ebd53a4b7c2a3febd) --- updated-dependencies: - dependency-name: softprops/turnstyle dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 15248c33..ce40e195 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v4 - name: Turnstyle - uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2 + uses: softprops/turnstyle@bff843227669a0c34c7f791ebd53a4b7c2a3febd # v2 with: continue-after-seconds: 180 env: From ee2f1fa262ca9014da31c88ca1dfa313c8789259 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 9 Sep 2025 20:46:40 +0200 Subject: [PATCH 0552/1064] aio-interface setup page: fall back to system fonts if monospace does not exist Signed-off-by: Simon L. --- php/public/style.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/public/style.css b/php/public/style.css index 107463b5..e3b24700 100644 --- a/php/public/style.css +++ b/php/public/style.css @@ -220,7 +220,7 @@ svg:not(:has(use)) .fallback-text { } .login > .monospace { - font-family: monospace; + font-family: monospace, monospace, system-ui, -apple-system, 'Segoe UI', Roboto, Oxygen-Sans, Cantarell, Ubuntu, 'Helvetica Neue', 'Noto Sans', 'Liberation Sans', Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji'; font-size: 17px; } From 29c093afaec391e8eee896222aa733b9a7a9c9ae Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Tue, 9 Sep 2025 14:44:23 -0700 Subject: [PATCH 0553/1064] Make secrets global and init on first use. This allows all containers to use any secret declared anywhere in their placeholders but they will not be generated and written to the configuration until they are used. Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/src/Container/Container.php | 6 ------ php/src/ContainerDefinitionFetcher.php | 8 +++++--- php/src/Data/ConfigurationManager.php | 14 +++++++++----- php/src/Docker/DockerActionManager.php | 14 +------------- 4 files changed, 15 insertions(+), 27 deletions(-) diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php index 77858283..baee1c00 100644 --- a/php/src/Container/Container.php +++ b/php/src/Container/Container.php @@ -19,8 +19,6 @@ readonly class Container { private ContainerEnvironmentVariables $containerEnvironmentVariables, /** @var string[] */ private array $dependsOn, - /** @var string[] */ - private array $secrets, private string $uiSecret, /** @var string[] */ private array $devices, @@ -82,10 +80,6 @@ readonly class Container { return $this->maxShutdownTime; } - public function GetSecrets() : array { - return $this->secrets; - } - public function GetUiSecret() : string { return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret); } diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 6809650c..a404e3a3 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -239,9 +239,12 @@ readonly class ContainerDefinitionFetcher { $internalPort = $entry['internal_port']; } - $secrets = []; if (isset($entry['secrets'])) { - $secrets = $entry['secrets']; + // All secrets are registered with the configuration when they + // are discovered so they can be later generated at time-of-use. + foreach ($entry['secrets'] as $secret) { + $this->configurationManager->RegisterSecret($secret); + } } $uiSecret = ''; @@ -320,7 +323,6 @@ readonly class ContainerDefinitionFetcher { $volumes, $variables, $dependsOn, - $secrets, $uiSecret, $devices, $enableNvidiaGpu, diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 257e69d0..ceae13d0 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -7,6 +7,8 @@ use AIO\Controller\DockerController; class ConfigurationManager { + private array $secrets = []; + public function GetConfig() : array { if(file_exists(DataConst::GetConfigFile())) @@ -50,13 +52,15 @@ class ConfigurationManager return $config['secrets'][$secretId]; } - public function GetSecret(string $secretId) : string { - $config = $this->GetConfig(); - if(!isset($config['secrets'][$secretId])) { - $config['secrets'][$secretId] = ""; + public function GetRegisteredSecret(string $secretId) : string { + if ($this->secrets[$secretId]) { + return $this->GetAndGenerateSecret($secretId); } + throw new \Exception("The secret " . $secretId . " was not registered. Please check if it is defined in secrets of containers.json."); + } - return $config['secrets'][$secretId]; + public function RegisterSecret(string $secretId) : void { + $this->secrets[$secretId] = true; } private function DoubleSafeBackupSecret(string $borgBackupPassword) : void { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index f6ffbdc3..d46bc5c9 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -221,10 +221,6 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Binds'] = $volumes; } - foreach ($container->GetSecrets() as $secret) { - $this->configurationManager->GetAndGenerateSecret($secret); - } - $aioVariables = $container->GetAioVariables()->GetVariables(); foreach ($aioVariables as $variable) { $config = $this->configurationManager->GetConfig(); @@ -566,18 +562,10 @@ readonly class DockerActionManager { // Allow to get local ip-address of caddy container and add it to trusted proxies automatically 'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '', 'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '', - default => $this->getSecretOrThrow($placeholder), + default => $this->configurationManager->GetRegisteredSecret($placeholder), }; } - private function getSecretOrThrow(string $secretName): string { - $secret = $this->configurationManager->GetSecret($secretName); - if ($secret === "") { - throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json."); - } - return $secret; - } - private function isContainerUpdateAvailable(string $id): string { $container = $this->containerDefinitionFetcher->GetContainerById($id); From f87bd7ae450785e909ccbe65f2b2b55d24a4d600 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 04:21:22 +0000 Subject: [PATCH 0554/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.8-scratch to 2.11.9-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.9-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index abe8dd7a..88a9cd1e 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.8-scratch AS nats +FROM nats:2.11.9-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling FROM alpine:3.22.1 AS janus From 0b30904c91f4ed06acd1bb8573465e30957e236f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Sep 2025 04:22:25 +0000 Subject: [PATCH 0555/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.5.1.1 to 25.04.5.2.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.5.2.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index f86d2f61..6438a186 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.5.1.1 +FROM collabora/code:25.04.5.2.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 3c8b6a0f3f7e670ab2ab0221925ffdb1b6e1d143 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 11 Sep 2025 12:03:40 +0000 Subject: [PATCH 0556/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 236ab444..83bc1ef1 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -255,7 +255,7 @@ services: expose: - "9980" environment: - - aliasgroup1=https://${NC_DOMAIN}:443 + - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973 - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - dictionaries=${COLLABORA_DICTIONARIES} - TZ=${TIMEZONE} From b95ff056e0cfd6448f0f2151640beb6c7b3a043f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 11 Sep 2025 16:18:32 +0200 Subject: [PATCH 0557/1064] nextcloud-entrypoint: adjust some details Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index ca28f684..fc047105 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -198,7 +198,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then echo "Initializing nextcloud $image_version ..." rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/ - for dir in config data custom_apps themes; do + # Copy custom_apps from Nextcloud archive + if ! directory_empty "$SOURCE_LOCATION/custom_apps"; then + set -x + for app in "$SOURCE_LOCATION/custom_apps"/*; do + app_id="$(basename "$app")" + mkdir -p "/var/www/html/custom_apps/$app_id" + rsync -rlD --delete --include "/$app_id/" --exclude '/*' "$SOURCE_LOCATION/custom_apps/" /var/www/html/custom_apps/ + done + set +x + fi + + # Copy over initial data from Nextcloud archive + for dir in config data themes; do if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/ fi @@ -356,7 +368,7 @@ DATADIR_PERMISSION_CONF read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS" for app in "${STARTUP_APPS_ARRAY[@]}"; do if ! echo "$app" | grep -q '^-'; then - if [ -z "$(find /var/www/html/apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then + if [ -z "$(find /var/www/html/apps /var/www/html/custom_apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then # If not shipped, install and enable the app php /var/www/html/occ app:install "$app" else From 1e77ea27f0aea39f4795459b4ab55e8bd1768641 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 Sep 2025 04:19:40 +0000 Subject: [PATCH 0558/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.1.3 to v1.2.0. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.2.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 02e9344f..43f1ad90 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.1.3 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.0 USER root RUN set -ex; \ From 29ff04f5e6c21ba85b36e83f7c196fe09cfe2cd3 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 12 Sep 2025 08:36:44 +0000 Subject: [PATCH 0559/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 554a101b..1955ab2f 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=31.0.8 +ENV NEXTCLOUD_VERSION=31.0.9 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 7b23b48cf866294fac3db8a06f863c2af0dceba3 Mon Sep 17 00:00:00 2001 From: Benjamin Brahmer Date: Fri, 5 Sep 2025 12:11:54 +0200 Subject: [PATCH 0560/1064] feat: add community container nextcloud-exporter - allows monitoring your nextcloud with prometheus - listens on localhost only, but caddy integration is available - You can create a Dashboard in Grafana to visualize the collected data Signed-off-by: Benjamin Brahmer Co-Authored-By: Simon L. --- community-containers/caddy/caddy.json | 6 +- community-containers/caddy/readme.md | 3 +- .../nextcloud-exporter.json | 35 +++++++++ .../nextcloud-exporter/readme.md | 72 +++++++++++++++++++ php/containers-schema.json | 2 +- 5 files changed, 115 insertions(+), 3 deletions(-) create mode 100644 community-containers/nextcloud-exporter/nextcloud-exporter.json create mode 100644 community-containers/nextcloud-exporter/readme.md diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json index d5f72cb8..0e78175d 100644 --- a/community-containers/caddy/caddy.json +++ b/community-containers/caddy/caddy.json @@ -23,7 +23,8 @@ "environment": [ "TZ=%TIMEZONE%", "NC_DOMAIN=%NC_DOMAIN%", - "APACHE_PORT=%APACHE_PORT%" + "APACHE_PORT=%APACHE_PORT%", + "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%" ], "volumes": [ { @@ -37,6 +38,9 @@ "writeable": false } ], + "secrets": [ + "NEXTCLOUD_EXPORTER_CADDY_PASSWORD" + ], "aio_variables": [ "apache_ip_binding=@INTERNAL", "apache_port=11000" diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index f9b5a020..56984d59 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -1,5 +1,5 @@ ## Caddy with geoblocking -This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. +This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. ### Notes - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! @@ -10,6 +10,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap. - If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb. - If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr. +- If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter. - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active! - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack diff --git a/community-containers/nextcloud-exporter/nextcloud-exporter.json b/community-containers/nextcloud-exporter/nextcloud-exporter.json new file mode 100644 index 00000000..f9159a36 --- /dev/null +++ b/community-containers/nextcloud-exporter/nextcloud-exporter.json @@ -0,0 +1,35 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-nextcloud-exporter", + "display_name": "Prometheus Nextcloud Exporter", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter", + "image": "ghcr.io/xperimental/nextcloud-exporter", + "image_tag": "0.8.0", + "internal_port": "9205", + "restart": "unless-stopped", + "ports": [ + { + "ip_binding": "127.0.0.1", + "port_number": "9205", + "protocol": "tcp" + } + ], + "environment": [ + "TZ=%TIMEZONE%", + "NEXTCLOUD_SERVER=https://%NC_DOMAIN%", + "NEXTCLOUD_AUTH_TOKEN=%NEXTCLOUD_EXPORTER_TOKEN%", + "NEXTCLOUD_LISTEN_ADDRESS=0.0.0.0:9205", + "NEXTCLOUD_TIMEOUT=5s" + ], + "ui_secret": "NEXTCLOUD_EXPORTER_CADDY_PASSWORD", + "secrets": [ + "NEXTCLOUD_EXPORTER_TOKEN", + "NEXTCLOUD_EXPORTER_CADDY_PASSWORD" + ], + "nextcloud_exec_commands": [ + "php /var/www/html/occ config:app:set serverinfo token --value %NEXTCLOUD_EXPORTER_TOKEN%" + ] + } + ] +} diff --git a/community-containers/nextcloud-exporter/readme.md b/community-containers/nextcloud-exporter/readme.md new file mode 100644 index 00000000..3efa6257 --- /dev/null +++ b/community-containers/nextcloud-exporter/readme.md @@ -0,0 +1,72 @@ +## Prometheus Nextcloud Exporter + +A Prometheus exporter that collects metrics from your Nextcloud instance for monitoring and alerting. + +### How to install + +See the [Community Containers documentation](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) for instructions on how to install this in your Nextcloud All-in-One setup. + +### Security & Access + +**Important:** This container is configured to bind only to `127.0.0.1` (localhost) for security reasons. Prometheus exporters typically don't include authentication, so direct network exposure is not recommended. + +#### Access Options + +1. **With Caddy Container (Recommended)**: If you also install the [Caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy), it will automatically configure secure HTTPS access to your metrics with authentication at `metrics.your-domain.com` + + **Getting Authentication Credentials**: + - **Username**: Always `metrics` + - **Password**: After deploying the nextcloud-exporter container, the automatically generated password will be displayed in the AIO interface. Look for it in the container section below the container name "Prometheus Nextcloud Exporter". + +2. **Custom Reverse Proxy**: Set up your own reverse proxy (nginx, Apache, etc.) to provide HTTPS and authentication. See configuration guides: + - [NGINX Authentication](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html) + [Reverse Proxy](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) + - [Apache Authentication](https://httpd.apache.org/docs/2.4/howto/auth.html) + [Reverse Proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html) + - [Traefik BasicAuth](https://doc.traefik.io/traefik/middlewares/http/basicauth/) + - [Prometheus Security Best Practices](https://prometheus.io/docs/operating/security/) + +3. **Direct Local Access**: Access metrics directly from the server at `http://127.0.0.1:9205/metrics` (no authentication) + +### What it monitors +- User activity (active users hourly, daily) +- File counts and storage usage +- System health and database size +- App statistics and update availability +- Nextcloud performance metrics + +### Prometheus Configuration + +For **local server access** (if Prometheus runs on the same server): +```yaml +scrape_configs: + - job_name: 'nextcloud' + scrape_interval: 90s + static_configs: + - targets: ['127.0.0.1:9205'] + metrics_path: /metrics + scheme: http +``` + +For **Caddy integration** (secure external access): +```yaml +scrape_configs: + - job_name: 'nextcloud' + scrape_interval: 90s + static_configs: + - targets: ['metrics.your-domain.com'] + metrics_path: / + scheme: https + basic_auth: + username: 'metrics' + password: 'your-generated-password' +``` + +### Visualization + +Compatible with Grafana for creating monitoring dashboards: +- Pre-built dashboard available: [Grafana Dashboard #20716](https://grafana.com/grafana/dashboards/20716-nextcloud/) + +### Repository +https://github.com/xperimental/nextcloud-exporter + +### Maintainer +https://github.com/grotax diff --git a/php/containers-schema.json b/php/containers-schema.json index cd746ebf..5ed57e34 100644 --- a/php/containers-schema.json +++ b/php/containers-schema.json @@ -81,7 +81,7 @@ "properties": { "ip_binding": { "type": "string", - "pattern": "^(%[A-Z_]+%)?$" + "pattern": "^((%[A-Z_]+%)|127\\.0\\.0\\.1)?$" }, "port_number": { "type": "string", From 2ec1a7173b379706fafaaa119e91eae31d68a976 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 12 Sep 2025 12:48:45 +0200 Subject: [PATCH 0561/1064] fix detail with initializing Nextcloud Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index fc047105..25d549e0 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -210,7 +210,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then fi # Copy over initial data from Nextcloud archive - for dir in config data themes; do + for dir in config data custom_apps themes; do if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/ fi From 150ed0840a288fdb8d03b57678cd9a46a6b9c93e Mon Sep 17 00:00:00 2001 From: Verhoeckx <64807887+Verhoeckx@users.noreply.github.com> Date: Fri, 12 Sep 2025 14:48:56 +0200 Subject: [PATCH 0562/1064] Added the section Removing the reverse proxy. (#6854) * Added the section Removing the reverse proxy. Signed-off-by: Verhoeckx Co-authored-by: Simon L. --- reverse-proxy.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/reverse-proxy.md b/reverse-proxy.md index e07a54c8..68d56e6c 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1048,3 +1048,22 @@ If something does not work, follow the steps below: 1. [Enable Hairpin NAT in your router](https://github.com/nextcloud/all-in-one/discussions/5849) or [set up a local DNS server and add a custom dns-record](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) that allows the server to reach itself locally 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance. 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything! + +## 8. Removing the reverse proxy +If you, at some point, want to remove the reverse proxy, here are some general steps: +1. Stop all running containers in the AIO Interface. +2. Stop and remove the mastercontainer. + ``` + sudo docker stop nextcloud-aio-mastercontainer + sudo docker rm nextcloud-aio-mastercontainer + ``` +3. Remove the software and configuration file that you used for the reverse proxy (see section 1). +4. Restart the mastercontainer with the [docker run command from the main readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) but add the two options: + ``` + --env APACHE_IP_BINDING=0.0.0.0 \ + --env APACHE_PORT=443 \ + ``` + Do this *before* the last line of the run command! + + *The first command ensures that the Apache container is listening on all available network interfaces and the second command configures it to listen to port 443.* +5. Restart all other containers in the AIO interface. From c241ff57fb1e7e00ddea44ae76fff63dc5207388 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 16 Sep 2025 10:49:57 +0200 Subject: [PATCH 0563/1064] adjust traefik docs Signed-off-by: Simon L. --- reverse-proxy.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 785e9ace..fa4ea563 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -678,6 +678,9 @@ The examples below define the dynamic configuration in YAML files. If you rather entryPoints: https: address: ":443" # Create an entrypoint called "https" that uses port 443 + transport: + respondingTimeouts: + readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links) # If you want to enable HTTP/3 support, uncomment the line below # http3: {} @@ -765,9 +768,9 @@ The examples below define the dynamic configuration in YAML files. If you rather entryPoints: https: address: ":443" # Create an entrypoint called "https" that uses port 443 - transport: - respondingTimeouts: - readTimeout: 30m # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links) + transport: + respondingTimeouts: + readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links) # If you want to enable HTTP/3 support, uncomment the line below # http3: {} From c6911a228d294522cff0da4cc70d4ec65a164076 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 16 Sep 2025 11:27:32 +0200 Subject: [PATCH 0564/1064] add LanguageTool for Collabora community container Signed-off-by: Simon L. --- .../languagetool/languagetool.json | 16 ++++++++++++++++ community-containers/languagetool/readme.md | 13 +++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 community-containers/languagetool/languagetool.json create mode 100644 community-containers/languagetool/readme.md diff --git a/community-containers/languagetool/languagetool.json b/community-containers/languagetool/languagetool.json new file mode 100644 index 00000000..03eb6b39 --- /dev/null +++ b/community-containers/languagetool/languagetool.json @@ -0,0 +1,16 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-languagetool", + "display_name": "LanguageTool for Collabora", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/languagetool", + "image": "erikvl87/languagetool", + "image_tag": "latest", + "internal_port": "8010", + "restart": "unless-stopped", + "environment": [ + "TZ=%TIMEZONE%" + ] + } + ] +} diff --git a/community-containers/languagetool/readme.md b/community-containers/languagetool/readme.md new file mode 100644 index 00000000..4c2ca98c --- /dev/null +++ b/community-containers/languagetool/readme.md @@ -0,0 +1,13 @@ +## LanguageTool for Collabora +This container bundles a LanguageTool for Collabora which adds spell checking functionality to Collabora. + +### Notes +- Make sure to have collabora enabled via the AIO interface +- After adding this container via the AIO Interface, while all containers are still stopped, you need to scroll down to the `Additional Collabora options` section and enter `--o:languagetool.enabled=true --o:languagetool.base_url=http://nextcloud-aio-languagetool:8010/v2`. +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack + +### Repository +https://github.com/Erikvl87/docker-languagetool + +### Maintainer +https://github.com/szaimen From fae93b685b6fda4ec3b8a7c3d0d82ad6fa838ce0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 16 Sep 2025 12:10:15 +0200 Subject: [PATCH 0565/1064] update AIO interface to allow to install the latest hub version Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- php/templates/containers.twig | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 8c45e5a6..678bbdc9 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -177,7 +177,7 @@ readonly class DockerController { } if (isset($request->getParsedBody()['install_latest_major'])) { - $installLatestMajor = 31; + $installLatestMajor = 32; } else { $installLatestMajor = ""; } diff --git a/php/templates/containers.twig b/php/templates/containers.twig index e686e3a8..f0a72883 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -36,7 +36,7 @@ {% set isBackupOrRestoreRunning = false %} {% set isApacheStarting = false %} {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #} - {% set newMajorVersion = '' %} + {% set newMajorVersionString = '25 Autumn' %} {% if is_backup_container_running == true %} {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %} @@ -290,10 +290,10 @@ {% else %} {% if is_mastercontainer_update_available == false %}

    Your containers are up-to-date.

    - {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %} + {% if newMajorVersionString != '' and isAnyRunning == true and isApacheStarting != true %}
    - Note about Nextcloud Hub {{ newMajorVersion - 21 }} -

    If you haven't upgraded to Nextcloud Hub {{ newMajorVersion - 21 }} yet and want to do that now, feel free to follow this documentation

    + Note about Nextcloud Hub {{ newMajorVersionString }} +

    If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to follow this documentation

    {% endif %} {% endif %} @@ -337,8 +337,8 @@
    - {% if newMajorVersion != '' %} -
    + {% if newMajorVersionString != '' %} +
    {% endif %}
    From c694177e277ea4ec1379c0cf779f4b3254fabb95 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 16 Sep 2025 13:32:20 +0200 Subject: [PATCH 0566/1064] aio-interface: add new background for hub 25 Autumn Signed-off-by: Simon L. --- php/public/img/jenna-kim-the-globe-dark.webp | Bin 180762 -> 0 bytes php/public/img/jenna-kim-the-globe.webp | Bin 98876 -> 0 bytes php/public/img/jo-myoung-hee-fluid-dark.webp | Bin 0 -> 97010 bytes php/public/img/jo-myoung-hee-fluid.webp | Bin 0 -> 101012 bytes php/public/style.css | 4 ++-- php/templates/layout.twig | 2 +- 6 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 php/public/img/jenna-kim-the-globe-dark.webp delete mode 100644 php/public/img/jenna-kim-the-globe.webp create mode 100644 php/public/img/jo-myoung-hee-fluid-dark.webp create mode 100644 php/public/img/jo-myoung-hee-fluid.webp diff --git a/php/public/img/jenna-kim-the-globe-dark.webp b/php/public/img/jenna-kim-the-globe-dark.webp deleted file mode 100644 index bd3b0dafa2cda761110a7f8e1827f57d94b14bf3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 180762 zcmeFYbxx^ZaS-Q5~@hsNC<8h3Yhhdup$GqZam?wyJG zZN%>UF%fl6RTOn9voiC|=gG`MSw>P4tp^N5Lqhbk`e$xUI1msJ6yWCr3B(QtL7r1GWvqjqCs4_1LI7 zj{10v{ui4f1m*jV(7$h;CQ}*z;=+G*ga0_s6g%eqI{2@*WU98!{}A*K2Z%cVwUzWs zUHkv_z5lt`JnMgdu742sZzo4lH!lB6=K#fy{&&Uxxt^zw??03Me_Q;YX}072e(=BB z|61UGE%3h<_#bP5kJB5%|4$*-Gy3b(e}K*ZgaalQx8DB~Z1~SW@}C3QKS~J>{b#uL zLc98Z&Uy4{zx_MRr3%yicaW=d^y|Om7XRTSCbhQxe+qPepX?;Knv45y(hfzbj!(EB4`|KH9eL-HT|Cu;q_`BSIMdEfuTYsm;i|0H%VMh&+AQOFA! z`+rS^{!7yGzZd)~3+VIOsSh3qX7B`|Y+r2=;%+R?IcRN|IDGfSPG6{g3tn9P;W4}~ zxG-sRhcLip;)*p|)ImLBO+RAJ$3Jy#)w|{D$SpYF4h5`Bh`%;~flM8tWP;LyAlt(T z62b+DqACyRt}^&+yX!OxrTKr{^nEA<2z^j>v>d&BGPJ(k_*lDm+UG4k<| zaJArFwefY02l;X1_2cY?@4R(L$mYZNRsU9K#oPBe`{TghyY=H{?&aiN)Wi1U>9p<{ z`nBq{GyCK5z3U_NgY1)@Tj%4acc*v!kA-vOF6fUByQ?>?s8azCniI){Z4ZsA|UpP`@Zc$Z~vwLc5Bx|>YGUl0;JJ8W&bM#Jeh zK6Ux%Q@~+Rf6fsNgu|e^wF`}JTB@_#@_~a^F@Ct%loey0Fz6li`*;$2ue6&zPP~3x#~CYD7QoL=Vku6M{^J<0<8Y+%m%c+*s^QW8saC^74$V&;1l~^C2q~ZF1;EH2 zm!l91_j30)SkBa4qfD_U!JvFnK{~~k;;xJ)-EIj)uZu`!1quy95rw#9wm0bZhk}0$ z^ee3v2T3TCa5LU}P3`z7=vpmnEf4tg>EY5hNI@xFK1{ym&qM#E69TlYLO1o#j9y76 z2sjillrS%1w;IdoIYOX*Q8jPK&K25?d1<0pf#F#6h_ik0IgCL#pYuNff6K)zYy$e{ z9${-}n3}}GYS9gb2#d4FHMAINc0^LIE04myU=SP!XITdsySG4{3_*Cf?`KhHP*A^GyQ4#X$U8I93U+ zdfipH)e~!Q z?a9x~oI*YZe@S|I__KTAGc+*;TSDf12Zqca!$0j~9o6`pm8nsk2d+UE30ACnb8`u5JrRp&AiO4HPJIfi;hGckX-Tk~b*w3* znVk{rp6*vF3@0xfYX*ZVDFULrb2KNc_%QB8Ki6f2i+%!QUc2#^c2u)c8(4arLO|}P z6nsdCSB2&xaNnTGnEj<>r6(lYbm(S>2vQ`fR|oL^KXIOSrg@2p@iYn8#1*Fxc1ARg z%G0pfG-+iKD0C|UKUN(;C8o8JfbFgtuJN9sRI}A}SAo2fXJawK`wCh7IY*Mx6X-5} zo?kXgb!Ov0hc3=RP=mo4AUPD9zZXBWX~g>95mPwlB@93FM%P_>AA@BQ5K7Jw?n8d z<4JE-!oh>t(eY?a$RfRB_j8}q-9A)XFTl8Pkp2gYX!z3&WiUrQpTb{@IJfKv9t@^h zq&o+;o8!?;348m?!}S#*T#hV0Yp5A(Eg&+%+3YwF4*lf}Lz5O~sgjth{pS>mco{ME z=V13S_IGoXYGF@+p^x2wi|IBDX_g57O{OZj>R@bX+(8#H{>)ZAJ1{VhQ2e^j_Q57Bg?mbm<8!NgnFyXKJPSWvL-)k%e8_;;y zg?5^EGY~$h_V-++8qT{U530eZ<{xD*^rd|bX6MuBPI^SmQZ;=82x%*}!#F3x%@Hju zM%bfVGzZ(=9xpWyhf-`9cBydlwoBK+c+CCfH#?cf;eN_Q_5aY0qzahT?u`GWHCvJF zD0_kxPMaGp3}Y^HOr?_n$^tbbY0&+b%aTC$5J!DSlN({dqIg;WDtsw7#B$;gSi)}6 zH}`nIwMA!5?R0hDsGAp?N75Gh(ni!LArg>e=T*ZK?E=wp_G}n|S2Hx6g|ps!G-6j+ zkBv@mFvUNx3QXqSGYm@q2AUYuO0BSe!fT9qaW_V>nx&m*b;^O}c%@zKK?f$8=qKoD z#Bv(Ne%G=Dl;;^B#r`BJ@RX>TK!l~&Ypn}#nY#?Yw`J}xs1#+oJa4)7U*E&h{^2n+VSsv3WKtcQUgr( zG_{n$jG6oqb43c7ywS_3U7sY*NV<`hIX~YcHcDdjEH{Dm#6inBFE`y)$V#}b2~I_5 zl0BDV@F#Cs_5eO-2^vS1*hCE7uBzECK4QP}vXPYX1tQy@PjIdCyWV&c@w;L=yxsYi!4^$&zPj4C$lu4QKuGi1^saMiP6d)1N~Yj2 z{?gK;VHf0X^F{g_wQ;XS=cZw~H)#YNz0?(u-%C&5LxTkANQqm&lDrT9{Dec*Y{cyx ze+T!PQw7*Zuu<42OvxFRCoZU~V8LOxT(`UghH3xlSdFJZ^&J7GHE%qd-S$xADLxoE z?A6X-Occ%T(k!He+`(UzXN`Wbegzm&Ue#mirGEm=5#1=@^~R}ozjxbRj^wb7dv!Vf zdr681(n!7yqUO-_2Bw#!G|1HlWWl&SeJ-q+wwW4HKRN?j;U&A|QWu=0L8Unco#z<^3BucV}pj;(`pjv$jf;B!DtA1 zURDniXP=xOgl(=sO{@NVMH2xj07;c35&};|o699xOX~IL2Hk3_ERISXH~wV6N;NTs zIz?4HF(2#giRpR!CNcQg45e(QpZq)VcN7mf&+GDN?;rP5>ZAHJn^_ijD=T=g2)xVU!r8CG+88rxKb( z{Tlk@lo{0OkC}kR6E=?K`eRTrNuYzFS*wK`LQz-l=*4_hy~_y54ow(_h-bECI*2`&RbG^#V(GqvNt~WBBZ5wjEB#gE=+Rljo&zRuOl^`sI@sC8!kDZ?h)+6 zsD%a*FKL8>PJ~yTLo3&t@^D!DL2P86| zc3JY$dqm}Kf{*_e2Gwmm2W8(%(Y8QlOjaHHoFnmUqu5JXpl~4(Av3%Y!TTKn6BK8F z8!p9Nb0D^q&Ox|0qa||>$hw~JNb=%=kp33~{A<@8GP<)LhY*8I#P5d!{Bpf?&EV`w zS}b8V3e*mmI-?IXh;7$NJWq8tB$tVHpQ8!=D!#XD+s~wse!(~~=4u(QS_4PImpf=i zrS0=mjJmlnGcha&H-RiI1#MJ@lI%1|somnqK=i;Wzb$HibCx^R%CmI1@!hp(H*>FJnGTW6osY;UJYcLhbNS{-ANo5v#*(qCcK#q0tM z{Ub9VYa}aJYl@+D=WGWE59iMXroDcLpUL+x>0QCB7Cv> zIPeocZR{FFCk7ywh#UHK*bO2YQyYU=LHF>q)Tj^o_0&hY^tUvqnB6!3;0=fw|9KFp z1wDW%=p6@OqYa-`wYMo|>|1$DKI}%=&}MIv=uX`qd;#(~;BN2Vzp7KZO9EZw1=4Y( z2qCn1tpiJLwzFy49zd5wxvU!n<_Ht-lG3;@i8bm+2~LysozNoml2wQTz=2sgC3+=4 z5Fj>r{~&b>tRhL8BOA-;K10;*lPst-ISHw@2^~Dm+N%*rxumO`u_+n|A~>G1uUo)a zAM;5)#E4FHCpSdrRJ?Hs zv=v<)1W67+$jRPtS&WjoWc;M62oP~JBG~pmN6&oTa@8E-4FF#^o$amNg%E8~S2!GK zPAwEC)-WTc+6p#RI6MODY?aHW2J>AucT*2zE8!$wW?X?COTGDH7iR}Ra_C=0EC+8s zbPPE`xv>!5VtgDSt9ZHXYQFjC#isq4-Mh__xfw=d>n%4Wo!E~FU3%|YoVNk$`7F}p zAO34jw*&j)q;S9lgmO|6yOkzZyWJdRQhwoQ+1+z24sNNSP?&D!%}Tfs&BFc^IcE90 z7gt#0UL{9VqD6czSD>mbK3`Y*XOEa90%kD%n=4}`UoklJpJqVxzM8FegQZ|yVUCcy zo+VwArmwg_qT;V4!bAm!xsthKuAcQqr<5_VDOwjjfIt%;BM>#DPH@*9sUA!h z5U05SOo)?W!D%CAXRg&2&Rt6?G(IR{m?x}lOHQ!KX5Jk(QF-p>Pnjt*MmCS@Hu%4J43lw!~4+$e*S!{f1nP7@UY4W4jJS|7)_(C~)3#{S; z8M%N}d4?HL+Dfy9ro4-3^U3Dq`5Y=m3R|I=q@JkY8a#V8mVd}m=FX!(BtwLsWpy9i zX)D1=nQsXAr>}NF)k8;H96eGSpsUn?jZzlx7Q&iY+)MffJ!hN&Mtyk1`Js)`CB+NP zp!K$)6c?oq;3QGTy4afF}RBRB|I_t%{ z+7ho1Z1C4*B|^f~FNK7AYXu`zLJyx?@=KYWt?wK}a9UE)qm!*^Ft4>JtFpenCsRPlp~-GOOBR5aLc3&x5HSo_J#BcER(u6};74q=CGk z;^>N8xN?DtmxY^_3CXZtB44Ooj3iW z`w(3DgkgG(>U0=}H$Ot9=D~$~i)m9EFiyaT4&=h#%T%5toTbIk)W3YKd!;NhSCx zNZTL(5utyF*CR69P5M|}UJ}X5VpX%*^9fvsDkU@Zv&5CKPZTm_jAuu1_|&=3lH&Pj zaRlzb3LQrjzguUtq*k4o28-|)U@;6&IhKU6o#J9Dq)PwP+kih#jMOQQd%EbXdhg>= zEyh@CDmluQTS!M(6xagPHtDZ8C!cfiz~<+rbT-eP-Z;defvn(^d6 z9&^3AwCBJ6tFJO#oHn}^va++zoUW|a8YoIXqPVsYa-J+7Y%wTJ6Ko-vkb}Wa5lQ($ z8^7!WZM&v4{$Pv7Axv?Q7bn#l9*&d56fP$+yz@o+$vXItwmXW z0hZvzQ3@=~IoI7+rAAU8mB~*OHfpRpqXOYUe4`^jAe;qhq>YMmAM2zV8QPG>e1hL- zyfX-wyT+5(PvcbocAoocC)5;SXtv59XL_~*q7JGWiZBUgI2W06ER~GmBxG4z zncxYG0@gNJ+payG7U3(W+MzS)g5(!f2NX+!y@s8?8=PneAlsnZJr!qS>I_CxiD3R+ zY$fg$pBDUZj)w?FJnCpU`*}WYK~Y@lygz`18*v3%i>NBrj-CB0{z8ddCh9Hj*l_t5 zy->I-{V($xux{=Oaxl!y#+2)fHk8!)p``>Ax9EGqrKHhDW7gf>*M#zwa#4YkwLOKd zNmRt#IqOiTK+W^}UzPPoCQ)4YZ5;vyT(H6NeUtHhg3 zA#9?NN*7OeKDLY!jI=1gVJmzl@w-vBBVc&+Suv7AmvtNkDo~}I=@hF{!GaWF zJg$Bd)l!gom8DEJ_DdK|98_$*A*CgyhnY)HJ|e_N^2^&RMrb@`&0zWy1p0771Cj7X z;S0Al28xIMa4+~554Dw@*xfMPLSBfLt>zFQIb2V$4*j|;nGY~F=PT6td0G-dvxc@7 zcWiJz)}>eVg)|!KTrcrcOUxZDK?+|(=DJxcGaHA2J6S8DE-9;S^W$dXlB<{2LM2-( z%}`Z3uDtAR2!QYRT;1nYuR9v=+kxxTH&DLHdsaSR3iU6xW5lVk^o|RJR}jpIEqN(6 z)9WX7MRKtTRagpH$v)p&|4wVTlU|(@r#h^^%(UXRag+OS8|9D0ls})6;;cq5y4ji4 zDQ;Tl2#e~Msj0ImkSUoraAE0I+abB<_#g>p7wWu@%1XpJ=+9W8mO~JfSoMPa5h9fV zgMrvE$)DoK2_&I_Y>GRRTanX3`|QaIfjY7C9W$1LT1qD0*CnHJ=JQs^0=o2IL>7{U zEmUJO)!yMroR)E%owe~q$V1BBV~^I-FR0-(lE#<)-frijy0m%q-Y70C?mlq8#cJQL zi}C~g>Zg;Cmb!j$2kH`X7G#hBM=&}yf$1bcZrpK31An!4vxA+ty|K!cyu(t_F`8zq z#JHKddNN0H!bl--L#~n`_U~5e8(NK%4}y<*FAi9cMvaPt9ih!ZKYeUY7rxsR8i#q> z93C>d))!1a_B^T}jm6Rz+&*J+CzM{H;y)i7_FQS0zVToCp6wCNn<1WjTQJn)WUkhh zBqSf!?;~f03^Y&Sjn4D3_QkvEkcW6(uSATz6PejVq*ym1R&ufF8a zU388aK92sR=OnPDr$U(gkSHNK;(*Vm1GV&n#Rci4Bsj#; zbWE%=RO@X?CGJq{{t_nLB9Zhx;cIK*b;_@h7>6R#+c0!ve1`}0w)c5*g=yK;^&Lq@ zs~k&~^b%m3dnoTHy(A)A1rONIEA)5<;Sc5)JCotjAKuN)d3jXP4DX;# zYpIEMBj0yyavF|HqSbK{=OjZ)=G)_XolPML3uq2YH6lc@D0^!PpB`QdLBB6Gi=E?{ z?#WZXzSW74-#Hjh$Y+YA$5Y~pjz4|6F&k@%4m#>ZUH;_@ut2Ly$NA07afo23L~yEC zu%1R(?DtaJlZqO*AOf}l5PD_B1lpyLfO|;=<)qZX+v9m~CQLv?SRunG#96gBXK}^0 zTLtCG;Apk2fQf{8Z#yEP1*O$eF{LQ9kMMwpd|)neY#6f-x24EnU5{`<)fj@rd|+Hf zDIYG2dM>{B16dlZv)Y4`fwM1HnX(8KS-z`v#CuNQndxky-p2x@vwXxkKw#mx!Q)EyeG}Vs5d7VFD&yG0%`!lvVW!;>M zKus}WSMO^}=G}ctqo}36>pVvF0LDRQTg#|$aZAO7KRsK+@d(lO((fd#HX)X<{6aFC zhWOv#QoCI-d@t1N+FGHdfz51L$1?fyg<|sxyw+MVB@a#}_nFp;_N*L1(I$>Dony5o9vDz^(9sYi07-9SA;&~y@pS!NCImE>x3sF_=Q^5$C z<{ZdeAR8504yfOfamN~g$>kDfiAalHfYm@u5}VAW(X37{1=dZXmm~v$mbkMi>L_?I z!R!8`fZTD{vw_LwSSXcA7HPS`EF)ir7&d(J^1~^{2X~{mIs2l};>J_G(+njk1#wa_ zX&Xe0vWp)RxKc@$R7C)umg3*L^w9p4V-RUq_gZ;;Uinr2W1Ki>FJ8kfbVAQHMV_l} zt}`;A;lU#r{^ECtdnc*Wmx|_81vqU^HByzc*KvC+*m`ue*{9uEr)GMiTcCSgz3Z0V zK}3083*Dh%N_(nk9%ScM>wEIaZ`S2R^o!2B1CM$7o+H^)sinFHwJe-L?(px+&mczJZ zeYQeGe@hWha`*hKf}MYc(|yNPbpnU1mcE;0QF}Vo*(vRPq#tH`SNlRln%*=F;?*wT_JOo@xu3 zOOA))3HR22mjs&@s-`@PwHzA{0V$>mgF(uD7fjUmW7C<~?2UJeI^_e{#db3%Lk=2S(eB{ z$wJ*}Cq-Jrc~a_{za^*9M|08g>UT6szG)GX&7nqtq}LgGGH6qU6ZPL# zkA_S7x()L!4?}a^L4^Bo67|Fv>2(O#M27$r3IBT#ccjs(_2Jen5fKMiDsN z6;hXcs-%_*DOxX8JOTzQyX>StI^Ek|>eP2A*PwAZ`%0H^BN)SZ_LcI)bMnlQ6pyfI zzKoP68&n)3jHIumIY%*G3=n?bK)W-=fA$E2*A)Nw^)2rH<>6{z#NItf(Cq6E$zu(H zCNB>iG*^R#m+tFg z^E=4U?+&;O4N;0#9y{qCYoLU#?)LXuw_~@Qd{snoE)kp~4xAP#KFlbZO3kk8@1N&4HT`Rj^4JLI77v%S-#y+pi*|V%UpY(W1bwHt~E-L})i9KOW z&?@&Y#*q|YYlDwA8Dz7@W~AN6HX6bQFum3?R2WUJnem8<|0~(sxLS1>0j(G7-GAuw zx!A*v>E>u8oio6KYwnbF+*-9i%?Z+RdrN#=Ob<)!Cof;X`hZ=eS}d{1D~|dFFY%Zy zo4tE&03u1tJo~^(PLmwbpD_i@`@;3imjl_QUV(U`F6r$b-!5NXarn>c2a5T{R?4Al zhz{AL`iVa^v1s=PEAUK1o+K7nP$a7$0rds0BBB@-Bw7X-z#UZrrVJT+6|(7TVFrBa z7R3HQBj^uOke}4BULuFol{O8|%RZ(a5nol1MpMNw5`pcbzW0O1%R6|@S*RS0kqp=6 zE%A37i||}qCB%DoP4|?@C3T08Jmjx@mkg%vktoX&em3+v-a+Ot7hPFLDRCjq342v^J)@EFfNC)IYl7oU6l}XF&z&qyoxupqU&`Sq=GV z0IG^Y=R>cAc1w7oJ)f-nx==}+?$yc)_r&vSU&{HAOT|LXDbvK|8O{;>2IiD}7zR0* zR$ja39hI|fUvw_ix003LBWwgu%$5=u-RV^xz-%-L2@u;q+*6LC?=BoPowSiCNJjU% zX`wy#4mDR<2${hV_wOxH>e_}j4A*mFzERB!`!bkYjA(y4q)eWRsWLw1n)>`%z%u&*mUu#}-xM>y<5+>e2k+=Ndv?=lm4ittG|8;0uP z7DFS_jL5n9sEc5GvdZzW0DdmkQmk-MhheORz@$yl1ign6vY7lOi+P0x6{K5C zh4yZw?5oNZDQtyl@5)cvFmC;?!LDpguyYrZJ!^T$5*Or8PD=q-x)hwtAdp*+KYHJ| zyUa{Y7`OiTc{RM+hOg>AdKUZ0XY>~**(E0>bG|qcT9Tk8c-kXc05m*0`BG1U7~nge z$yX9I_*60F;v%DCquTGJc=OA4=O{3uuFU3h3h#^CvH+Fi1pyU=ZX2SM*+;aKea9*A z=U%!s&LR!E_pke|KBgvs%>;DoRbr%F?$0i`ay@WvbE1Lx1(3-(XHw)k6Oaqqu3>I% zv6%%1_$;m?YM%6NNRRE@M$_mL*SfcE7)WDLMf8xfV=T|ZA8NiBH7KeR=Q#;)FEWt{ zgv&4hdjfSJZ_CyW9sc#xs&mOC!DPUX5wA3IT6-r4C#`nfGS1`@S$vXY-GE&W;Bn^i zbp}$|3uzzBK+n8|D8Of0ww6(KIkWwZk9$u=&BzN~5BYi~G>*(ADPjw`Ny_I5K<6w_&A zPq2um)w{MfU<)8b7i&=-ry%+0Oh)pc4Q<0WnxhY|ZuXV)%1_JGNZIOWI)~bj8;{f{ zGwCu>S|y8zvRi;uT5Dgqs}?7c=*X_(=-R#lF3%eZh6^ksmf(5j4sy!S6Fy~i2Wo9@ z0j9r(JG{rKOr$+Uer+OABV$3ZO~}hou(*fC#tIqEssmY~DWDS-Ry-Y3B_ZitNd3F^ z9zG%e;e8EO?DsenDXA%EgG2X6fa*h_zdjaYd~)j=(dwD&dokWys_H;S?|OxHor1S> zMs-_d3-qb}JCTaLqGss)4@@w%g&Oa*h@sISD*BgC#yBeJ_;5)*r=PGjb>uZF)kEIk z*$-KoyiI2uoN|37e}?F(F@P~Z#=nBvGoWGw{$pzVd?o0xe!91EGj3Fti^B&U08IO# zDs+KE9f7k2pKoy29Ggo(CeYscvQ~2}c@)8!Arev7cGr5WcrGF(ed)iVkhHIU;bW}R z6BijvXD)Gf?46=mXj$9&epTx{)`_a}Bk!}^0G~^M_*@>RrqWUbqO*7H4%eBG58DJw z*NP8HFL$dB%zWLN6zkg=A)Ix$y@Sx+i5JexzsU9%&%{B@~DN_Hc}W?Vh($5mybjQJ+0kB-t7qDFW^ycwKWz&g^{MZ&O9 zSFnQ!6O{A8O9s$EbErWfRN;sRx_Ay|vRw?qJ% zl=LRm%mr!GX@fBI{H}c*!gY?2l#BE}qc1y5FiV^Q82-^UfVNzob5yZ?)53te82JO4 zVxz$mwqweVDq>-*6pvjhToQLD+lT&y-SRZ^K(&jcnxTf_#zIh#u-40p=CT z;Zc`Qu^;8Syxke^4T0-Nwu7s}DX|X(bC-}CY}B--Sz$;m14~U?>tYtRFO>rN1j`}Q zl6@nz>AMNEhXBt#LBziLO1%hgeD+zg${@G#T&Q6JMs8e4i|KOmSnWltN;_C8%)`hrdA$|x8*G=53dgDNbTrx^_@A#Z* zpeOIqwGr8|8^lU_NZ};a_N{t420kN5xxbLg8>FRWv!sA7{}^>2&`!k~+TxMxg^RFh zF|43r#+a0rN+Jin<;3oDd)YWj@Tt5HvUqSuYxS%IAg(2SlNV(8qM5H1Yeu?7&+^^} zONeIZtMq12Y?M&072+w(tfZt{WVuRcXg?*jq{pEw{j4>+I1WjK9~f}!5HdWd)8J45 z_Jv7?&E{_Fp0EX7jX=dW*914xPt({KWXMR9MCeehITpRyN3J%}=8N!WM$uHSrZp|e z(DWDn7*paa8C;JMa+8FeXg}7w$1wi#y*u*3l4HVV)a%`c^Op6`6&|(1V9hF6fymT| z#&LD67zi-M#V$W}Vp*J6GU`WCc0x$cRePeGPMoIgzyIRn<63+|?e~s6&n-8=q2;<# zLXKBbA`-0qH0DT1V-Ik7)<900iW#t34-cDyS zZw!%DAB4FL(|PFMQ-~aWPA4r+KV^bhMe82wRv`2=;$obPLH9EKlZkQNit2j@I%U^J zoaTJ43*X{+&9Ws`%+YxLp36nazUE*yRGYJMHV+|axtVDgP8;a0Fu4*YR^irCB-%&T zpVvALl3GGJ>v6-ka|sw17lUUvwma*eVxWV*owznCEf>8|;{yTw{}O* z;Z=iFHe9=pfL+VU2UTi>A3Qirfl^9SPJsNp&RS0uYqux&b zsgO2tOvqf%TA;q{s$*>pa_vV1P^Hr$opwf3x8|W83`39pV)0s6dDMwC>+DxZ;dqEE z;aW)@b0*W7$XSTOXkv|oLx9cq1=`AFz{R}`OMlKpX%ZE*wfUe+pWcbGiliua$$AfF zeDPXPpi2d5u~(xw*c8B5S;8JwOTG1YtSP7F+>xjB!_ig+agOlek@IxAj5L_y2M6)M z6PL#6rIg*?G2oiq9`6(mmA|nV>Z;zl1Qbd!^!G`45qkqjbIY9s0KIAcif4C5ntj$n z)8(|H`34ePYk##Xm35%CRZ{JDX*2f`if% zkGV|I=nivggZ1ACLeXTqv2l=Lwb}jVuuP~rI;zw|)5Ecse0$kq@pCSWk$@6|V<1}t zZj$(&qj@g!5Pe>2avjTm(}bYX+9sR&gd##^hY+nXXCw8>yX+Bdw#VF0Jp82xrzY?aTZV=f@Vt0z zEcZ0L1k-LX09))(rWEH_j|!6@TW6s~NYvkVss|P|j@NQ*cwyTY^2Wr!mDe2CIi2qa z(`QxoQZOpoSx0*}+j|P+`=2mWdX(K9{aXC#VJc~3L7*bY12Vd%M##KYV$zrEKfJ@5 z4iFxK*p$|s1%{KckCaOfyoG2e{D|0549vX>aB_zEFNBWL1n40?D8!3b`Q<_U3%}dS zJ76HNGDs+Wl87slQEv<~SrD&y?DK6040w`oevQ;#@Igfi)rEe{I6xaA5dcvzy`nrR zMPcqNQ5#gqex@R#A`aj-&_Ik_p?$Xq^Dr|db}DyPzxv54*waWI(2WlA!YX}PfuU8i zu>@GGaCgg_jZiedOsBo1LTod%v2*RIL>HE~m-4STX7DFbn4Ly_dC0V<;6ZNM{KA%z z*mi9o0;S?x5y19gMRXg5wzpZh;Vqn zd3WysT6qh_3~U&eEb5aOoRbdPl8KuHVGO>Iz(JT`0tdjqpwmvhcu_d9h`?q~?1VQW zVFwG=;%g%f-m1U2Zq^UDsh^TdHWB9D)V}JKy_Ek-4p%`GI%JPbqIlI$HSY!R1;>7e zAyI_v@}z}@XN4VIfob2@sKzc`DD7tz_FmS=tf??@I1l9060|3AKqKJ5ezD~;a0)$*FZ&D=u#8mTL!}6%nhH1cFkY zrxFhipeSow8!(aZ?vqF4)j>!MJ`e;p5ivPN*~0ptTldhUOlPkZyU&T?1 zK~#GYMX&{FNl<1K&6znjT@H1?ah}p45UAM)WT1Q-P4+U|ec$(dblN&>`MWx7vn;rW zUFInjYOm$@$(yj(PX^YP)fLr#KXcB^SOg*zvM!{0!@21gO*p8ac`fJ^{A5;`1BLO# zWH3i1+3F6=LToeA2^J8~IjQEz2PH1X4K`a*V1RzmBm*i0R4XU zVdmuJ!k9#pc?yT@T8#Jmx5Al;Cz9W$aM$x~z)@2{r<9+%9MQC%H9q^v2aX zU&h@mG32LgD78K?_W;Rct8q0gvARV(vMBy<>~2J13by)DYAD4CQonoGY%GhiZ;r@a z=AmaHRinx&$NWx^V)grPibQ+Sq(gwOsxZN@&0DLC6Tn(oDpt{!Z zJYaf<(62yoMC0)!7b+Qkt_|J>izkcS9WA`KDR}M@fn!)I)3@ouR8TlpIGyp3C<@I+ z)%$VO0C_=~wWuWXUfguSWjVTUwaQSnQN*{pe{Y*^ua!JSESWE)7k;;|iwrs1;M`e*J@!4)_MJ z;c|8j3aWbB4pe_J@7}yHPhPD3Ao_K6r@=eKdE{oKjl8%(d6E^_0qmql!O8+qFpbX_ z=C2f(NTezSmUJT8h6R1DSrw(|Fc!B0y~XoeZU|WOb5NOWb(5{NUz5fT>XIGg%WREK zR7{8`Q5tOM*o^B57UPP#R#KwJpUl^Yl`*0jL7}q_LM7dX;L_1smTHDx+?8Cka1zw_^3TIs z9W>WIqHtJu2zeOBJ3Z)_UKJ^AJ-4hoQ)BHQ$~S(vLkB$UOcPVgbpC)HFZVvh>uvNN zy3xsU7U1Oh$S_W4TJ3r0JBpZ#>Y>S7U;(9IJ2`I}B$VP<+w|Y^fI3J<<5N$6Slv;Spi2D5HV3=i!_IjrQAM_iktc;AjF+r;c zy_^hj{~0n9-%!mLP<6W$?u<7v($fKFIDfH$>m~xTL7YJB?`mVK3W6LPIHx2x4vBhP zLS;`eo;d7)C*=B7gO^B2%U{rCq{$hM3`dUgR&HTj$>zC7Hqmhr(C6m%F;uwa5_*g@ zOyiJe_%`~ko51pEv6f^lu$FD8wT+A7RbAO3^~dP>>&#kRpeq&ED0{hwz%$;(Vdt3e zz-I?x6Q>Zto6=ss+_~(#t5oeRj>ks9{%Hgp1mO@ein`=!8+CNw6TOgeH@k@v4w0qYX@kC7YDS>Pp9@ieWSlHHH_<1~xPLU}7 zm{dsN33asnX1W-kCt~?Srv2U=id6M;uawxSooM8UCbn*mP?~|dGG|V-WEnWIV9KU5 z+vZxw;ak!RM|mkPLsgR$y>Lh`y(ombM`S!HNZbC9$DMj zvkOH#G>%O!tE|_M#N4S~4DxPW%HEAF=R$LXl&-P`ahev7DT}iH?s^4i6sSPh`_WGT z16x0?06Uxj(G*D-T}~vgEAHTwgqF%JUV%Kt4G;an_!uGMZFL!F`#ko`^Mw`rQM}4; z8C1=;HHneELI_38UDYvqlyV&~A68Nswy(0;U5)qqoWRV;Ex|G1u!KlZddNb>g**Ih ze7-9QKH1h~!eeZOXxt(9GrYm3zx8n;sbocJTF73sYR||(>_D2^j@w$}@rjM*%XbU= z`%bUnC$tVv5Or77OiCAgrXvc7x3sgqa7%|!cl25fii5N01k^Hfv+m;@AK{WGoRtHd~392<=uyO=ANveBE{P((q|YYxIpY4^RG>x z-1@@gXh&4o!0*523@U0-q^a9~6?W9!Te(D+6zFZEZ{rz~A;%u((rL~T$@40w7=zm2 z_$DwyOrA?|D&Xo8|L{X%11oyE|2Oj34J{c!qXrM)1iq$f$q)(q?~ zUi1+f3_ZayyqosljW9PNpWTO5MH7FT%B!4F{QPz#{JDL0_rp)?o5wYB3Tv4th`~~X zmPn8oG*R@vl(jWo#b7QJu?)fiu^my+8>(99dWy?D_q$yFw%ji^p(yk~--?O#=2^cg zq>vsX$05@*j}r@&v!Pzjj_GV${hAl6G&|-zjx~xq4H6n!gJWXpV<}L0BJQxKhce?# z(xIVXX_=~Im4Vh(tW>}nw)5ous>l3C6iXi{ZD)PV$r*)2;q{JatqY~lO!P&ShMTn@ znk-CxY?nV3#BYCPVMFO6ID2zF|E{oA7_(@(<1S99xUeJd99P%j%ZyQmJrGb$s;1&b zyc#9N3)OCADt%%Il|t7NW7Gq+4ixs9ui*0LPD3U7Ru}9vHD24IeIqX+&3K0-Tnq0VRdX1fETMwfT6D=sN2NWL3wGP2Ie)2rk-5np5sL5wR8pa+ zr&pl)4JI*hrIs)wy8C~MP7O&+Xgm7g!5xXjN>Y7X8HOWo|27*gp(iPh509Zh$zZ}l0mRt&>guLdq ziXMg9u3d6ChqJ=3f2E)n3oV8LoJlFa)6UB!%OFRIgIPg|O$Fk8h!V(uRrpE86_ZIo zzP(&fvCYJxY84J6=?N)s2)lH5Bw5(71Rk}l-ZC1yBD@=`_Wt-PI;U^PPpwwWhNf`o z(|c%qr#q{kQ0#e+*T9G2x3^Plb{l^^L!UVLk89MtbqsuI0^>`1=!AEQ)Ogb9yFY0F zqk4j-zTwxg@0bbyTU56`^wgNz;te11!B4GHmHpd|aBI3kTACyIK#NNJ+nZdG7O4jSi zh%Xn(q9!WLa}s_zSnvNB;h*rLeCYCejMJB$%@)tMAn)#%5H8rCxuZ~?IFzf9lvCg6 z?3qg88c(eP+Hw%t-|a$%50ov&WlEdw^~n9-g*ya*glnqb@{Y-kv0MJkDx^|?ctx`j zKoX69Xf_|Whd+p9(cTa3n4h2$*^|-#=+*JiL@Z`UQ)?=8`)_z>E~XuoLf~#FW49!) znS@#j`(X@)ehMJI(}A!Ged(>aS+r z<2w$!AW^Fc>i*7;Xo2uEa|dQyS^*K1dB+bj(hZb%$dAcq`oZjtVUkdptD=@Q*1lw0?k`^m8B)4VZ>t&ZaN| zL-9*78Q3Bnfto|_hD^r*)au656GA5+@;S6+PPL&Zi_C#!ZDHG~unk&izG}4Yab`4? zL`K#cQ6S!OsH>LFr^c_@AZ=0LAY&~v5aEb8;CCb}O>Tp598sh{vD~P~3-M%K>X7=^ z0YBuwZn#@^>TP{aH4@k%20mrN1R}+#%t7zKyq+$#SJ97(8gfb4Tx0E_#IevJL@;o^ zBatA;1Ty}AbFPF6Te)Qxt^fq9Lb+DD(QsDh9m{8~L(7Y9nLF4moaKo5d9J|(B!n7{ zzS1W-`sn-bbI^yxpC??JZ+B?6Y34r8L!IXXkrPZQhYH2@@ne$2a~j!*33l+2n0AvX zS1z9%`#i0=4N5ey0IIy&IHJ?7J-A18@kOJYsoidc_v*$QD;lSa+q7q5gg#OtzUYK{ zJcoAqD%CRtc#SJ*%D%EI3ZpRkqsg$+GU+o^(QB;FRFA_y8>Ce=NlnXNsus+!WIyrs zFz)aMA%31W^$ePf$ecU5opBzG(efv1DHVaj?O;S{hUim4&qBPw1)P`K>sjdF9SMW(^<zwy?<^|cD5uJ&t3N`1h>$B{FW^FX$3d?bzmnmF7=om(_pPYJ2fs*U%rBE+!Q z4qz+_(~;7VdWfcDkeT_ZFB_WR(#9k~rAQcBIAWJo#Jf>YDsX)5Y$uD%D4D$BIN(`B zmJaw-j0wnka~i3UU;gStwl$B+lJX6H`T?Q7TZ5s02juUaUj^$J>wq5Q?YyPs+2Go= zZ^BBZ*q;&uo_WDzPeLdh`jDiZjOh^<3?n0^a!PGJZ6p{RxW0MVznPTx%`H>|JAU$e zJG+|zbr@?{@5om2eah`1Pd9<)b+S~l z8wna$B1ZFU;CGSCuaTEkpgwlxgf_jH0w&P|!1jAl6zC@w{Z!3Kg8*jfCHGCXQ3J~~l=NVCpmBHM+0 z1Bjv`>gZJpLb`=cGsMpznKhLc3r$wDA}8V|-QzJ<+s8ad>ScG5y)S@(l)5e-ro!GRm$fY&fgFm;kh{Ym3!h~60lRAVtUZ81o&sV zd~8-EiX5Ujtv(Zq8wTPyO+9hjk|e9~duN$U=x1c>6E#MwPO?78IUCj?zb_fEntmu;Z+W%wVdDEa*T~rOQzp?2d!}@_LIupVm31 zB8V4miy1B(d~!svLRJ-`!2K_zS)D%<=9Lp1+1h6C9`k8bQ}gT59~6rJWfy%j_cIXEE~x`f> zNCIBYf4uZ%rox0Hc0JBj_Rk=fRn9s3*4BIg8;s2#yx(-Dph*o9 zpTN0S6B4Y_Z+7nWzSn1Q&Nl47!P6k1=<96SD?k8*)AYZWd%v}F#T_x3xRVmQ)Zx0Z zglQZFwKPDk7LzzNXuy1NQ&!b!0@TzN^{X?ZAs6=hfDWu~V@HNP{| zna*fTx}9m6`;N<~p?wo1szQ)BOmJjNBpm$~c+4J-wf4_%Kr&%=?g~#_S*Psey_A)^ z&cNotb8*5NZ#F~pL$3DYb7HWvFj?<>f1Y();uWFL+(K%mQ%;d)dzh|68o<$%yKEq8827@T! zdBkcsK%Jr3|8eE25R(rtcibz(x&rvQONV?NQe77TK7KJc+Ocqu;GePY`fwGdxDeMt z${=odWrZi&gxH>RtbJ4uZdGR|?mJCq^&5Eq+!Vu*bv$gF(%CaLX(gh^@&Lru;^%BBJ&~={@YFqx-5SOuk+j1 zOZ|B~ykgrW^KW^}`{ zrc9$i=YCtgG11KT_xLlc)XA2P0G)rIC?i=B8qkAtF-5eA@(m4lh`5^+N+`kHK*Z6R zx^S6tcJ)2`IIR2vEZL|-cjJbZ&Kte6BTo>m@eiUa4?f^COas~36Jw-hVX(&V;G`OF zs!ibTjLN*tM|>^P%?Yl{|ISZuXzo*Bh3EKzC01l=1U<~PEX^8`%+|cPv&n@*Olz@n zvxG6k_SAkC-JFll?_&ewt8;8_a!=9jkJd1<&4ju->uA3t(7WIr^NBz-Ynejj>|}Z8 z>4Qd=m&+K(hB@L7SeflfUJ4Q_;cuBlsOU z_rtw4wa34|fviHCJ952=(9P0}`?g|#a{8%RBIXt8E}ydKtH%q4G#8I>%D+Vcv?U@< zV;As3rD{h1yz6E)>kMTwr~%utbCr%{;Nv_c5;sb_zPP9sNVcQ%)CMs5g;QiKGY@Wz zFb|dEF4~I1)n1eQibRcJ&HH zurdVkW8LSGYk}~`xZ+uFxZ5c6M!WSMb>e%y@R8q_a!}`sWJ-?L&A{#!I%h(>O-Ju$ zrc3j*=vD*;B!#&4^j$nRN!948ujw=US+X$S-^0j#o%*&veOe+L62$r#khlN)tX)25n_CEFF>`o`C#4&74OD zH6#)a$Tm?bCQ{42c@C3~sI|%aa%Rw&?R-2tCCuH(FJPFT8&ncbKl8+DuNstS7}pk$ zC?pM~XlKjX&R-ECgFQrTt->#-bYbL0g>uQQ(DS3;ns-k+adkd5jBBId{_FWDY;d2u zyMV(F-{6J)k;2zsoJ!4JG8fh!$A}w^!RNV&Z>G{-L%Md1d z;kzcPnzgO!K|}2F+4L-XCN|b9;36r9qKvkQp1@UrGT=tKu@MivnAp zH~I9d0J&FPB*ZtSZIFJc57S3eo)lK zacuk|f9GluaP%*d9pQ(|jB4)N4u?=mc6pa`_#7v7)Wm;jd_5R?@t*QdNV3q|0#MnuzLJ_iVTRr0ul_B`@?9zNLd70r_OaaZvn#Ymrm||lkJPu@5>14Z5&HUTb?Z} z+4i!ZVgF*c16BdQ57v?Z*KO^sqc4w5XPlV)=Zq3To*L0T_7rG8dqsUEH9FuRd2xw} zeQam7Py28ki^fLqDLK4Bm1hjZS|GHYw2P#!#j<5zA{KCoh%}j6VVeK=FIL(S>_%HxFnn7^nCtGw+wdp^T=rbT6zAHMgBq$!H377iih zkj2fcZvi%W3~w&G{nc4`0%bVF@mU0$5R`;yqnO^i-)F%-cVw;Un(>RmpOJ>VII5|A zqT+LA8=%*@e^AO~HY~m5Rx*O8xARCoTMk+W^)(mB*_X;zL<`-3Gs?m$o+39uA2PYg zN@uX6$s~@lz`qNH`j+>{?b${}+VCHQApkr^m>NQ0Zx=Zn8x?mSw2gV6nWh_O`Zt7r z$}~g+5Da;xE$`PZJL5+V?b^GuyEM9_{hoo<2znxly(3oqo{}Rd!b1IBmCKNU@jKD z64?yBet_V=)68bErTdtFBnmG)85AAOw?c-Y_&5~3I8NGP9hEd#PYIv7M8m8Kae14Q z{nftYxykz=qH!$)4i>t)jxlvSi0-BC851W3;|}N-+OIy}YH@2jh@#QK69in~LN<~N z5>}Z3Kgx)djk%0P?czx9Mx6$milr6-?7R=0$SZQ+XU(}6oGU;h7}&S043)P2RHzt9 zul(nt5z&#S^^J|xPCmBh6d_7x)|J{SbV>CSB*%`HI?2}X4%k+(K!Q_)l5m|Aaw|u-0Tk(f~I@}0i0Y+#{i?mA#}CC+{cJJ`cpaGF+-+Z+p)DEJmu%sE7V%2 zB^^iXVW9G8l%+fUHSCbt&sC_(l$nX#Rf6+WoT)1u0S0-=+(yvK{oYWejGS@zvz=Vi znY3#m2onaBI%_J!RqU{TGtT8w!NZKV*9Gentog`qGRv|dGg5sO0j0EQ9(u_6iU+ruv*|=IM^oO`h@S3V8M&F zn!nmlmWh<#)<9Vq4!nzwr2TU|OD!M2e6Mu0`2ocbFUq#NbNA>Tt1jXJL={@DQ{y9- zuLhm+$)8|I3^z(-G=u2X^|e6TGI0*D?MHHU4LoHTV~t@ib(@|TD(+(4#`Tk#faMtu zzDIlV;mGYe?T{{gI{SFo*K{-|F8MOFog1O2NF<@lsmCzxyLNN1`h-xjA1)FjRmZuq zp-Km#s54SEuJU%0;;Cu!WaQU|0`e|T;`8?d0=PFZH0@no@QG-c#BY=@r~FdjNmJ=$ zd6^HfmwRRnn>8i$CPzEsT~YcgFyv9s@V+0!+QJ{-^a z5B*RSNJdZY+<8ja^V@Fj0H!UYj1HlhS_C}+>I93Mpsr1c^-!xnLqMIhT*gM2&pe3dVEg(ylA8rN<2jE z1P(?D+GjTaNdTt)){{$5L2kcv(?gVc?Q^#jsYSEcv$bM_(?t+^`_FjjlTwdAqVTXo z>0>VsN_Lm-&LWh%7p8|k#H zD0&tdU#rpqK3a`jB+nD2qP)165vc?`nY1EC499B~oYryL_ZyjtrBq2Pn@z-3Ri z5NlZPzF9jjZR9Z*k0;BI5}|`!>9`KEZ#_HodYgiVj{D3GqRT>`o`bzym!*P|y;U(bG&9s$Hj|~A z#O6Tp1`jB_QN5m9-7l>~WC&vlX{c|dZ8w8qSzhz5)~Jo8l6Dob z;R15)DM_jv^;UI&n@JTAp~Rl_u7~v1ldZnb_ABeb)YhbG)m@M=DGVo^`41Dc)$=HS zYx$Y;vYkT>|6q!`9sypoNxRN|uVd(Tn`D%v?c4&$xhJAKneF9eVQrN^Mo7Kgc(1xO zd*!vLaBS*3eC%Q|V}&aTJrW#3UMEIIz9pW*Dtm?>2L_kI@SVPCt-xY@a0ye5^T{O2 z+7mP)FT&hxN}yZ6xb0+W`O2NL{l|7;K5TWiNKl;1E=t>C%n~*t5>bq<0m9znEr+?=^YX+!>&c?BBc4xZCgBo4HtyOTJ@cYJnZ;EH}z)Kz}m?yKziWT$q;PY%G$8^?iru7{;A1Q(>&#fLZ$D#Y0K;^93!K)2D zUBIZ7-DTb8{7TNz#e08QQy^{IOR?! z?y8vC{dPK%Qj~RhmnCH527t-@T6ocR2SkHLb6UIjpG~10f^kz+1Z7h5Rc8&=g#UMG z;(dol#l<4skaxu47M*}WN4x+kl_mNcG}?}>w*)t*M){%Wb=oEnYo*B5=CJ?>uC)Pd zu_X~?-YcclL|NK-Q*S23k(4E)vs~p@)?~5@J{)QCN=Q5Y%a3moZ99ys`nDj`aW!cr zwn+7v!Sebt#&@LJ(bGD27Igd`-agP-r7}WeOcW`HxM;JhO{Dg4V10)F-y{T2&%wSV z#A}NdygxpVYqPp<^)z(TkmRG}2D?k}c;CEWY2!f7{WbO{;{l}gFjBe>7J3xpS>`?c zW!t9QgtjcO!%=6Iy1V$&uGlbcaV55KUyjuh~RBKAig zXZ{PFxdj=3;-mUo_k=E>42VRC5D|yin{@OI!;;aed->!Rf;PV-8Im_Jvx(!uDJ|AS z#*D*3V^nNy6}_G=wO-)F*c=l;5=A4mp{B8q74{k4=0Tzk)2xknlS5-nG#nXx>Xj{^ zP7xbk2YOH`JRy;h2owV682i@DtFq`1arst$c~Y@HAuLry@(H=xLWoBm6up>krT4CM zD|YhR=G-{~2Oa_*+FxU(>ykf9Stn-;RAjC?jOdD+=t%@NJ(8v_^F;CdA28R2udCkA znS8}78mORLilGG5V~J5GEXjc|u}5~DGtOde+mv64Bm@vj<^+QGx>%qxQl$OmV{0`1 zcL~`hS{`VC<43+~%NG|vRR<9WSIWLjs8%@lsi7B+(Qhrg3W#_#8@0&FF^_lxB&wJl z*@o_9W+60Z&tkgCG)WQ0{0l;93$ZgsEdhVn5bBH!*dC=%022=Fq*5FZtFo=O zyt+Nz#JinYQU1v)&_INUFMhQJhg>7BeMgqZp06zHf-6Kt9m$cXXBO~%whI0U`^Rm; z`CV>w9V4QYQs)4`cBk>bTv>DTkxiFDX8%&0IDz%!_)m6=@PFL^yM3vIuGl5vZ80oS z+ryhb>!38vnuwrEn_O`j!_w-3AgnMVX+RzqI|n z;~p~>sJ923`C*u}K<u)b9Pfc_-w^szux%G zVqCvJD+_1ewq+J{tS$eo{5vTXy_3KjVaOd6y));~evec3tO9=FjR4i1oHQa@@~&? z7u&42A~`}`>vy-{H(R6hith*bZ9s=8_7vzN=af8aJuB*I^+O~RUE^2`w@LTkjdI2kDv&Ksa2d|ibO2W~6`4)mEyA3T_zhK3E?EbHIAU61oN);1p9!3wN-`dT?>LrB)v^jUs|_;t|{6lBUyJrT%(ufD74m{MoL^3N8z^z~=GRg?w@vMf%& zWt0~)`&q;>2${Pf2Uowb-ztB)e&Hq%7ncGUSs?o+G3QiGn&7x^P2Xp)-R$x|mjLgG?1!HX zXujY3zx&PUtu(1_Eo_7q;Txp(obzIXUMMbArsznOd72Dd-yPr~s~yU4{%0cBORai{ zL+!Xz;kA>TU29*I&vTm(gUSZ9QH;&we^ocR{l*VDg|k3#L0bM#sJqKQW4;(-rSs!S zk78KsBhCfbd0p(~Z2#$n8SPyV`-+Ge{{t`p5qsEI0EXvmj;YL7cr0q{^fe(R^&Aq~ zMdF3P5J-#cDcW>?t}>;C&!1G7gn_VUw@+E7HX@X*0mqwXLctNLB-*GR5D0v>mITe- zY%%z)WDAb7VB=e37=rOx+lvv>)h97udrsH6bf-F2=vx(>EPVrL$Zn|`Lb%%VvveDS z_g<96u-)Zz=LFE8^N%U;+?on23kfyhYk@C5!#eJ+FZT}33R^~j@HR#5^bHBB#?4Nw zr1{M_Ba8<@gsb&uv7_ngoXNZZ+i{Wh}qwXKS9t6PQ=-s`WqAMiy1qA2yO z2i#5<0mvLvmXo?T8$O33OMi9H8Z!x?$;_vOpMppAf}x{>Aw=sOD6asX{RG-!6F7Ox zeyKN(&g-95p=+;|O|bTdrw6=}kz3bR4^ycoFX!%R9)TYLDE3rSgEgY&PA8E7@PFNw zEYa`}vDy;dMUbRwgJiIjU>PCByk9pDL(|$OL$O6)Px?IcV^LrM8Pb}f(Zut;HIaPf zU`@)dYOS(x+0|y%?!WdXvOyc9?fCg8-L|`vy-D%bft9_?S~IX3go7;RGP)&>4Qs9y z22p7y7D|V;N|RWZz`7~qQ<~smo!lUCh)p)6!spB^s@Td$IEnaPQi-|SJ^z#!NLzr2 zU!5|ZD9&ZW>eq{E(_D-Y{`I$kbS6tjd_4E?1oSSu%;Ln|0e31wihE!oZQ}SNOHl`0 zh@EEUHkzL@3O_bNOWi4zHdHVkz06e@azr2-EkDl9{NrA-4Bl)|z+N>=w=r&@alap@ z{ARxduw@^<+V8JX3PoCqiAldQHA{L6=OsH^nOdPQPY_Juv`}oO{I%|_^ z4)9~7UXGdOi>8U`d&?}1Rfll^|9nx03jUme_^m~EQ(2zBNlz4KzpBh49R@np9*TE{&#by52o`NU(Kl&b5u;0&N@43#REp0)aZkEQRDhyY3qvQNN3Kbk1 zI(cGgCd+?TR#2DuyGr$!n(}H+L1ET=@d$`#!o9-WxnDBNicmegeW+Hu6Hjgysn^gt z$d50ycxA+oQ4p>Jp7eh!)3`e!@!B?$FNP6se)JVR^2LU>H)F;+8})Ge)WaK;LFn($ zRuoo?rGQv<+K?Ld^QM0VaW*Y&F#o$6ia1cK!Y-Yno0v!ez8OWhKQB0HiC#tUSDF?T zxd9E*ppkt2eUipLnIEcSgaY%WeSdl*WgM|4E|wkE%3#cCZT9qU%`~}XzvF{HnX#$U zYqO*{)@+f%AqXT1)Ge(x4W2Er?W;E4f;ypCg;{P8r4+SUb}Vm~Rc=n7W{{rZdE5Tl zL9pwm1O|wnpPZV?e@xZ9#8XiFkfxc@L#FDx+w3aDs`Y1aW8y4un`-{hPgTbu%OvHxO{9ngWHsudkaCk9l-AwVGi z`%qA2|Ni%s*~X6O)pajcKe@2kL_?<@-Wo-t?9&Gc3;eSvnRv#dHYPy#L_Ma2gzo#E ze{@N>61&Yl|7r_qKmfR^n=&X%e@c?#(?p5uftSm~h-QK8&X%V9MPrlPO}{bBw=B z^N~ckeLhIqcI<@fe2E)n!k4rUGdI)*BH#*?w_Eg#T|6%XpvSwr#FU#)s9~~O3&l*1 zDB72l-b6K+k!UqdE*g5h#2ylE+{RZFO^* z?{PG>r4J<%Ha~RXmtR!x>sIsf-!M!ENwABZ43V1du^c2#)_X>ZyUe!6>a{+PM%PVr zM{ye5vH6X_v{HH)D!nd|W$Yrija_3)9u2E>1nOR|!Qn_$$|AV(!51WE9l;?Zjp<@+ z;6do33}zUl?(FZ8UZt*(Qe?)Mt#z(^k&Nq;vrd3#TqP*T(FJFQwBmAS9AjbHQQL4- z#up2PuOh>nKb|io8qX5nQ#7GBN;_IIH1Sk=?Ws-FPq`Qz2z_ARj%4wTY#TPrvNVR4(yAX z^to#5_95TW#4DAF9h!l@pHyAk+He?9UvSkJy6E|K_l|ogb4x!sjaW?BEr{RL(SRND zB{-Z%F9c|Z4tDxDA7T3LUvUnaJ))c@1wRDplr+6L-JS-s`iqm}EPFfE|@U8r zjT|Yvl0SzK)hCh(Y}c_Mv&isj>0%p#!vRwEYY{M4T#7<*q%%1Ad|mDl;X`v@b6FJ} zG6A4Ota~LY+`JRv;!(9AnTVH>HxmYX_5y3elm8=Xn^)8#4-P&_`!cV#`=dUbYi`=n zjElyK4({-mh2oiZQjFeP4o=TLSK63luXsyhFA>|?cnbm>3#h$dn6yg=^6X8EgWsn7h8sjP%6>SllOoRzT>o1v}Z`gbFfjzPK zWDouO9+{FJs}eKQ_J{Iu;Ewh~a5*AAAyi_8%}RfHmuad)r9JQu0sK(0ySdA?qH$@(ok)GA?toA*WYU zPb*__W5DkVjtVe{`AmrgpWk_xcY}+fW=A7G2wK~X4#1T|E$xiDddcLz)07m9;Y(`t zE{PxxC&ES(TYLwTk6yDf!GW-JfO0?tazreUigVe=XM5FVU_q3BzW=5R@3J2_^<|n- zJE2mL?k2znHpbiUe3w4{xOHaGI}Rf-q?|OzJ6pev3(0I=&ymWlxC1necAw*q9$nnp z8XiO$Q_(w$8m*JvcQ#Q*(02S?s{FAhmpWi9Ks^bqsvL&7o%ZlHZ*PJv{I{&}6`zQc z5dIPo&@}@vgQT7L-fSBI0!rmbAAm6TiN-sYA`{Tcys}V%ZMT&5 zdZQLOa$?%fBc(N6G3qM9e%?Ci|C>W^ejeX0fh6VKR`8$O`gTm{ijCcv2K#O>W;Njd z^~f2Mo)OX^QNX=k5Ds2U|GNg>TNcEqomD;%2JAzzl10c4XtTM1K%25jqvzQItVjGa z0PT^Cnu;oG4}J7e%6Q)24DvZsAJ=u}ZI&>~dn95a;|ODSynaW7SaF*bgIDVatReb+ zY#n&wrSypoI=xO;pKe;7lH-1&wm@mt%nR96&e>4$EdU(4P`&s_t*kG8(ya$>-52Yr zQDQCNvjORkusdsLJY`#6i@(^B$pxdMmO|Q;A@4`YI}z$G&maeMQQ>k)o0#qM3zjgt z)NnS7)%DdeTCiZYP4{fwF_#qZkP(@7sT53|o~o-+R=%=iIi~6Xb#A&Fq#fOH2NR$b zl?;gMC`NbL)CR$LZJ%ZG9Aq3K!S(N?qMvFLY zBy7&XKnU!i-pF@&u@zLEQG)5LHVI|vp&Ckn<%b_?^r}`iIA)uJitHim!j&9@NgrO1O!-{ zlRTM6+#SVFUcWop0SzrDx#0SmB+9YE*Uq4$r1e{XO`2BacbZ)tmWc>*aF4g;uCB*N zeTMeTvSGm{{;yE3)F}^J*!m)U%H-JjIqf~1WrezQq{d41j5lFKg@^p;s^@iy+^)Y* zR_Ba8Z$^`}3d^$fAw1&`TD3bouXbdvw&*K*0)9XWhagp$%Q38^!rQS)&SFX?mabOC z`=vA|5QpP}LeU=)l~jKJ8E6 z?)thC_~`V86W*&>w9cE-20m(ui(|rH^MDL(owV*5dKnB2G7>r%MI`I_%&+a*t!w;C z$s@(vj=FffB^=g$88=+@2R%953!U6>+(-aS;-Lqq5YY+4BjFfvk| zuD@r?WpQLRKi zT2kUqgi`I?OxnF^1N7|+V6S7eBG#L`$S9{>_QsVt{{sB&IAX^*Ne7A~wr~Y28o?Ul zbXJrSh79S4ZPJ7;q+eRKJHp%}ZQj;fwuPv6L%esXP>n)A7sHc#A@VWj}gT`*KA zxVo~(XyL%WVm&iC$zqCviLw!}{SiFt-{M1dcW(Oy?NfrfH7P(7_(w)!9RY3N`8*+` zdAlZLz1#$#_ zbRz1iJ4ofK@xRT1b1RnT=4iC(qU`I>sZTk)+*Eomsz6`wFZG)jYF#Jguti4(u9N~Y z@PeK8_XJ&GD6w!$c1{r?X$L;TV>`};3KVX_Y5KanDGGvi^=Pieru$R1@BMAjJuM&x z0&4|899jdYCdGY0N;aftGXZ>~F~;GfXWrloqnDRaqw%GsLlbq74*-w=8WQ2Pqio;U z^D}DZU=Dy3Sp=615kc%3u>x;i_?9x4A@29kB0hFKcPntpInora(hioO0yIbnpo(|) zFEy7%NMonlxDmemX6`O_Zlu(g^v-m5bF=$vKGP5H-8gt0L|?R1aY1!8f9gxT#Bu-s z{jUItMt5pB{H}O}`|FSHKG($b$Yp68U5SA+EQLH7UX`?GGkD%XLx8k<{x|g_H7jGM zS=Oe=72`PFK=By@iMeZ)^u_gAMQqq_pKj$ybUP|#Cp>fyI)jLfVFrGn91v5# zE2c{0@1R&;2f~NE%d@ZwT=TzqIS!A>0}LA@c_K#=#=jQ?dh&*N+ybPj&fnT@ z1uYi=BTCc-O7xh?h7AC@4bb>__O4sAiWA})>UFK+5sbibPLpsLad}F|SWdt+1@Iwi zghFwb8vB&UQiK;{*Id+YTS?ldOiGb(k9AVe-NKy@e40Zkt{0n5m~V&Y&+&9HJgGLb zC$8DX`?Nm9-u^ay{9(2VV1VW!3O_;a z-k%`5gLNG%X0}yZ7XTH#vz6!t!unL|uT~KYKl@m$U#^$CoeO0YL8n>O+sZhYtv6W91 zSQYc3LWKzxz=XuzWE9yG@&?J;ZA07sIi7Ao@-2!ezK&g(*dl05$0MWi{;^vQ-pkf| zGmMT*R;TMTH)~Re-v-?<8$l@qwrEEc8|-C2SYEdsoTO$y-QZ!Vz56IK1jV+2B+nR3 z_pc5BRKb@-M+p)%g6lyViH&?*>%)Q9yph6&u6Z;E0$Lji$f|_ok~kyN+a6+C?K~s$ z+>1s}nd2n)*QOECcxM9e?UNC$;)})aZzN9pdwg*XAorm*(Bi1u-`P2|0HJcMGwx7k zYZcf>XIS1Y1b3EN?!yrhP!0a4EtA@i5u`E63Q|u!XO#L~Geo8b$$H92*c=EfSoON5 zqcKKJJ5H~8b@GpJY7zm;5w!YQNa1E!xR}Eq^Se&dM1$<~aBOO5cBBLazWQ@w?jT&~ zS)Fg+zks@~7W#m#eWQN z1TcK1t$jv-gkUNv)Hgi-Bcw{jwL3s6(ohYgg@t9a4@<`NoY5*J9khs>1bzO;<;UsU zV>1KQ<)oaL$@Ma3CQ6unt`6R!Gag83s+ zNwJow^l4?y&qNe(fOHPTF|jPGI*M(bD_Lwu-rGEp&67Xw&b+^l-+mT$oFKg`a2v*eIW_aGz)9hJ#~PgHXhBzkTO%{QjEzRUz7qKu?E#7nNFCSGcy6 zq_lTd!~*RXLUb9o-AW$Fx}=-xP4@&_Q18dRMMB7(m?Lcs+HfRZ!Y_1uc8e6c!1WrP z{JNP~ChsQBpxA2FBtfcVi6b1=EW}|LiO2T6575*@f_tdFXIRsu*7>RebUM9p^ReYW zpb$~U1q(lGDF^#0X@wOAMbpwfaE$!a_c6;VSR-&AsXHOrBBw@hhVs{3>yp2RErBXJ zKfrbG{Dv`b88h+qc|`sRGoKL4AkSEXIK+~AQNJqz1O;E3k@8-*To~{FRXMTLm*qPn zp$YNi8V%#}DcPBX7E1`7zcDWcQKa+EuWG7S(uk|cxj`aWmf&)!K|9!z)l}$0L$c~M zu!Y~(P$2ZMjK3}6-G!%3y`7gm4j!0Z?Tvn2IsjQL*8CYvQSPzOVtQs7#EO`Dg|MLk z4)AQ*lCOiW%czHCPbSqD?bxPf5tx|m2|_Yc%l%`(o8Cw?P`~!ZI`c&$&9!ju)An4P zu<)W%5j;oLVTd}!IkDIUqn^lfz5*4N;T#cf4|q!_=xK4h7%(!s4pG|Ef!5x?q8mjw zDlbTdVQe7%>EBYQiT+xK>gIUS%p19}U#Xk!?bS7J9@Sm>?6Y=t$@aC<5eMs?!+07& zrbmJH0p;nbE#1-56YYC24s`dZZD`uIMGzENoxl2R8lIvZl}kJ2b^fa&Bdto4Y{9uU zSrHHCMVgHO{lLIALPbnFNSpRpBE^dqELQ^xVcrIq`Hok{!|Hws0H6G*_=Qi5iZMY9yRM{q~L9spM9ed`4C`ACan!65&Oly^!er2 zN6e{V&GlE{{P=Syb%etb3a9U%CtcR(R zj-etgUT~XS3Pxlj2+9Rie)nF{y4L855dDwGrSXC-s4UB`8~e)yp$^g-2(erT#dy;9 z@_zO>>!&wrjvk!D-nSdH+thB`;fK^8iVPT;$V7qr9@+MXrW+q6Q1C)0=ZTpUhU;lJ zAS)&lXpCG4?HGpXZi+=<8*2bo?xNjYFceFxj%u9m-%WNBznm*CPE5zg{V|;AeceP= zV3mF5?C4G$aFwmM^Mx5jUSPX7OQiAH{u;u&W>lIS$r-T;)roKVWZ>&nJGqu@^Em{M zwqpLVx{tk$-t(=xnn=1p)tcm^5yESm=#-e%!p@Qh%ma*`B%eyOv(?lViSw zxZztc+K?ZuD0)5^(FxOHl58II6-;7&9p^06>W*Vl0-2UGS=7U`0a|6O6{guxBy{P> z{ez4OK=4*K2oM;HEEV+%5wym5?%*9DfV19>TAf~`ZCOHo7 z#sa>fb56^ZQDVT|v@mE@+;TgSP7@r7kc%_i1+%(S{WBzfR%e0K&@9#fKj1-j-?`47 z(*Xn+4n|8m8LLYCTH z@x_DS+O=w(1r9yWNecyiMd8@Zgsc=X)3ONRi;E}eZoTHyUZJO+)0+=b!Ll_z1&b+S!_Cq?X^b7* zDGz0q0_fve3`frNE)hq%NQ%VWh8`6`*^GN0pwkDTyuH9`$L)5&^$#)EYSh{fdECs# z5sM;RukRi_in5}rrPDqt{Wlq!D#?=uNQ(9ctpK9i?6eY=+Jgi}`Ep2np|M3$s%6qQ|pJA>S3n6L(BIEweE7EW#{9 zvZgSnm)=|RXE+(oY_$HU`qJsJ`RW4lrZ1dt??~y?L#eUw`O~IFNUe}N#dPOBp+bfG zIXM6{7x4#m*V7xAhjZkkLIfuN>sNwHZgVoL60{p9FZlbhiGnNMg zbxco)CB379lwW#L4$+5wpxLmtG-o&%n1urnBuvc)Z>bb0Ps15dzi6UVMvy{Q2oNwu z{4#eT3V?M8r3)7AcGLK#L?xl0_;zrydbaXC=V-T&9|&9S{{*G6Nxkmu z5Eg|KM?#6Cp-0W6`8&x8AZ1Q~j7x7n0wCOUQ&p^)^Fu)bLAXC?PQSZgP|ao)Y10B3 z{qSivcj}-sh9Us||Hf=T|In!a;HdxLsQE;H`0tx1+O4D@0000000002Djsv{-SOZ7 z{2;UpE~=^Xf8#eMT^%dU{n)qYof#R=9t7U7@>iK> zP@2Tg*HQd?@vCT9bzNm0u&0&FBCeK_3DAE+5At}D(t<^K<2L^lN zi&Ji^I@kOF87~b9DZGVah1e!?v-!I=04`C#I`YUB`^-#4fy@OzRT#e&`lbs-bE>Yj zTmtUQz!*Aty$fRgZ+|mx@f(qRbS%BYW-=w&a#vTj$hi+@zcZs(|FGUOHE$d8Ov;9F z(Z3uNC$MuOW{8S~$3Vufnn?dxFpEp(B@N7GNfSG)hg2O8bV5+>K(o|8sCctnPSU?S zNa5;M>{0*#001KiQi3llEJBV%Y%~A~+$weBwBD^vZq1UMJT{Nl?$tG`HLJFu=OgM8 z@r-?ihgIDi1EenKwIGE|x%3DP3H#8^{0Uzxc^jFVQl17+VB;tgkNht*k)lI)3z34w zeDTBK=Aly%Bri^)*0v&9nE7pozp&38UHo_NydIOAc6po-VWizu&Z6J_h9(o(Q#QEwRt&%IeCMpJGEAzA?K0UM)8zzs>Qw|lGj~y< zP5#&grXA9rtwkgl4E37UrPK|)`+}y!j(>d4+FhMkwE(0Tr65@W;0ov zv*7t|r)WK_)85j@%Vc*N^UAXoAvzTKrC}>Mxp-|}dEZ0Fl0nd1MZ7atU<~kdM*l$w zQIEH9{&@&?zI2@$)eb64Efiw$5lF3!Ozy#fB*$83GcAXLjIse;Y-Eo6JfFAtOQbfr}6bbfB+QN4D@LE zFn@}Rr5B%(c#>3ye~&RryVZ(PB$pbRN_@(`^ObchrX8?9zJnCyVQZ~qRK(XjIhhPO zArE2=6!5Hcu}2aH5V+0&001t)^-c_ML7GH{mgLYl*?_pjUqYzTSsE%sqp?llK*`r2 z000002Y>Q!7h!SzJm=)&&f45pTD>PZLGv})7AIOsz=X;Ock#P6&MTd(aI}@$aVDj$ z=b0ZexNo#F)^`iY?`of^-e_zQ`1PkUBqqa95y!_=SB5RGUwMpEeq=d#AgVcxfhlv9BK00000 z7B!+VQszT{qPl#V(QRt4qASfRmgs5`U(xfI;cZOCOq=$YVi!KR3v?3?Tpjj0}NgjsAQBgg3h#qIO%)000000xGg^ z3gj2CYhNgZqmV5svX7oD=O*M+IW-F2L@h88VG-Lx6Nt!?G#qHV61(O|2H*ey0Ppmn zKYJ+@^YR443-3MtZa0P15#sva?@1b%wA7aW;oeBj63nNN3U;q1>w)ei7K)7GoLY*SmmT z&;ELJqyuouW$})?0XUqouh3XLC&bbS)4zi_s^LlWIPjHp634~a->wEe{NIycNi~|RlF6*s9U^YM+nl$HETaIF{irQ}c86Z&G zbA5P7q;3lae`$<(-^YS`=LQkFdqVtZ8AkLVYU&O!SskLRW0B1t4uodIR#e0zE3F=f> zahlH!>0k5!01~8AwB|N1o#wx5qAGwAs(q>xRJgg6ZI!yJM!s6-(CXFiSY80*&9EV^ zAM&DUm=X%`bo!?DyHk2v?@*W!MICi>I8$I90pY4W;)gtr&00000000fFvPy(?MX-*SOCkzj)66&s z#wf}0%s0v(Wf$QXBIu27*cR}1VFWz8!6*4Hl_do000002XlIZEI{|EU>;qI zPEEUGAWwUbXaE2JB=1>$uPyE-AIS824G9z}_n1v&E7Jt;`fh=arNw=$B#i2a3wJVB z%4-rRCZbw|yvsQNo?v!Z%WbeKUt$f)xO8*#hNX`{g-s|F8cm)98H(I(@vqe3clc$9 z%k@;Z56YXpF#V5#DzEJ!rzXA}dF`JsxmAKV56!i&RI%IE-EN%7=;)H5pg06)v%B2S zMSDmv$`h_RC>3Lhlz5K?TBoSD`g64yQYd(HMEY|4tsuuczZ`bpp^YoGN{0^VMCwaH zI;erR!EXFUeQf_AWn`!t8tBGEmglEg8^WezS-*;^f+C2%?)&oDYjnb#LkRP7P&O6M z%aI_)jQei&$6|#9Mk+v10is99Z`HeF>mhaYzbx%L+F(SX<+kTF$5fNl6IXP6OXBma z>L+siXk6_5jC?+ep9d1My}XH@Hx~1el<_v}j-f@6?5{^4!l3x*+jJd(0Y1u;6ayJ( zyzCDjs>AXT+`XrO`TM_0AV>ANU^u(?V!Sb%7QFMbn& zJ_mUi9eoH|OCSr7;X`L-4k){N>}f-Sn*9Mk{NuE1h;;yXgZGKhJuN*{YNj>n<|);F zIp%gip^>`PRK0_BQ}wHee?s77-L?JjZ;!Qz4kr2hY**sKFJH}(Uka6){}+jE>t8L~ zoO&`gmF?5ItdE%OuU}ZR?lH&vI(PB?R%1(H4 z0su5a%d9s{)t*%heoIx0?Pm_S2oLmj-er}~Tsk|Ny!d%AJsQPfAXw-%()LU5=da-E z)&yy?K8%!^@P5?AWA6^J3#As28N2O3p7XGb9yWng059O#b3~9LvQdf8uM;O0_moUL zwpHG_u)KDH!5g!2It0IK#gROe)h+Ujou~@#7_p78=-r}6003!|r~m)}000!qvH+hz zAFtKHX$WL4-*Vt9$fy#~&ymf*joI>788HVqJV`b!;#90`UPxdA|~*J+OSHK2vSn<29@0Z&K8*ikt#|oJ-Xeb@C8pU zpOT@E3_ZhvqC*xm0CD-YiltyWz!)Q^`uJqpDvK}(veC3)=#G=;S=mY^hA zGthsCIs*J}41D?M1WC8qwgU7dT8L8Y-Ym4@S6#3)*6s-l5mT0wb*8Ql^0hOT#zIby z4sP7g*_u`Mp^`@vtd3P|HLu7u;Zp1&UWj7)x*hc|9ni5m&0Q5V1EE_M3pq!Vt!`cQ zV1s5b#I|;QFH1}!=&PcY`$ixQTj|$+U_WCSZRH2HKzdn>$@BG_NEMT{u94Lvggf8g zono>^{eZ!`vG3W9#@fp~>Ze~#b!X#g?{>m2Y}&bIhKT!-2-_W+?v``gW-Y^+Frcu! z#?-P#o34VWJgU~{TV_4&Aj-`SCNbzbRV9*-D&Q0{XiU0|Als@$y?W|4t-Y77%`+Wp z%l$a$suFZ^jw=^{nP>|6No@%ndeyT}@xw8|&R}Ih-`2)$-%K-%qq=);I-rN$@myMU zus30w2``;8hbF(6w={$*`H1SuCSRgUM`{f+yn2T!UT=N4TTp*iaDK26=HB+0OjUXo z*kKAq60X*J5)1KCiQ0o+cz|1@JhG^xWcI&*aqJ;A;*@Q_Vce2Zp~G+zZtBbM74UNWHENZGwjQ8Zh)iuJk2?xc( zeo1ubfGVEguK!>6?s(iZpP*wmJE<`$6xKjq0l__w4OvW#@xf}4KzfTmK{5xTw0$Lul01A*~)g6 z&)|}(u9Y@5xiPhs0+=!Z%E;nFYNjpO*vZZBhdBTYypJs@MC__6cA{K0+3L4UZ#(W< zq#wut000000000000F^)`3YhX(7=u{q*Bmyut`Lo{&=0|!&1B;r*u#}o(&w0M@%;L zMFj6P<}RF2CP^+`k)9(stv*o663zir;JK8|jY`}$tRvKEY$D~)J)b9mNk{0)4C$;& zDynyaUgQQ@E#je|g1|GfenwgC_$K3CYudeavQl-o(=&1a%=r1_guf2!qR9uY{XoMM zHsn}%=ae#XUbW-0?pa{cnY5k-JU*aR^JCwqUj8iF(T{cOD($fhsJBGfyTP!RkXI;$ zGIxmtaCbX4tc75&SxVy~^??ojT>pj|WJy*^AD{Kk%9N)0;OzK(1pQ=WA{`2n!p?*nE zdmV~IoihubT_5l55lK3M&%D9}%@Th>5*H@((a>-F--l6m&Psp)0z|KhwlJr9N1VI2 zcmlqiDvy+fdp>jxMzur(IKft_Z%8ZNeQuuTfH@$Z8gHT#7s1(vQ-KM6xPJqL1s zDjKTX>E}yl!-=_Mgc6N6yGW|NogqGxuq>*jgF?9~c;Z!D>fOV&LfT*ESf+@w-bW(9 z9jWDnzSJKSa}dnXxTEh+&z&%#3AYSQgMvT>fID{H2&?W*RZtLtjAR;wjK|V|gRS!t zTnfEc#cSMy6-kOiv@Gr4_*R$m1q~1(z==%hK*qP(`INwZ#9#Y>f~tLlu1J%rp8w*%)@APMM7UxcmLJ;&9tV ztlw0Y)gHEp3vt?Q@r`Kh{h*=&63RT9j!Gi-2_}$rNs_fi(bC3xbU&}cp?&}}iI4yQsmK5Y zk4`Ims1&nws1-Q!n+)VmJ5uTuu!{@wH5uOr65S?BU*l@g%M^Qe<$l!Wq5iX-F)bvR z7rib94yrj9obM%72iB(=w;S$8TdI?)wn$9HDr+x$i1C=LCllg93zGGe0Dqa2;cv?p zc#h1O;Wj;ApuRy-6TRm*l4Dc${1l2#h=RSAqq4ctm3P4mX$ms+WxWzcO@&<^-1f7} zG;){n-2?N?kYt)E-4cO(w`>p_j#%T^h2SVm`UKPm}&N79oP zSDIw=Vsm5_(_3Q}?afzz8Z{sMzk$o0`$WG~J~3vD-bosgXj)56fopEh|0G(~QANhv zvZUmZ2dHl%vlwM-mVz)QJ)*~CBCky1HFP@ z(i{D^jS-kqwi1^FHl|X^3#5raMvuMV+qqNypmgvE)x*p%$Nq@N!Vax|iDztOKS(1F z`;@@^p3fT>ZSuR+I}x-#W}w3YnGZl`Jhr8&n@viZ5)c)0vr;ABD%*N~K`VvzKmR+* zJRj_mB%dogPSOYPy?QsWXXHt40|IiBtZMT+?`dFeSB0PGYYVg15P8NqExE`d*D#>lv4Do|Dd%H^D-yGt~&6`jue){{^L4UP%*Zb^agu zY2U8G>v>J=@>y_VUD%66NMibRdT0P0@Z__f`z+qyvKe2H-$(gf{vgX z-{1fM000006+Ejf#ef+A#AX4em~njFmQ}Hz2~j84QnTU0gh{%!KZ&CLn4l(H9}GI3 z7!^-cB)HK%-r8wpGi8F{bwR;&WIG1iyHI5?Y0beI4=p-2q(K%rFEJMjX6aA z5#3M{L5zUEe^SdpqN=DlSAqsl+V7=9Zg@Ynui)^*wxO}3QaW5Db3P1|bYSEg7CDD7 z5mPxaiBDg0riBlkS~I4Ff-rTyOQmybBSQ7LpjMcujBBbhcdst1H8-Hwz3|%goEN~Qn>H|<#!S@X|m|nAW=9gS} zpX&i&r1tI1CPfj4mY{Sg6LDv7Q(oE3KPfDKi{8dJ@0Ojli!Jak%&)?irSr_{bswD^WlE1jtQoURGF>fNmS(gS zN%pqgiX(4bC2}uCE%8WHSSsp@LbOuHm(GC)Wy83F{2u^5w0=`LhzN#gBn24b?v&*g z5*yi`5s90YY8S56Put^DCvlE0CVWLC8}X9*&U-o;#NFV$s5X1$olR{3o8eQTA}sI- z8R}?r2+1z$kS0E`25{I)Vy*|MzP8sEdc8_W-84J|HX1kMUIqeu1Ya%2We`F6$V%kF z#Pz@c000000Vv4SS!XkTknMRu_7OzTgJB+l2$Ta6mGT5T2#=r;&YoJF9Oro!#pym! zr!r+;)YfPUrgXlk$NDJ6dvZ?LFeDw!&0y*KNE^SIzDjC2t4-^Tla7%FrTuYNhr(3# zfUtmRkrJ(Hp5@6>q5%uWe(i0D+9B_J!i6%? znW#J+GeHd#SQt1{2~4yyQAsvAaQ{d;EQQL^S#A^Ek9jAQ;C_GP3a8N7p&j0pKidj+ zPW57r|J{g1Lq#H7^tZX!3{5-!b-BZHr1nWj@%*=g4;&iO^x`b=7L&n27nfdGv7sIp zvQIe&jAJkQ&QDcA-P}O$$hfY_dpaqOSu`F5)Lf~fN_~afBP;t0CKUC@6)ux9I`Lv0ON|*NDlFVP3*tiW7z3+qwjHfzAEE#?834^o)>F_Of4~(Q zeaEnc`p=%?zv_0uBrdKwB_sbj%ODh1CqeAkePk0$O7tq4XCbulrNiD3z)F@rmb3Ms zMn^|<^D39&+}#O!4bu+XVGs~R1ty3Zrsa9_8hEOuw8x^=`m$n*u!9=|PolWBHI_^e zH}i?+F?6_VN+RiSaP=HGsZN}ZdS@S-_rn781apclBWIsvD&F9 zM}d2~Bn2z;%yOhc=`05_2bEWJjt7{L5qRI#B*^Rs6rtn*00boq#v&f*&q$QI@qVFo z;F;f4XA{$4xM2ByypmbRE!8FpZ3fgmDNNpPMCbqj000NjTNdjQk(D+)hB5rC%9Lh| zUPe(mfGc~(+n5iNro?QrDLHVn+Tp1{_x)JS3xE>N1&_-;^?(1Mw||*Op;+y9Cj75l z@SVqA%Q~l|ejYQzg;Ys`iC8S+V~r(i1JjCc5Z2R81oZUFtVw|;YPE#Zf-;vgT^J6aAh$i5lyVWJNBu!(Q*TVnhRP6-Xlro~E)LHSWjT)zY0Mn#3gurPUa{eL| z0z{13BV0Xb(v!rBqWeSOE&I>HyVpIrtOsw{PH8B~UQ^QU&VM7T1BcY`?J6VYfn?B6 z)nvRdX~K7=aK#}j7DV9(bJlaKP{vKddR}aen5@QVI{SN=>(905q>hW};Fm8k3FYE( z=P`n!T@@bV4*<}ln-fc6VUj4Z`<%Wd)Zxr5VYxI@ECRD~Iv)`5cuMa2Op}j3s;fnC zX-FG|;PSrGVAQKK&oxUlMpbKdD*fkbtLaA?`SgK`=4XwSyLECq-eCjaVWQ`ixK_Ky zRh8IqizoJO0_092r*N0Y!T<*5WztJ{;RdH*HyEd3SGK9zJ)yXO&U+i?jUq)R^lv~6 zt7qw6ntgKWC)huh8X2jYDJ=1dTy-kz4va^4aJ1Iei`;6=%|HoJ1Jef+xhLyATrjr<4!rLj2yix|>K~lHf z@9d?Qd7o12$Zf>n000000x!P!Yb4BEtSqn=>&v6$RRp4xLzfWn45b!>ebUQa5p73@ z1W_;%py-POzHIA1*EorDlg&DGC;bqa%A%R#xT~^o9PwWC4vIs@v2tMImX7O-LE>I1 z0Jy$!zQvk7&?{iv9v{gA@Bd*2zMj|@HVSWL#Yc=eJ(P$v)&jv*yL5O+52_oM5YyiJ!wS67NH;=HD|Tb2 z0I>G$SMk$OQagA2jM2F3vJRQdKZdNNAZuvs{tE({lh=7>%B#&?V~OC9=FQ3I{)Z zd#+lw_6%cTI#IBM3%U$hVJHD~iJ?dJw0HT+%g5C_E}8Jk8&Gt^g>UxyEwt>>?XdU& zAEQh<$;2$P%+nq0DdlvX|1A^WgyLotwX=&Fi%Xer&0zR$L`N$MaXk@B533O72b#i; zQ?G#zl6js>ecd}^aAjT4-8rOI3dOerQpDP*exeI1e;%c(V!SHui&a7G=HA{xGSb#s zEvK^7#I(nC@0t^hh0&2%D11jRr{H zQOn(Lzk>#M5bNuTmBx6Y(JR(#Zh{>;H-+7AkI0E^&b2=?aQO5r916{EnV&X0o&(c% zCo?Tp9WAnO{RzaW@)I{TNhPF$hNl=+?os?1Ijx8eOVeHRCn6Jh*{!{wC53qgyw3>+ z0Vy=ULG9#D6FN8D4<@WRXzDRzXGCjcSRy*Di7wzCpV1g_sXkDBwjCXK2D*hgxl{+f z>*P}zt##7mdgt3~g+ncv>E`gIuDPZxdtV@?&c27dXvfe_pC=J|lBt;)JLF-?s-hp3 zk7I`vu5;wz^gH}Q&|@N#)=1`V5Iu+~^491$CaT5J@Hy$g2S=jf3y;6{YX}V2;!K$V zvfOTNS|!iorfc`0QQw7EIsR%G#8&18v-J2d@)pe;dp0005x9kT7D zDIh);R|$GikFbrLWU*BW^t&(+GJGVOdYl>{uRZE&9p-dMO)LD-;Tz*RUgNNN??ly&bv}U?S+e~Yg z7Mc8pB(vMEwg+IYnTxVbyBe!d+`kK3Vys1g3a?ZVZmm-C!8t{6i8aNG%^BQ+Vz={g zL+59$ty>*&wn7DTO*#W68_vlS_i(m>btuU6Y62NwjtsJ0TLN9@T!oAs{ky8ikZUS1 zb(#lhQs`BLG?l?739a6S+8f0w9)E&TRV0WEylDCLs?D&WDz1R_2ONaf{(|zwx}rt* z+hj?d6GCO!ewgUuH3XZg7#f}{hll}!LBZU3?~-pO6p?9=4kEPC?G5+GJv>8pgu=RE z<|U&0l$k`=>HBI$wG>f{*sq<@hfTc=F7E`W6Z;bBIp>EH6Hp-i4bE{?DS+V5se%u+ zY=j0Rnw@qp#HprWnMLY1q47XJQ2+K2936t+YOngd;oM94bix?RPUTQ?*5`2 zE+(N*e;oS>g2l;pzlL^NOB`U#WQnTR^CHy{?MHIAfdxa!q2mSf#2irn`U^}K)?0G7 zodoiMXF)9udC|=sH59A890a{;RHCuDzPGV`3XN{=#&qQDDqmYKhrujpeioNfmh1q8 z$Sf}x@7lr&w|ZKB!RX)t(_cfb$iYy)c;>9wP5Iv>-HfLR1LzjS`+*_kKap$c18#lV zYyc*ePA}f=f~?&kWnd7=Z(Ft z@p=brwX~Dq(a>o$P2xn%9mNks{Z#3JQI;V4NQw{qo1`c;bV7M%)X=WWVqYzmL>i{b zwr+Yv)_HnB^F)?Hs~@~Q!*n7jQKZ$!+RLWiU2OGflcYl=2WgqPy-7A0z2gba-AQf% zrE4oM$v)C%C@M5^U1?ikxc~hFV~efLk>?Qk-Nj>H|3I|Nr1R%P98mp#pw6g{wIHKR z9Znx@(n4S9*_(tl0?^PP0000Sy6Pg~GA@1G#Dr$fv2TJd?lLQgqfI?v1>PhLuu+an zzw#iw9k{~P1-TGo%cT^lMK0CaWAPOYO%z=JK(Tt2UWN?Sr%>Q(k*V8<+2f~CL6lF} zxDauJzzzbZu6Aht6mwuSkyMabZYd5#sQwdK5XhEo$K@zGfX@J&AyMZhYnVxAIoT$~ zHXE6dBucTgLqRj8HOJx-Qg*#?v(-7=ufg-xg75dX(wvlq5yj8kQHZQVvN_|PtVs}R zm$~6<=(2oYPkkpl06+*4RGTd(O$U^e2=@A#l+XUiK8d~l-YNK_TSF~CSFk38bPa=N zb=%VGcj`__Q5>OoBZSlalYFmU4;QLC(G?YxT{vf;YEM{vfeq(aa}5rVrc2-m*|nLn z|3+zn`n5@cUS!$!wLm+xxx>}NZ0SC&9Cfi17uuI0rfAiFqQzwge%-;Ij_?Dy*`-WH zC-n99kmhj$H0ml@3r@}br1*9l|7Iu%Fp=n8ZcUML*Iegh5k>K>j`x`m2Rwe^TY5-U z#kOrMu0(8iITQF4%**~C3P~-!-fssw`D5$eYil7R{d;N){2nQ5-YtY>&S@_5SK|d) zMv|7j%aGM7+VN={kx;+sFtrFzC~Bh7?qeSvkp-qTol{9)QL`{>8KG_nQv?pip0RGc z>i*(zK=|J5ILPRn|310Grm;s4C(2x>c{JbeQAWm6|uGWZ#z*w>%~Bf=$2Gc3Tif^cnKCk%0p_Y0t(h`|OUxEJ zDcm~HDstH{f10^0X+xNM&>A75(AW>#kAq1>OLZ@RukaSy13%p;;rowDWT00U;IwS~ zzj-U^^o=k~YQGfgEiJ+^wA|W>RSdgmxL&3>6-7BZiG7!kHq8rTtGgxB<=+n`oja>= zDwq6ttk9r&R&n8PO_|Hxq}%HsXZN0KEXUYkQU+c?Irm4}743s4rctVEKH%v#nlt{fl2#8_EGP4MY1k8qctewyJhqs|82kUpabBPLV^I|DYaU-9{v!CGe6i=xF79 zBNBmSTsDlyI{R3C>dU1jf1bxv!L3)JA(WkQ zn=m$if~(+YI*Mk6QR9NPvt`dYGm+q5cdHgSMezSj*K6!##6uS8nJsrZV!#?AfYD9M z^&9L?6I0Qt>R>D$%X*jK8rpzJi@1$LJq=CMgiCHVl#DV$@N|RObpQ!H+Y1*PR5E1!WOqS=>|^SFQLj*J1=g@b9gtp z@-i?TT`hsLW~e1P`D%fFm8r6~B;l9|qEfI9x)_sYC$qjRUFfoHM8JDw-Wr*O`~GTT z4p*YFqMuf;MRxoCP#c=EosT(Sm$;+;C45T1D`pdO({XKhH14Uo(624B!33ZH002SZ zO^~EEL55+SS2Qn3I!*lm+j)Lj#Q;oUwmeeXht-66;JPnLUBHo7`<$QhKxVnR8S!;f zCu)azxHAC)TpiSCQtK8khM-ABGK8gqIXsh0 zHqvNh$ff*2X5N68D~>1|xQ#6chU^mSSpC+&ejfy|NKQVue?-ERTy4@tb6S(XJD(vN zCU6xNHY9Rp;%Fm|vJic~i6(lIIgiAZ)$`}UOE00~9tL#RfntY{FpoLF=E;n)dr&p5|L-`{2zzg&p2{K zQl|pAlWi~b95{5tOs_H#R18rt(X#tZLD?Y197!%A>znn!{<;}>v6DHM0izxOPTDfX zD)98~y@;3_vcwLHZdYlY@5ZnTR2SZ)?x_Q+JtKqQt1XF$qtF*#lz_iNS!E3#_3Ocf z#3$<(jWjj}-m5Ha?QJNYODw8D@jA5tKlXW}J?wOC7AVZD&TjeAGZIXBU&?JNXA~cT zz89z%gjufbWF4R?6WIKq=S{r^Fa>Ow0M?=c*Uk_S zT@4s5%Ec6|`ws)TVZN7&{Tw?pO1g{Z|J%K4bitWbPCw(kKWO)W_cR^M{XVZ&I*zWcpEue-e3s_qRy4<+%%Nx_ zisrflz>$rPl$({T(mSGZu%x-bi22)e?%fds-%BZlkG56p)M7YWd9VnjA<1(f|Me0#-h>XMNL1{;x>7t*SaFU(2akwV_rqUn^pV zsr#WEfA=sQV-CZSeqR^Zf7T###V||*fN+C@yXLj0iIH4mf98OxN_WWkdQj|y;{U>1 zeQ$H|s)z7K8vF1NwMKi~7+HBv1cgmna!p#y&}6mjsyfc!ptHWO?c4o8tESIRGHMDS z*hNCAMh(5`(SDp@TC;y8Co?x9+I>jmbvT-O+?W6^!Y_f9SN*4q?dtx5|L9rAj$@;2 z$mkWFI`np1B~p1%y97xrDb*}i7CGAa;=SHPZ2so>?Cc#ea}V5hoK0*I7kS!;Krf6n zi4$BDeylAWbk@JTpZ8sQTdF~L0Yv=)a#WQ;1UaZpyvUPCgd6T?u@kET`EUB^QFV-I9J z!E_?(MS2%=fYiaI)f^B#w+;tf3qeIkpLRdFT&6A4w>A)91c-Stol?U2J1!8-&ctJp z*T_40*^6Hrat~=!Nb%j4U*SPrp;2i9w`qMZntMJUJ+n&RKBVE$Kq5O~MH5Oy=2*yK z>f@hL>`h3>lxWyl>Y+>=@gHO(IQn5W;vhY9$aMV!8xAIU&LUAOTVSHN-refH1E8iA zDJaIwg{1Xg6C%njci&F)XNg`2gGLEj+_idrI|9EdW@LdV3@oX3qVVrZHB4s#489o3423n;e36CwG@Tn`-~a#?b(7^9FgoH`i^lqnWAbea4V5~uU7jYOKaXMzyYT)F!ZSmTU(Eb0{8xYfB`)Qe9^(vkE3B}NT zpxzuQij0KQw0meAuCH*Aco&dI)c|ny2lT)RO%;yx3fNAh^ zKA(SMS1oXRCX#*nHzHMQvGR}r0<}7z(FOGoJq7bHoKIQ|lsR{*E9A1GO~0*=r+UXh zq2teVW2)IWctYVYDf42=sZH7Sp=7sQ?r|4{qIdClD`+dLrGz)KLk;5TBCBlQwqCc( z!Bh-5WJ>2G(0j?Om;)?{P@DnzWX(c}o`{QKx#jZQg$3^kEg={ZrmkVmZqZWsPR7Y~ z$-*#27{Hc5a%GA}{Cz*v_oB{Mj^Nh&w**J+~B{(|W%08Kmh!OFB-H8cLcCjDSLaqR^(lT-`=cKvJy?4E^cf~)l+vh;j_#%=s44?NB zQ3u7nZJYoyj8Y#Q73Gl6;|ttMNfD^w`l=1h*8Bh8JQ`ZvsvD4MpOy zc`-#=Qa+yzk5R^*Uvmbda-&eMV`gI8pJ>}yqv>>wtECm_Rs3Y+1y_R-hxv$*Pv#&o z!=}I);5bT)k@0cmb6wqhQu*x~OOVzObz=QY?*MhPe3I(mqx7cdhQI{2BLVD&5Ac2c zuBH~qL12(1Ep~;l8f4%!aE@wE3f(Jg_6h`bt%A+s&-|{_I}!X|1B$K^xh4J8$Amf^ z0dlVUqR!!c!f`JJGu?2P4^jF6Xonc>nv2oU!xeLq(PGmVjHWhtP`Q^*H9S9!;(c}M zZEr9XRox6WF8h<-E(nVFz+s92000ELHH5^w`hQ;2<_Dkg))0`{`iG(+#_3RbsU*o8 zB|`vJ`_|US(Hc{c?EqrCp3g*eoU+;v*XpJ0WE*n=Jad-*uy2k}*FPE%a5 zk4~9{c$6nS(4Pn&1iWJf=6vfGl#r)KRV5Jy*nx38d<@q-SFjx>wJ9QYrO6OJr!#ck zI2MMvnKIA-z4KoV4gJ)W<-mAGDS%&FAVSTWJ8DMqHSYC(mzF~}Giz64Ep?XGuBxp- z;`zhkF^(`~RQl%CYcys1Qsd#Y6I z3=IcP)#mn>wwt7ee)ZD0F41*l+qs=;)lO3H|Il$rhpUHrgZvWrl1V4>$T`MA89fg z*ne9o+R4}ihMO2(@y3q^7vqE9#=(}t$ZR8f7dY57w))=`9YD!yYHknM-CR5A95ANs zA+vx8X0cN~CKrZWPDWL=&42~#$!!jQbCYMYPZFnQdO@BR2np9>arH;I+-38aIQ*>t ziK4+R#cv*QP;2WxQlV;Ku4f7xR5dG_^F)2ilqNTqhuc`fxHrs%bvjQ%&XT?H1{8^K zqwvy_@KRl4K2}h&SoFM?Mt>DJAvx+KWk3uC(%L#)4D@{jwg*zlbjTRln*sBRrVD3* zcqJqfBLSYhkH$u$5c{evbcR0dyP(QyN^5SqeggnTK)JuCf$J(KR0w*#sZoT%j#-H)rP|t%^5fMklALJArQ(luaBCZv0VTF04Yz(zqhAm z){8=(Uy`-=^O6KN@OB&LIXM1Z2SXUO4Y=gKZee&x8^GJ6{MAfnJ4jvfx@PEtTi}DU zRNgzg^o2Dsj2?zSsbe*8P^&s87lOEdq4Xj5_xKg@qcXzRlzANJw!$b@Llo zlInY5WPXFJcie1dwqS%I!+Wx!xXExQnY;wgT{U_k3^%om)ie!DblV#e7U7*K(z7g1 zi6Z-z#dS2IHegO_1B|Ke3XS0O+#9N;)ZY-jG!WEC!w;wx=W8SHX{n{1LZ-rZ=8{G&n1AcS_ATh33|JnfBuz<$O%t9{#+CG9pKc}A;A<0widoGFWP8a zt0RnRwGLkaxw;tx~bO|_?5o6{5Lg3KRqR1qx8Dzo~eW822 zuxKg(vPX-5dM=7q1jlUhh>wDI3-fX8Fc*Xk^5fJgOEVG3cZ&Gi zN}t(ROJq&tIEqTaE>Bp4i5!fm ziPQy;ZE(v(Ld!VxXTq(#7*gFkX`xO403~IhB`xyfGsdITak=eKeri`b(!dq6z7Q$k zxSh>zyVI6W)fj}!0G$$TbtUhieL)u>2GK4d2m&F+-JY;Hm5k;W{usivcW~FSXkkBF zIq;%OQTF&`CF?AoFo38sJ^=+WZK1S=5;tn+j|GS}W>=!n(nj2w{Bi+si}RNg#CG@P zh|{l!rp0E()1_0k-m%M>kA{pN=VNWha&#Uads;TzH+DN><(4;eOCPnRTrv-jUs^iXd--E04KlG1RY zF^ehuJCGVuHxIk^8<@HPh9+n)ngK&FsYUl&uAf{06vM@li;(ya-%Oin_!@O#Br)hQda; zVJq{HM~d%&ghgWKQlm2_v7duVS*Vec?KB>ZUu9$#F|Po1-AW0@;;BAo8_)oLDiLw& zX=d8EE{cQetVv1c)m)p)oW&sK!;olz>T9@zTKw>sS(Mka(X;|d9THR|_3>ilw!hQE z0hXa-v)+A#bip9J{P@lDa=6^dK%)Z)_3un<`~zmApBDai>JjYU6gt4y0AS)hXV0u~2EX$W7l~%X?}g_4-yh*Lp6{SvxvU=Wzsm4_g_xbq^3lTrNag zhNEakMhJV=0WRqY$(OS~As+Nd6cY*h!3Sb?o`Mg@00}0C<`GU{3uIuCae9pAFTJ#u zC;x{Ouk`Dk_(YrlZfa|gfJCS|0ZoEFX#WbO19a9G*MY%$b2k;7EW7-U(0MVw0)=51 zNausUD!jXwy)?4SpirqZbB$?TGW20%a>I=%001J`<-VZ)>)@}9?7of%QeXOQ97?)! z4vZyNisLLumoJqr&xeIvqSZ;mvV(S{XRv_LkoU9pXEgT-H6E6{Niy2T0kvCG!|^0P zZiRDB)y}i0;b|kQzBbzK{<8ck{}_r*fJ-9vWunT702gSvBv0ic95)^gb_NASl|saZ z(CDqiqOUH`VZ1ws{5&8E%51upXX>nX9(Uh@aKA%Qb_RR>ed-wbJG-v2wI}$Yq9T2E z*2C?pTaW$C?sMMXib(_bVO5nG7RsX^n)b-trd9{@?WBzxEFuDLQSmbPk<23TFI#A;ot5JWN|W#bRkH6Bq`P)dk0jNt9J{2W#x1Pwb%OGlMfs$JS_ z%P{1ed;&$!B}`cvsOxzP{p;#PxL5D4F(@zb!&wVOzLl7gJ4+?|fCs1?wvP0B=d#-2 zgd~~+4mZ28G+hsTq=V+MebB62?t-LT}4zog)e^ZEm~39Bg<#_dw9| zsY<3n*okR?qsRb!==v^_k=0oqUl#WHw|2K5O?3FDqIF?a(ei+v?Ka#Ee0S!c_j=KGqq z6xl_LUFA(11t2^{8OA*J586T1Oy^6aX37S`fKa35fU<{vCn>G0&DyY z8~^}pt|Sbraff_DVnpLSbIw0bpu-qNsPG%sQbz)RYFBKTH1%iz)nXbOY;U}<=7gB{ z3cqY>abQ&rp=RtzpqKmF04dcY)Sh++25-Kpt*}El(;saElZuemqGWYSp#86b3zqhv znZJNyZlC}hIEE?(Iz7w-zqHtFTG#Nuy-Vma=1rsZ!s%z(-{B8b*D4`D(3G8sOl+0S-8YkoW_}pDdo|ddl#4qV8OfeijCDhS<+%3AGDc zD!`lB;QzZDtxZEhKG$^5Gi>1k)&j<`08r+>*u@}#2ebLH9X8Gb`i9S*U-9M*zO|%> z7ZneOSTq2608Q19Bi3owdrLq77dt@TAqCIzr6vbWcvP-OF}sI#9zT)@>EC%+lKUM2 z+w^Gua%8u{+<|evzlS#g>;1NtLHX_dy0863Dm-dX2@p~s=Jyc{$XD7-TU1-2f(KM? z!{{4R8CQOww=?=;IJZwmM^h>u3@rdQ{~e`+|Fu=ZGX6WEHN&Ty?5_FS33|9<`t(Z& z!!?V1A-INy2XFL|nedK#e-IU5+R^jw0#7Pg6+Cbd#I$N(IANR#u>QPoZtl%e-NOcV zX%YUAK9%o2s(*+M=iUJ%GV^;pQ7`y!KgV9TEm?2?03uAWmNaZ**&H4U>Y|{Dk6u*R zgP|YLsMit>354x@_oQS*2drvN=dwE$h~yh4_FZnxWiphR_pJojmMFJ&%5o5vOn4{$ zplHUN4kMoW^-MwMZH4Hr%J8`ql+TDf_e1bSXl{v$R63`15>Z>^$r>3jx=xXK*?30Q4$}F%60`Vau`xfjo%wqZGQ*&RHodF$m?e&@Ql#Pa&%IjR+ zWtT0@kjS9*ej)(S&AKFG6*{BAG%l~+o?pxZlg;&1K)b8&cp+y#o*BKA31zM7IY&^^ zX7&5ihcX?W-N?PzZmaw~31F*}CUI@4Gv3OBs*TB6k{TT}OP^f-} zxc;n=4y1>gTOKGAni+RFm;zomO>U{ic;Ft|+GipnC`Q~J?hO!Nn1(}&o)6A{PzO9* zzFw>mGq76r1ppR>VQ$PJZc(_X6Kroo%P?YSOp!LvKN3skhjb?=jF1#bVPF-0pBtk= zBPU*&6|b5Ej^P6UdN*CGZr-0cP64_MXvq^=tJ*8@7@z|5zmc!*z|9Uwn99 zO(?};&4#n>hI)WsY^5uM+XfZ#)RZ_&=1I^KILrs?CgAHi@9{weu%1a@*I|k>+E+ng%!aq| zfx#xi$f?0XwPE92DSZvyEHR9l4TWj_O`Jyzc=v92c#>Iz72z%HhbDmP{Z`~z){@>w zQAzX$5PqsWa{*vdT3+>Z-R=GjHcX{k^e} z=XqtaRNvil)HDkev+>omQd*jIMA$4cal+eo{GsxLMDd)RcsY9a z^LzsOsTxFsp8$zBA3@$-E&AUVmi~>u(VP}L+KtGz!UR(qUlDMF(yq<35OgIZA~#sizVg88b;+@1vN70J$gNr!IxKML8S$*W5**zU)AqiNpKI;U+Ig*@`o#y}aFeq?l8R>j)xL`ugz;du6YZa-8u`M2j$@ z0gA%{;XFPD51y*9n6_r{%N#De?#JmTF_(=$+#b+s54fGowz;46s2QwWykYN(tAO@v zCz!j92f5cI;`uy#eSfSN{7gU@ke2lF1sp$qvWQLu-sy~{C�LDJ`b+nak?!u>i#* z;xeLN9O$zif%E_XIB)<|fR@YGtB#4P<2xSeAFdwKEQP3dE}&smUN}vv4N$yOU?co+ z0FNnsgJPy`J}T2(@^?@!)t@RRDdN={YRb?K@wafJ!iCP%u+-dPofrt59(4d4{G}c8 z!kl6a9zKf}T6(#NR4H7`|C-hLVj^Dpb4BywhJZD_;T>%*d-in!V+;_)yiYRb@Tbl~ z2rjC98RD1|vM&W6g^R>m4DBXIb~_R~AgPI$@`Me6wW}AodkzIO0F|Kac2Nnhzzn3l zVdr$gad zdoVQ!>lLD$-%ciB4lUtS zz!8Of)5^rhz}V~?(LG7y-XGENZ{Xw+(V{OU@MRh0{N)<+)HaP+tSj+$Nn5Ih@V<_H z-oX*=ywiAgpYaezM_>#b8dWp0NSZ^4Gv9W_pRGeWA{QG!hf9suuu?bs`G0RAQOWBa z5U};g2Sr!`aTboO^$%o$T)2VaYgTAVkz7>En`yCZ#*$k(OllxA zLYZlCzE2>W#L?kK0nNQ8E59c-%8^d_oMB<<3-JkAPM zGHq~q`MiZYlSB}EKGDFY9n0JVfS5~bg-2MmVLZ{-H^Zd2MFdcO-hAf^pJP~ z2GTXe?C3WB<*~p}DB|Z0o0L>6FVDNIPd-)Y2kj$ObfX%$9s1s*UPW&t1&|KXg=v}l zq)eH&oy>-rx~`VWep;>2k(wih{u5TZR>-#sOXQ_pAGLtP_~**$-M0}v*A6DmZ+HTT zAdiG@XPmGWqODc23zYcj7oCgXUa*W(C(mC1ayVI!@|%xo;Fte`FKDSR{gvAl)A0P$ zcUvz~p0gh=)$_TbTMzV~407slbviE9mZsD6@o`+~skJXZVHD14a|I{il-MI?9clJd zm~$vmzsej4=2Ja3$r{(_O3f*rYaak#d7Vk%U+Juk~vu>Q&@)?EJai;s%B|E-tvYlra)<+Gry;9}0xfo{`fo$H}`1&0o&(%kCAlXOC5 zR@YdN{;)p^wR$5p?gV%i&lBQ~?)*C*78jPo-15_;9D-8&ACUNf9eHi2K~@@Z=vgME z49-ZDX?PIF2{Jy>>p>amdR(rU9@JD|O`rrLkOV#Y1+ zkb^j3>SzIVD*^vsgQPgCL;IwgN`=lOojfJv*Iq?4s2zn<#>3z=*<|(^sPF`163Y~Z zd5{I70V83HOxPiN0CevW97d^_Y4AhRr}-Ks=)L9=7d+SclU)|!5{)gMC!l? zb--HUvQRG^vi||n{SS2Q3Fo;^lU{2q>G|+@4qL*)tCxn8@I^BH zz@zT7$iT6KIS7e(W@Djb!)wf_EfXkoBNa(mPo2 znh1Hbc{=W%cdsJoJ5B1-OXMcYs{Pj5)1^#52>c5CfCe8thLELZz+7iRW4o;s5STwd zjlT1PT)y8 zS}DOTR^$|G7rJ>KmmgdUYL`q@Aj>+pv7D;Nb;DB@|y=^9V;G?^@5{1LG-!|VZ_ zCVJkko?nlaDm*N0;94dDK34TBK>9EYD@4C9hmz&LSpz`Wh-V#rXegwBNod?KVE^il zSk0fd2aLDZ(4Yl|(3}}LzH=D26WcZ`tvK6;vI{)oritI#CZdbpLdY@SP^e~HYHFd% z_5rgp21Qz}hg-7m^nvRbK+p{$%l%kisOEWV3jVv!=8|i+?X^$vH_2=Ahj+be{2&0B z{xU$Sadb&IMMU6OEWZD;IBwpCW{%D=HU50@CMvl_007=V2P#IApp&LoY-h|U2|Qjy zWq3_t7fW^yB{w&!IfX#->|g#re(9FFD`+kz9hb1UeJ*kem-c>M=qF0@PPHui3f9aw za{<~>)svFz(EAyVih&nU_RJGbK@K_eSPY|AP((XRk=cKptI~MU&E0H04*;DaCBa}H z-kcsyWu^-0RqAQ`G6NA&S=?C(Vx^rdCWQh5CiP9*d>;7ru0OGH+Q7^EhCJh)mcb@r zTuOT7ghZ}dY${VOxz1$u<$y2Q|H19>5z#L`AEE^#X1IlELKDix&&(0S`)fnDm?5Sh z5eS2%FG<2*i5^}#)a}h1HgT}MLf37gd zowf)mtXUUw3}PxP1iDWSAchBfull1A4TmXa7W2-zxKyb!A{OH}XN@Eoxs}k8LVLo1 zvO=N2yPp)@;^rreWmIMMnSI?>#mMp-(Dy^dSk$aDh*&Z$OH>mW8l%Tc$!|~4D0O3- zNSY9r_xKO{go4%mz=!X8Jk7n$oY_{GyTJgo*_27O`)3ZGh*NGG1wC?f}gkcsyS&BOKvxokKkPyaQ(P6~Rz^cV(7M)!fR{90| z`BFE6dW*#ahH~cT6hZVbF7BU^0}eT(DBZJ=0P9(6dRv1h=-fLrz!cq?Jw3N3{&6>s z`&cogdIBT=fr!J71qgWlRf(dJdkI>~6M#$=khgJAXcp8ztZOzFso!dI1t|x-WhnJ# z>Vq^D8x`CL)HLMkkI>Wmx|^D=m&0XEQ$(t`K%E#hS|5aAfKL5*<{(P%GaosgUL#hB z4p1q@{@C1QeD4tN95bbd$%Q1#-i9zZO>I%7`T$<6kSl0{@Oc;FPz(U1XeM3{h)ltrLR4wHZ zQk%%xAAYs(GV4dQ)LU9wOzeYQ@?D>uM;s?x#K*P}BqLC(^5Iip`W)jk*TZy*sFMti z1J`n^xGi>47#m#QRAlJ+uScqH)>-Pbp6YwY*Gd#OB*WDn%4;pw<9@Rn5 ztF=TP)B##}G1%z~x`$wPGB%nHuJRs`F2p#~qG5?VvPzK~McjV~PLt*V4CW_CQ}ou1 zogg%&hSqW&ov1J{kB+xEaVZAgzJSA^KpBDDoQY`{K=Kg-+ZgIcaix++O^*59LEalz z2a!$pV~SloNgiQgFHN^D&zdc}Z; zk!+y&Fdv#{i`P(1BbVFDYMoPEhh-a2PG(or@$Q|RwT-1WBEQve4Y-45c=5#_Obd_` zuX0`g`^Faul(@3xp43t%WeqH8?y$I|K2HXa+KnT{ty^)vt;T$-jsLXt>(kp&zmJd$ zLuP^!ZZnFLNp7p+_i1sbqZF)O!GoB#diT`keR(sS)+c%71ld=2{4K?3JfK38aeL5} zEJeCb|9U)Rf{&*LLlj2hjHjNUyH3N(9OIA;lPY4`-Ol?`XN2iZ}J4Dp7I}vV&$nl#F_MGmfHEU|CkLdnX)z ze}$KneR+g79C#ze1!;Xbtz;CM;QPULQTnXA3(^lWp(-vwYn-S|r;UPVN~3`rSP=B6(nXpuyLcyQ=URLbI?yMvCTaOETsm~e#^vvE<3Zr z|Imcrx~{Cy$`m&oG|;Qe=6d@j*R>GotY2kU-}!4e29GD42>1oFZ6jn_}T3W3&t&U)2CSrV;O9505h0i19o4t&R*R^ zPiUXAm2(dk$$G#E+G7H)3J}q@AQxukF_d(K)IeDN%Zq=fYqS$%iD0hi zHjOc>o+zYK<8K*?jl!`hOFGYl{!BS;aWo#XSMvKbt$Ul-+z}vunvMNpnggM%|s<1`yv1R_{5#{u7J(#!J$A z*%@kxw=(J`uFL%RthC@R{246TezBa0Q8QP%PzQ0=uUOcW56CN{y%wytIIf*mOv$wd}jrJ2vk53KY4 zYhKQEW+zfnJ{)wo8*^$46Ig^meZ@?3RCI4xMyBsMrc@E)iNS;U&Z(9%XG(@{m#* z;?iGZbwVvCl!VG8uGER~(HAgL?FM zK*g1S%dOKmx^?r~A)it^PXK(}3sx#|48kSq^&+?4f|E#;y9Qrdw~r1Z7j?@91aF<; z<8z@xSN+a(olX!Sq^%7Ma2eiC)w6!z50`9M#xPoklHZ=-zlXLJGUQ?3K%CTltPzVK{0JWOF*) zpg-UK(W#hh(uJZ0q|hvFM+5&AG#ODtg8owOtdZlXL~oQHZmlM0b3(WV zrS&obh)%7W52hV}I@nYd-=^R%eFanIOT8SiKAy%JW<^i8trs z*ye5ynXfy|h(QI#niJF3HjkhpL)_I@j)A*FKeYVTvmNr3^Xx^j8Ap-`7eyf#tEHMh z(g>uJgAGpS>j^ylVcqa~(6Rytki(;@sInJFiT zBZhFV>KYGjU%L}nVhYTEk)fog zrI$5xjIByMc3fZcJKTHjwV&WV+WugREgr5)?%76m<{$vhYVF|L6rVfFn1@lB+oeht zzMOyr{0&*_y7|Y$wj!Gu{e2#k3oY_0P1m#(mc(g>^Zth*LMc34S|>W)$NtHzh4D5= ze5vStK=Q~Of9h-jVbzuzyi(p#x5F*|{%0|-<6w&R7pg=#p%)~q!8ot|5lVNUS6VZ{ z{)&vYyQirnt&2iAiiC`N+#Di@=yBfy`AX;p?hCG3hdBpOE~>0llDbZm9J4B z7e3eFJlB{_Su97j(po9aAaNv8Yp*%B3`5;`MwlKMs~6gRq6*XE|JNlDbx_HMg>qJe zXO=3J=>|26)KBNG_NrMOQ3f}!ebfg`VNRe9rYxv(%F_Oz?ugm=3H)vYBVjjA3r2h| z-jQVno|`Qq2!K_ZE^k5wm`|g;Sv*tK0S_03d2qS}M=1l~G;@9idG6L`-;oTs3glJ4 zZt(GmfVn?Il(UoxOhX6u2clLs{x5y9CxooM_5#0w?slvB!Rfp1oVL@)s>GJ*BHQG& zw`w7Nj~t0In-7mvFFu2(nP5-<7|9g}%Uv`;6_#)cxPHvFfeTEA5TJhmh62lsuWjL$ zX|4;94?ftoIM*KySj*i}XAjX3B`tVPZ_m86;ZdxrWfxXT{V#)MtR7mWGYTgukNX~; ziU{ejjkaqWyUilOQy%x}?ZR!=ub;-1Zw|F?GPQLk7y?%~yJt4!1=7xbKSji0^y*yZ z?&-XS)EI!C?r{o1orT$mQ~=Lp^|yEVS^0^}Wafd>7Y+r9d_Xa&Upe|v7zNWdnEJ)| z33SU*9(P079F#MTBk|0jfX%%4`8wF|mvA+vmi5#uM*#1GJSiQQb7(e!fAm&`09og! zAKV;_0W)7faWkK*Xvns&NS4}!PqdiR9ueseOH8+300*|#NSF;D0ea6tW)3jk5FeD> zuwTK_uEO3=SxVA!0cx-ZD+Xqr*=Ir^=Zs(?<4&pa)JDM4Ew*FFmC~BAwDT?-RW8}M z(lg+q)h{7RedV9-)#@!1-6q04D+KP&WWo)eF{g>bTU;E6PWJDPTJk1;ES9>A7W$~X%Tohj6yvaHi-_uDt$3}^}#UVIe#Tr+Ds^zVe(Jtr%k0R(*-A*8?)1J>_ zGs&2%Cs0YzzUI`78P3ekr+m9DHa#~X-hdZ>^ZVm)`sq3l=P9B zFk`6+fr30s%!7@jG3Ct3tE6fM8G6h#E8KCLdU8vj&6>%YsCSglsuRIx@eiq9EcL~$ z5mx!|K@d|$mckgikwc%3#M#aeVxf%Zo`c7s1uhaMV3xN-3(fDSjVrH~Buy{eB7TG~`vl4w8eUjJ$ za6$!ML0rRvnVE&_*kRnN$(h~%b5AV)ttD_%bsN+9*`V4TtOU;0)7g;6E>_mqZT+MCzOA^%nUe*H?{_YLr0tQalw+%UY#eyl zqO57gXSYD(&B4J5pIv`!aa1lNbuEi2sZHr*=O=-@_m~A%1D@^mHN3$r;k#x?yY3Eo+w7r%2=_O$)*DUiG$!q| zNO1iiIeqZ_n-{nf{f+eSm2H)%G6!HZ z6hrE#^TGWt{ZX5^92ry|e6J14Tx=*Au40=0b9Eg=AxW3K`qJ`y^)?4}?y{$$$|D3Z z5EqSzqHL1Q<4ve|SP&g==P75~v|#*C@K;qdSr=*{eul!Cbauzz6#rv@n8Yctdl4i9 z11PORK-nadsG5X31U5%*2DAijL8v`og;2Re2ot(uivyuqaVT>%m8S9fl`sXP!H%G1 z_%hle@|Gw4?53SpaK(l!xg)GPAMWyXsZzs$3|7p9P6rX@(g7xQ`6h3<1n9o+JG*>^BoM= zuBvA8{y;^7LaWtLT|fp#5md+*#s?2VHy$JXu?)Y%&RM)eY%L`vpA@eOc#D7lr|ElS{2!1q>@5Qj1heRHPftD zh{DZ>pns$-&<)|-4*}`L!-S>>ivPJ>UZg3fX zrhuvD*o>^(#nPbay8u-&t4+fzJ~??&kkaSihsHOcXpRiWdg<(;Jp^{oJ*|59L}Bb0 zkE(U-!jT{w3uVv9lx;%lnpVNf{5T_VNj_R_5 zcBWbM^@18e=#t6(G!^#f?E8{$jI!Nm7_Mb`vv7TbdQEz>g0|t&S+9b2_T-haghTcv zCPAD)kmP3S^;wSM#v*3L8AcuTY#r_Mv|RVkv&Z!hpCVkWF}i|VSx<*M#(}8@hmB+5 zA?blXA?-+QRjdc#izJhSEF_lQ)Q-irJ)Z2BXBei29oFJHS#~eSWaGDX2VgsHlf6OM zM>@0kpqJz?-+624uj9kDrB=fvQO8y&>;=UA#2Z5tJA`MuoC<&99 zv+6fa?j><4WD`0cGKNOHsoeIL5x6ite^vQ!VW9Mb+CsZD_Ifmm2W!e=KgVC;_-1Ev zZPL3beLy&5kY#Uq3JP@=+fpjs-2mw(crmU79+GQBB&PxQaWgI|8j@>=7w}^e@TG~C zk8xyNja7$+oE-}VVjz*#PDTskZkln)Y_({SHk=0}_Rl&VDFHb0^~e$j;x5O2YC^}D zsra~EA^9nq_rmcAQvO<#Z4xJnY`Mxr7sHrTIVm)gr|Pl!ZLvkCRqt?{&x{i!ZYyjQ zo5M4!$cokYpCtt~aM&)^Xh%i9_!vt$47|m!CkgrEu427+66 zBrH7GKSCK<6zLWTnTU1TKMYjp0^A-z6Mx<%vH`jlcxz2 zH2$7rW3>&m`RYT%>}JdJ6}|e>T($+}9;S%ZfKBf;HPB4g35p;Z%y%%jG9DM864omn!BX+gg4ibfWM)eAtrLvsqv^%VKd|Aj>bNI=^PahUbIdO;v!#rx4&*{;qy3 zWBGzlN9~AF-!E%hc?RKag>Oig<0>}5I0;16Gfj~U91}da1jcHh0D6<&^C&sM>)xQ| zY8@5j4>rEcmMo%F6gmlABLN6WJ$*|VhtTu(9opE;^VLc`Pri5r7PUlhwe76t^-v&q zAL>ZlvAfzbtuf~f9_Oe}z~efac14ylCffiSHYjRTL&yS29IRH5U<-~m_8s?7CO|PF z)f#(97MVCq42{fUGqea{#6W-oUX_~;^X)$X0007c0xF^s<4gn6Sv1&^?^p^iQVX?d z4}ztTIFP5^ICQ8f{tWIQj3YSHr+(bCLU{-qD?^NzHGL3t>Z>kM~`KXfqvp1c%)1re_;7~pNOSua%WH9;MEv`g39+j=d%D52?y6i}!lcV~Ul&Mlx%#|Jb`l676kh13EHtf+)MN{|3J!%5Ya z?XN{?e@CixVn&a2t?%sW!{C#+v|JG{A*|9F-H1WIlUw$!p-+g`(s()hmJ_UkaUQ#i zsiPvQ$qf%8`Y<&@$?zN-jDt>WfL!RH_~I}=Qb;Wg^~Rs-?xxo*L07EUu#lpm^)Ov1 zOV5eJfKEjkL@4_oW%PI#Eo-8@c$mNUPrhAFS4|!TTNM2u=m*JRn)rDXl7WD9Wk7AS zb*_?Uw%=EeD`@+V68sc=t=1ZnJA$yrMEAx8;4L-oe%8TpRNi#_u>caCz6;l|l7j^e zG5NYCk?lsTqad?}gwkwPP4uCFAwUR$R)SUQvc#NUEh64?$S_MlKa%=-x=8XV5Ud%B zGf+z#iHL0UOX<28=a}nc<&1UkB#yk#?OGY-4wn({Ku)4q5;ZGg-_2+@-@p_Q{kSO8m9$b5ZmY?N8}iMxtiYQ1nsP6L%=7!OB4c?O_6AENjkG0?P;>r z&j~$(gNKgwq)Nkm*5O^)D-3%{9%J#{OQGs|djk2D5jC7c7JN-QM`r83{kC%4F_M*_ zDR1zSv4=<~TYDZr6sKZe;)9jlsg;ARRt35s?SG2*+;b1}C9I65ct|G0^MnJyIW~D4 zanZ7zz`gJ+r8qh|q?Bgsqq1)<&d&MaFx)!mKxhUZS{1s(Hh=lR^W<=qJ0n_K&?>%M zb*x=W$iP2&umH2F!f)07!|`(VM%NuF=%#kS03=JdFHByXukl`sgp<-DG(3-#qBHiB z;m~q}YsyFI4zHom054Havn=Ksam<9swMd7LrgPr*4QHnj%5+)*yZ{;nnKI$#JZNzS z3Li}i(-L9#ZNt{}%oQgLGfMR8n4=n$jMLofDGJw9&I6DWvzKiUL%^;Koj4glBHm&)f zPv%@%1i9PI_%06Zxv3sB!{_b=v^$FwcJi>%Csj$_@(TQHR=X-y4Y5_nQ`zb+7J39K zyLMwu(O?yS;BgoXnRJ?{JnhpQ&KfB;~He2*3s)Fm%jk`^V$&;I6VbpO|fg&$QXJc7(Cf=7SQ$rKeQKbzJ>8PDYW z$EsGh+D^Vxm_By4EK?R=$$xK9LW9IMNKtKm+Tt{vfG_2WL+zkW`Pwf(S(i!W{kPgd z@P)kUnR()znDmsKIl|Xm#>TzKZ07oq0=)J(h90JztLdRT z#n$pvB#y~NAHP5V0Hb4p<|K@MMm$hyS(a6?s1R?%U*N`AA8I6YSVl;!04+qTpE|i%=W|L6PgUBaw*n4edkv9sk!6ir ztPk54V-Xc@h}p_poG|vxKe|5I(E-WQ(N`oE|*g{Y*^oz8qa$~#I1twK4jg1b!Z2lS>l zs-WwLm7q+DC#<&$a1y6+Cz}t4bZO%CN*Gr~=2jkPr?2Xr&Zz?8!pKX*OhOI%aB}EP zpa65Mr@4I?rsEy1gLU$R(}Fs4+pS&lvCyvXlFO-Zc0sdXfpy_}3ut(e4yFeaHp}3Pxxm z@k7dypG;0bMM=f5{pbLS*-A-A%*w3*56IVObCP zIgHnwmNMxbju}Xkd8bmJTgr*NVMfr~-~ofEAc&pGZV~(gOK)zsu)^BasH_4+eCD3B`!O(3qoNMkJJs4)} zfS6v7M090*PcNE2C9QuL$OP;zUS0~hCj8OcB=M~3#3$eY2@GqfvFC%dRdQf?eIt>s zOOm7I?G?HiF-i@&1*Ffc4gYZk7<)b2O(zs2xa^qfqMI82Ep zI@62Z)cjmmWM}_(e4W+j8M1qiK5$W&%G#B=0spUsX8&{yD;w&-WQkTMMv2>zTQ_P- zVIaer(gI#sB5y_td&_)cb&&9 zhttl5Ao)E@xaV+_8HTqCZEhx`hVdmUr=8@bl@z()|EW|KOn4(D|m?Ep8W~*LC zauTN}d}sT7-1FtWXik`H_-+;V`<-yuFD-nPcd?(lK>thQZL2c!sKW^$roN0F9!^HF zhgHAya%mZdThfL7>*NvNryZ#p7KdDqr(j(0wUKm0v9^zZ&&^V%nx<$*!YbI?GxN=O z09*y*nG)wpTQHln-K{rJ-5gh7*!fGVoBa`Mde;3dU{{PeUbERazk~CTOdGZ53xShr z97+RfBk|y6sW|U=LJ@5k&HJk7fy5^~(57LF z_Ac)rX#e$@vA$_(>wc5~01=oZ3xLj%8evV{x&cr`Fkj$sFrkdHR}bR}(8w$T%z6hN zU?@6xn%Z$oQqtkwpT|5!Cw^52{uRV6;O#t^8%ON!^gl5!#< zQ6Z*np?5y(pav}5K6zdx?~k1MXaddyt-m0VS5KIdx$#)8a%F|cxP*+_8vCWItU4vg zB?2R@))c3e5J-t3mE#fMDNtfjg-{}Y>tbm1?E}O%Hb?y?P&{MRW1SZCIVh;+JxeEI zFEF~@KGoO4%4h$}4Z}BUYhf@?dV;GAYvV>z>eESKlz>b-&~k#>q~rHpVFdNgvif8p zYoJDd@d>o!FcijTU{t81DS`{f?2#mOR5w&PpTs>a|1q-0e}%SCVG2zQ!0ryMB1p~BeU769v~iM*=M#jnri|xjzeNZ z1_JbCMdIu&V%SAke8xtM8Lh(e!=l11B$hbNN$~xoGs6|SSb&lVXqKCKv6om|;aLoG zGew1x3Z!wqi1SB z1x_lZjS*iQFh-IJN%X4c$sn>|0+6M%+ywV@MXlGrSDBIMykr8R+O}S%y8^`LvhK<` z2KM+51odXKgTb<`uHS6w`L}wzE=lgfUSgr*_;3LmNdRz1Dh|NTO z8`^&A<3wtOvknkT?J$dBMkb0eH`B=^%nsLx67$oNU3`gZ4c;s%ip2L_Z+|cUJR3WC z-`Fi%a(W4Ke0pBA)gss>Hq}Bg+7Ik`!^*pi6GXsd-LlS|%4ePc%65)1l&U176@~@m zP%oHIk#OX;Q86DdO)0cKi^T~kg{MkV{ONA#q*Fk$j%Mf#p~ALe7RVTACrcfS_v5Ac zsOuP^Aw!Xr0}Ae9;e#O3bOdKNp?N}YeEg>68zzr4H>d9Cv5CBnVLJN+HqTv${Tsc( z6x^Y>1e=>pasfTs#@u_Q#Yfcp11<(uq`QYjK{fd_i$XYn$FO_4*NO_SJdhm}Uajai zC3NjT?wcS0VR=>|TF+1ZcaN`lcwJ$CV!`+8vV$Q1E+K}H0v^G<5y*u=CHf(Ap*nr+ zV&lGtWx@^Lq&W9$y>|bWTgk-q`ZD@Cz%pB;QtWSooz1!Vg3#IF&+)MP@w)_Rf{U9K zF>8fF>(7eslK(PCl0c03+>|ps$r{*-ckzx`{3S17ALvRd@>VuJFne~I50R9587!~Lrn4dS@RvC z@mtI8NB{s2#YJL(vF#N|1+L1A()(jBy2)|^N%wu?Pnd*K@JE@s#G#Yh=CRn%nHVJ? zfo%M{dmeiwgu~-R@w4n^_ij}KN={<3eaMY}4}JJg#(J1zAwpzq%Lj(S@l#eCxwzLI z(;#S3{hAwG|?9t_P}t=q%+OjcXa=pJBb^EursI-~Uu751&tNE@#m^ z*&k;~GlNXYcyKEs$fgILOsK7&NHgT#$SR&|{Ye~s)i#>X+869sZ&p778bAop2FC$c zcZf|hHEJ`XnjLyN6CywsR~1Kg!RXo@CfUlk5yb;G5F0I&!u~`=o+|ZG{l1W|Nx7vJ zfm>-SeRc}S(AaRp@0-BhG2sz(5U5H~%;wf3p;CW)l#B#p-gtcl;#pCT7r5tBhLfRm zp*2l+!Z#tRfVg&!N_;9U(kNE@K@UP^XCeL93^-6Pc0_O!5lmc4Nastw=|>fdSX6&u zLxY4l;<-bbe}k#Z+@Kv`+IfJifhgZio66kUNZd2YI`ElKUpmw4GbY@&Vj+O6bx_b%Hmld z3)Ny*5_`1q){nSFBy#5$k7?9rPbT<9;?J-`ttl$H;291^Sg8!BR6_kOGOU7_g^7R} z*}af&=I2=Md5u1jrt1&BDK*IwI^Y%ZH1Kwl7N^(cIQ&}(;(b}_lsBzzoX?Q&E{%Pl zD9H@FhU^HXE_G`V7@$-Wf(uKzkS)hotBMC!^v4}GL2078k_rlG~ojC1fomO=Lm9pNAKVx}zRmbuQnUUs96>KlWaV{^=Ah^eSA zLOLY(7Hp(a?SZ%7w5##3_`ivGJ%~Scm)$SG!RNrvI!ROvqsK>b6dB^?d8QejxjREl z#2OS)1VTsXTStWB)kva!TvPn+7bG%fKM;__zR{bZK&nQ@W`eVtZ4AkUBKC<8uZE?h zRdm~73h4j??7fYPB?eZT6F1KnP$-kIUXl9;mR7IJBHWL|^(pj&cK3a-ZBM`b? z@N^^0qmeD)B(Q%6bw)ux1s2tY3_>02%L@i1W|rxX{}iAzt}E2oU&nPlx1(8f>0I)k zU^dz|&Y9U|H9w|+L5T?s1F}HD(8I3D4VX)9o&F5Zgf1zp(5ZpI3sl`~jd}0m>j*-R zhbBKB=_0NwX%sN9URF-rcZ8(NtZ~T0yX>Ky;xVG;xX+ zV4jw)JB42|5?To?8E*3Ip)_z6n38-3v!sOCBO#J+uu&)t1S(%97z{Nd6MQT)x$a8k zVoXdOJnDv3ESra33`0^hKjd6)IxU5SsD^{EN3`8Mt2069o=op+Y@^kFnP{@b%Y~k$ zs)MhKMQ0nZ7MQ)o6ND>XcVV`-i$CRBXqnt^M{SRQrX2@{4?N=MQY}EIJKYAu1NQtO zOAb*}$(yoWdxx_QVEKXM$BP~)ju$4g^8h#;=(J9YR=-hAeBLgXw1mmH3I^Op&8Qer zX+dGD{|*y8Vp4Y>c8L$!@d}_^)0Rz$1QuO@rmH-n5+OyP6-5(&`Q5YaA zX#DR+izmeep}dJ=!pL{$hk4Lgd}P4B8lr?4^Or6E=H5ovz17%P@Zfq%YLs#5>M>ti zhLaL>qlN$(msX?ucxlLOl5yYy_}^DeWX7Ik8fH#^hEET;p^w*)MIRyQEB_Qd3e93m zC*xKATi^yYp;}gh)M?2ID+w|*5f<8Gz47R1aNsG>H(M5kwVo-H6}Maw@T zzIy=qY#a_7sDyN>=B{E|I>ZjwS%MegWsjP_#UxBqO4)tmp|eib8D1sN(l2F(3m+<>p4pH+^uw+K!))WfydenD^7bnHVm5RAiw|!(Qp|e zPEV-jNB3@p0E7$L=@nF2Rtc3l4H#KX0M^o`=X+R(+6V{3Q#x&kHV!GrUAAhl7w zl4-dP0CFHebt=Lo%;uKxwSZP>2uV0*8G7**K$n~ZI-!$WzBEw~CkO^&&<%Yk<8pZ@ z?;_T1We(|Yb&oiPT3J3ZK6X%EMc4>Y5`h6m8 zg$S1t>?ui=B3?Xm!=R$}$fOhSdQHg$g{>7NTm_iCNK186<6&0J#+?b?5B7N7S>T9@ z)?f{Q04A9$t|j*Mi&}&6mWrOvcn9Z1Bh&>_+}><$sXQb=0YounM!bMR{eVR>K5$Ct z0VgLYh<|W`)&3yH=T5&RG62DRQrYycDJju$k!AN%!)Q&af=3Vp-*$ExiuTYxDJ)kx z3iK^fAUA3;go3(nrBev`^cdv<_oBzN;sUd}sYS1pWpc(j?IhF7S=~Nz{$Wd@zOV$cBY_xtr61u;b>BFDXaH#SM^A%F65nryX_G$-dLJ|vs$9DH0^vTjG72bCSRn)m z)K#0Y0t_*e6VIdYb(`LvgFcY_it&Ev@PeRft6o7V0r|HNcoa zjzeX2y#@x@^)N|9nblPmGVM<=@>F)WSvUVJE{pd%l~d;MmjnaR)g`$sXM?8Hj!BVd zPQ5chnd!HNRkzRCub>=QfQ6J8ZbrEpSKp2m6QV&*?_D4ZBlJY;^AvO0G@U>I3&!V2 zq?c%nGEJ?WWhd%H3Xn^Ogo2BH?R=RQ)CS}NC(n7bC%uofJV7rT(!so(1KfstI7i{0 zdlldfQ^zwC=!*$|fuwxk`$Jk94^*winxH{R5${2M(j)^CD$kYM#}vl$I(VbR7h(}T z5(wMEnU%4q=$8}pWpU8Sth9bZidFy_#fqG$jE$Re94 zy;fIi zuugr@yNVyYH26eA7{fgUNL7OY==Ux@R6o#*1kN@hB--wP@1YsVM|?}0DkP6agW0xC zt{Ql`5CDL|GvWHwl6VM0M|@$Q_+{8LTra6^uFDfnW$)=WW7P;XoU>_w2swA8F)LDO z_|w3el%VidDt#t=78B9UV787A@vmZU@867BY`|_#?A#0kRQyi#MvWbB+oAw z5>munpp_7K^oJN!TkFm46ea*eh)MHXXC(P^v0^f**kk?{a^var;EFU{!rpYu52ifG zf{cV6PgiK}l$M_GQN%JZKmATC90N0m*>XJ++7!LyQGgJ%#>5r?=y&#swR)3v4YTn?n~a7iyH8uv=TYJ_`(;W{3W7q5zt+XSLyK%Bic$Xd9T zo9+pXUfvX+�weU1p|A&mYL_2h+5sQ4WG$3S>|yK&%rCwrJ1IXl>61%NYziUrq;* z*eJ6&nQZDP;eDId*;hTSx?%^@HB zq3J&)`Wq`8mAP;7=Xbn)RpVzAIv^UrL184AUfj*L+i2WTvCv@gIeNw#ixIpONcM)=Vga?@Mlu{_}yf?WGiJktN-b;p{Ov2*}#~W)qMJYjz9Gi)k_AEWD`g^hP z8Z90L=p+F6t}xESN5$73=fJGZDIWF&65|TajvoZJ$&FIn0#O?5s)8G){zK*&@-t^m zcC33Q%h6R}C3T>f#WJ+jBp0g}KI+Y%pRaz;t$WPrRN-~Dwpp*Z^4j+08GnweS*V0{FYaO@olse*YAHm`Q;ye#(J#>lK0u1e z?FXY|TH4zbj@PgyXbub^$q<%+NXiv!NHf{`P&v}p09HzPfQRUukRCBckjruB?6$TL zd)oj84*@7C=e3UeA~9b`dbX#UA=eWk{#@wGshuwB-~xfwL1*xvf-C4yS2V|8`F8gV z>&e0LCH;ER*&@UO`SegLYzvlKft;%;-bocyBc^nQ8)#*ybz)CguHqI3a-}ua=~K<) zfa8z-D!3<5fhV|p=2DD4IZ(lWcm?KQr9mS=?$BkuRSv_Td}$cmji?=5jo;OI2sDk| z1Ielg0S!U*TLsG|EMx4!4&fV}i!pc~xkSKH7lg!$p`fwh_*xyYz9h$MskVmZ+c%0Z z01DwBd+QJeqL9}GO^(0>b{@g*l!Ckgcmh}uca-qv=rLKUD?z)};ftcA9#`6mm87XT zBB7ZsQ}c?lXIHF109m{YBL+LKd=?Hope!818RI4)FK@Y}BY;qu5yN@MQRdi$UUt

    2I;4(^id|^j56q9*n!Mmf^7EI$05!OVj;dZk|4q7{r5B74qb$ zdxe;@s|nlo5cAhkNpLO5*vV8JSH+u!qO1L%2T7fsZLrl0JVy?MIcX z{Q1L%#l-dDv*i?h#gvjn#FCeXy}dwVfB+3iT|9#RVA#gnkjz-TMc4aj^^KH5)d$za zCv$6K&wi3X6xXL+gz(h}2@`?~0(RSev? zq3+Q;j1`<90Y~%IV75aq^#eHCx<4lt^s80nE-sX3D=TOL~pnM0ds<^43+T|4Y76gbF zN5DgB=a-9@HlpV>ks{k1j)h(^pZTjhnkAsr;|gg%KwcD4;zx7a>84`tLPMIFCd;a7VshZIc-Ptl?JJ_*Z)M%Iu$=w2M=;g@65MP_Zk3K_T6)p#8-%&0_)hEU9`bpkBK;yfd_bh=DD{* z#h3}tq~5Tw{WQW&g6QzwJcShDx%?Hc-$k<4r-CYZ{Duoj=UYbvH@S`0-188iYz!$a zPX7EdN{j3ERR1SfOA@sMx4VlUeTINW0tuJM$xIBxNFi)9TegMliUb67+j( zhB7#?L+{j!$Fm}{;iT`BGaF-H%+FU8E$-St^!*UB#p{(mVDZzXj=V1`r-otqf$a=T z_^>m5_#JPopwJvy=PMZ%%;J=^l}##SMT+gwv_;Lb`!90V_vA!%5xus{yjd<9-}a0e z(Ik4cTz^^20AUv6T-?i_J#^KYN6gJ37k&Ir2u|V+UrkmBFmABqgVLh+~S0j0KmrgW4a&6_}Rc2>`Njo>jW`?r$ z(HRFQ2uyT&w5W#jH_sr^Rrdvn7`5*o{n1bq+VRl!!Bv=Qhw~6n0RKhszJp8)Y)5>S z&8VA^KKB@Zre=xa4bUyaa1l$MqHUpbEh%~6OUUaDbFOqZpHu}Va|t)@s}dyd&B{~8 zp5Qy%|B0*MOvYkTgm1Y@Z73FU?io0y_|}UmCnU^UtH!<{2`|lFL>%W~hUvpE%%w{S z0B*=MSAqNcARpn=+)oU#?st^!0t{7;L5P+sqWZ|=L2Yx%f6_2hDnU~?{~WWL&}j`x zp8+=kcj&4yFh!MX{GphV&BRi^rzoUoLM-{z3F(Q{x|`J^?*lYak6x3j0sp)dN}&4u0rmC`r1uwpe*&?aec&#m?2<7X4QR4Xe3X zWz_%+`^vxgOInr3;UIl?ng@5tf?;2f=#IgtZfZ+L4vZ6RRrc_?Z7sDr%QUX_@}`hM zSz1HCV400RcHDEDO#cC)LhNvn`Dz-3;4H=%)?@IwcAZ=8fT$)DutqwZ5XZ4){Gej} z#kpZlLL6<_D0Zo&HGp-@W}x}WAouO*d0skb*tkv5^!ic5fF!c|Ps-7BP`0*p^h_ui zUxfoy9+HBUbCe^nA&@0QYDFBw2H1Re`ixTM2K^s69-cA5B1)_sd#%Gh zEo2*3shZ)Z^7e3+<;F~BZV|<_;PB-|yHlb_h`P1WCF4uv#S=13UuL5QHB1S zpp`u_z}&N$<+X>gu)X&5W`kC^Ak%E>3yDy4Mi`!O8OZ^)lmCR|hU^Uzv@IA8ip)^x$X&z~VE@DDm;MU8kQ8|X|;$aXY&me76l>%?E!?%jQ8&`RmKysUQWhyqs9 zEl9G1NF8R(o3-(uolx8EGSFVMJm{JmNWa_U4_Z_Y*rX+OcQ&$1K1$}MhvA)`@#OFU zhfSXz8r}#1L{`mEsMP)zPFsC?pXC4>aj+Kh+4+tEAg*kOOe7Y@wO9;g$tqx3+l@vW zpTayB)0Po>8*rq|$zKmo{wDX%6vY1kDKWub=oGMC?kB#&(!_*e2C0#31y^{2l<-$Y z{5X3_xy_r}*es*vB9XVrz`~g;{{XMHB;uxI_*XwpnSMVV%n;LE8SCWo2nqgVF#}f{ zVsUTakj)e}fyl2Ex@)FLUyUCXe!3T6!UPE6HH;)8@X#Ox1Da2X$_gq&=R@s$)8uYt(fr38oN&{&&*EB-pclxkp)V=%B zvD~X$Lk`8^3ZWbk&)@Y1xrK^2bObeKO#IoOhzjOAhuqy_dfi*PLxvU0P+Ad^Jgr0) z;ZS=`a=7t9vHCwbD2xtyAVV-(Sc6WJe;KRVvMh6+ zpRnwfOShZ{(meTD5;{Rf)fD3UN*3Bi^Qwzl6QU6IVCQER5}p#S##y!HOu+PWs1!x)Eyn{`;&-9pWX587lq+)|&9O~-C zPdH31M<$RH+6g;*jGiF-!7xmMe5N1y#Hv4DfY3OY7fHLb*dy^E17f#g<0PMoUf8Zu z;4ZA7yq-Jnd=y&sN{wh8vaOwqL+7ld%C|9n6*&7uAhiYbXeF=QsgDXA)HPbB^RM+* zjWfiDdF^lLNKJ+p{cothHPcBjgL@tDlX`C>|44VnJ3YbGgr%#(@LxvcJOpOFTHFKS zwsUMAI71Y)dCW169j;`;C3q2F+iRbF1E%00kfVZuNPPG#Qv7ha^j3LiQ8Z_6{Fh)6 zFT|+$?$3YW>jS~&o@>sg0M2CyWr4VaD`6G+%#R{FqjI5yLofaPQB79e*xrxh3Q}is z?U*(O&t^kHdONmC?5;zteLT^RPnniLbW?e#!k<&oD)T(5wpvsmWP$^DNZBF(Nt?69 ze-%*&)I1>HG(r#^UAuM>7hi*ob;@goW9tjxm8?6NKNi630Wh*7NWI42N{A6Cz0r2Q znF^<_0`P1=9$US%`<0JtK9Pr*5la9^JYP-ZB=_$gs?IPx!XWY1*fwABTuTDv)JL9` zK#Z`2WoAcAxpK1QJXYh;tXm}^R~`~x)Ba*vyK_OIkZ_cZeK8q`01AZLBwgM?9-gko zhm2&jdG|Rk2tpbOoJ}~%NYZHgs!OH=Yw{~&_jT~%B|sMOm7UEi0#FI)FHkfKD$%+r zd!dFVUTWMTSDxa-E?j;Sp+&8Oz{9Q}M?es8sZC9XEmx|D2on#!FX9M|rn=6Hnm-Xz ztAlcfYP_)|hOfkp?e%&n)$+@oo&|>@E*`W5U7y#;689qr3@|6_75P3)F4quNBV!w7 zid2>PzQE4G)SChSceyp-E$cqwp1{!)V+EfTAV)c$)A+0wCT;vG2SpxE&JA@%<>LHmbdZ&OW&AN|XOCRpP zA0G00sAz`)_EQ9sxsWl6!m5#ApZGzQFl+2y{~xLSm--t)6=A?BV*ueztABhEr)Qwx zM}#n(`K$qIrl4tU=5k%AuZ9E5!IKI!BZEkohMz%S$=4=qZJWyTKxE+nx$VR7=WD8h zgTt>f`oOB&6?gS^Lq}?LJ;POp`B+<=m{bc+N5@Wj$<1+8RxGIEp<)=qkkG{6pdfE3ZWt<=#G7bB|n&pu);~Gzic9Lmi?$VrlQ_u!yize z$h|QMDkWC)b6mGjGrLLjedNaogf9KC@Xx6?<7V6u8%)~)F?eee-Wq&5VC)KKrB5|P zu&(giv(qHk&3g`pVm0<~3Rw4%PNw!4Pp`jrS<8IPtPB+p3Oc0hJf1_q!9jU|j%i)W z{41KrB_4FsKsvp>#b{U|JkWR+#sCN87c?&^akiDp6hjno**}-=lE8j^%xyA>?)r&` z#;wSAuj(?Sdf>`7vEJ+C5Ji8-QfFRNElz-?R3JDKhl#(_c@Ldv^trn&GX z#D-)G%ZJcK?f6FDg`Ae5_O3Lmcrk{gLZ$YMxRj+`L)kVEli0Qf1Y zcAFg?QUFES3wAjVGetK5Kzc`!0j5>rq=*DwJ+o?UjGs*DnyCIY0C%8>U?+>h0w$T4 z9dr#aon6?G+I5Q+qg0NuD33Qlc-eiUyF3|=lqQZSBUOy;DgmArv0Si4<^w;rU~RU9 zO()Wah%h@n5cA4VZViJfpJ!=(tzm?5KmuHX#cMCX!@($se4uEOIqKn^S-lWNUTIcY z^yX;AMX&Zq;_;ks(1Vyl^zOYyYbRaUYe9=gfC7H_9x~jELaKs_>w~`3lAf1(J{!8r zXxOvfbZ%17F(jg^i9xve#oV;}96IR;4hbfVbq`(TUe%J#fMI;R5HG(3w-w)`XY+R+ zX-{kI!Dq}S+@I&K2wKr5j-KB??ffX)7es*e*IhIYM)GG65K0|gOoD*j6pi-(phbDz~UkYkS_$|#;=JKB~TS^-dB|(S^S(;mZv})KBw{U z0=pd5HI&@Cmbp1$8Ry}Fl=B~<&grQsrcHjp73`_A&0POGh@vG`Y8r29ho7CNY7cm4 zfKCE{W9x-wqFu_N_n2ML{YRa@!v*8$r={p*f7jt?Kj$NjGhBT_ecU^`r3O2;Y?z=5 zf(CMHbc!tYeE9^{l~6Sm#Wx>caA7!rB0tpbraf?D%xA}LgI*dgL;tC40MD)TQbtiU zh8HYo{%54O z;)DZHkY>j|um}-Mh(Xbz$)0C7H)lBA!T(VOqT@g2sQ}j%DLibvodn^GvrIIEcv^>< z-lN3&@kI1+5X&7i>3y(lg>LX+8>MVTCxb`d?I1nqT4JEnRL3;=pghX~zyL~I0q#R$iAL0EBbPbViTpvW!!G&;w}QA_-~C|NFf+K5y7aCHo?1vLi`l#s z)))CR+y;AG_sXUy(uq`6Orf3Cu&Eu2PsP!JSi4O#riVjABN!jYVlA{5fy(vwc>S=wRB6iA~Hg zD(M1C(2v5cb5?h^tRLCQ+`@ScNHClBj=f9SVY8n>&ikY**4UYWi_Qt)CW-a#*O@%M zAfgGFQRQ{22o^(&_rwhLg2JMTY%>%J>kj2(5=X4)@Bjbv9~~tpE=o4C^SY-l=B9IuLka><9AvG&nX7hLvz_%;iR1zDuGl5Pi5k@ELXH z-{6L?jGxds?68oVvs=H40cN}6$eyyww`C!nZA);e9C;aMg0ss9iI`@?F*rvrWX3%X zad-b_I+U`1rdpRAiX9RSZ_n&EiUqWSPU7Cg7(OD73v~{PA>%M>ZibXP^6KK{N<=!h zO+g|WZFM~8-d50jSo^0(EDDDd$zA8ed2B#-k~q1Xy%S`beh0uYjcwHz@T?fvd6D?H zab&ytH3aW0%y2<(}e>(=`v0QPI^azgE|$aQBXtzIN;yQU~awt z{OuMO01T=bsSrpMn(4Jy8CzEgfuBCGR28Xs%sb5G=#F2ws`#Zt5=x^u13vRUYOdZS zFuLgxp5Sxl1m06{p;k;eHUi(Xb!~PgjWaMzvnR9YaIo2~N03b>oi-dU4 zE6yD8SRje?ZxQrui_zL|0{7bJ%+>e;U&K8{6COE}NK{YasyL-(vjs?cX5(s-DD-xTQdIH|?(%3PUfoKO2U0Hp~Puq7DD{8lllwr$e z(pn;dwj4TX@~b*ldUPnGFae%Cq}KYA7PeTLxKS@-^BBd-0o+wH4Y*HG0^{n4(Je0F z(gLLx_A+-rImYx}K*VUK$b5%XcmC2EI4^|k+1pq$%*bei<4>|lo&J`lV|9B7Pq><1 zUl{*n*APhoWI&jMqp`AxV*~FqCqh5qsF5JC7Ra;eEN#q^)o`~;W#;W&J+m3mi1l-l zUJ%ATMQRb`rQfTVROt_WWlh^pRbi#bQSg(HkK{5d8=2570>M`H+Ri}G<$s!vE7PWK zMjz%Zh2@Bhdo~uAwcNPFyM})lAB14doF1`h#QqtU%Q?Z%_~}kqL|0(ti<47*CxrRF zd~S@j;YOvim9R)?LiO0ktR!i-BkW@fh*`5qw|Iwt)ktT$XN+#&r^-KLI41kn5>fMk{bB; zv+@$>hItO6(xl3%kqj1sOylJ$6y#PmRl{VEElyTjQ30(z3%ng5k{MEIcFe_Y^GLyS zg9jDJF=u#tlzZMNmdcWh`R?^6Q=Gt*s)a55^XNSy=ZA2O`5T7zIbhNQl#p&ejSuh) z(VZ=I$fv(7MiYmvT%eBLSREz36em(#{ul|Q&jj#b5Kc`b7F~~9mA!@(4z>L0$T||AwAFa?c30$3MvjXEAvR;|mh!r&nL61c zT+s56KufE@2VUAa%tmISZU+Sduzp&pDrf&Pt|6}^=CIr+7{nvGysO%0cZ`JKpMX5Ne1`s4dh8^s0dSC^sC`gR8s)bmhSX-tdipsc+!F+_6rSbWXj3TqUf_eDTR|hCgRq19A9s@>#=z?pujI#Jw$gti?{8~qGX@Hg=z#?$vBqQp8yNH} z1wp>RA;Tz7tuAcXTURHUWy&|ek`%RMLEJ~*jZaC%ml9!&z*Qr!lDwFr^mQx89Q5o& zp&3w#nwHbV&|=n|E~|~IwULt*@QJ{$Fgm8VkyUs5<>!gXc{PXrrj;rV%jV!I)jZ8# z%{2bBWpc@YWMvg%8}reNvpWt~RswS$L_%aI^ib$5YCQ2@@|>)&->`08hBOeZFa+#f0q|BV zS_f64V#e^cRnvX${rhc*=pIG)x@}tL`B5VTP3b8e@R4X|l8-)q9MM>~y&^Z1e}B#( z+5QM^W|OH4alETpD5D~+>VhlIs>#FydWMXryRN-Tehf|^yh)6N;(`ArAf@T4J;H~n ztKtJCQ8-a%ZvLvz_RMe~ycb!Oz2SZt3g#~OWDyy_0U9Nf|0hR<1nfNj+!l^IibuSyO- zVE5vd>mNeU3L&{ook?}7=sh9WRg?rBwZ%q4xExfwzNQmWV2-*)szZFVm$H@gneY|0 z#hj`fyd1+ff60Dq93b(PM$a#WFB)R8%~3%Gi!ZDZ2B1|WA*IP6m&=VI2^|!;^X%u$ z`yHv`-?F6K?3WlXMORl*x^c^T%FAw=jLj`Uu|%fT-mDwLDU9^{fR9+S93Pi1^Re_9 z5z0vo%;|9sBmfkcw==-&k2_o=>ksiPNKY;x$)Erk4-~I{6ij*`ANk2^)0ui9DL=HX z$j9c|fPKu0Nd}3xCt}YywC1Z-m;n-(3C@ZDjO3tsAp=4Kv)O2?jp+vjV`X36nCEn~PQVicHjUL7-Tr-F zk|w_+e>ct|h#N%PWXJhUqxoTMAX!JMO+hZuF8$L~+XGsxRGwsTIr?kD`uH$+!V*%* zh~}ssB54W9_^2hcgBWY%2OGiQW^6ZEnZcIVd{;}o99cGq^WL%Rq-6{zuE|cZN^)g$ zx2&;EA;;RngHeHk>BD&t?pIy!%|R+%V^2~f*@H$pWx!(yCZW&?sD+{~_w0~;h_Xn4 zKE+Hov5TexVQgk=3lDc9ubr!6j3-thAU9u{2A8ZuzK~mg+lLAj)HzWF*0V9>9WBM- z-~a{@^XqLQJz*>S1beMQTAi`#pvfkY?A>c%C0YS^d0I0P4UU7eI&8F<4&E{@$C+SY zdvVAd-zK%DR+hc=6A?;MVOLKeJ}b|rbepUg3$D%aE2z&uXmVWZ{0+IB|CfW^>_C~_ zS#6VH{tV`mg$U@KAlt^|5{4iI3Ft7#?#!`0FM3a*+vJ4L16i?#bh0e@*_YJKplDI_ zCVh=Ai?YuS!6jvcb}G&is3Aoe%G=in6hOi%Ed#!*xR2o-kVZKC3PgdBTyS~Yi=PjO z_o`TOGL$IWj9Yn~=I|h%LHxK#88=0DT)i`M6NCnP;Cfe z6z~LFVrMx@S@uKSr^DKpTMCeWoB%$u!~$B40xbT-?pv&0(kvs`F!!bond>yp)m=O= z_9IlLoR0?;Zm0Mm$D+^x1WDvWT)yT|LrgH$HCFyQJ7Lz;5no6nT_S6I zl8nqyFa4|4^H2jgUJ#DW*0v-6U;qGrWw}g4pg&RIK2;td{Lr4T0+v3?YIvTSUXKuo zp?y^ORgn(>6n-6IPw#xGtWKqmU1EN}kHIkyh_#<$>Hnfksh)A00a`*(EUDRCKGJbA-&zO z#{-HjU5-cx`+*)C1Dt`{v60usT#P&u?raAIp9)30wZ0Uz?UMu5BG*C6aHY4WM6~kx zhBtF0jM)k|T|lNS#&57_$inJL+YI6UwecbaCsv`sm(OQi{8RS3Jr!V0d7xPWP#+px z6zl8Z+Bw`qV(b7Pm&7&sNI`_AbEsCLZf$%#WM*k-HVD@W1&72m zHkD#xI^}2~UfrO}<6s{~yJPD?8qPe?#jn#I2XzZ#t*OsnjbIRXrA(+4$JRd&O3bep zBTo$AZO!A~Zps*S#cXrSZKN5Sx_D{xZvq^*e$nfMTnm}o1;@g6Tz!9qud z=koF?1e=qSj;m*#f`aovigZKWpfzv8Krf;q>Fqh%o1xK9a7Ey@!u0;eOVw z=J{zw7t5t4sj@6rn@gwk(NB3H9UL+e%+R|tI3qk7&;mPFWn92ap2jbO%uH}FL1;P4<(*V;=pa)^hQ!oLqZ{ty+K~9yH z?3m8Kd3XaLJPf?4dx~>X-lQ2`_1mdYAF@7ruRY?~koQ!$@3Jb`QhFUS7bkX~g(w~% zZ84y;+N04*pZ-6LCBhG9nEFc>AMy?Cx3?i=D4Au#b0J7WFvRRm9gqw>az#Ejwl7f! zpbwbfe;^>|`cE@E~z`|0rJ(jb_OZ7!4i}I@D4Ir-LNHz0PpE0W*FgB(7BU z>#)wU3k64*G|M1{;t(+41VlCQ0wvz4`4TsJruEKRPLi(*ry8hUbwb5Zx2Uf5sIDrn zzq1T%ANM^vO@D;=mR9dsYwo8k&KPSahRRy@lg(}FAXPP~QcQ~xtTIlRJWqH9e(*L))*?(pE1)JlI2HUyMqwoyU5+j&;!_j=%r@%!4T zGvjHa7chJ2!pf_psX5pzN9{E!&7}@lz99v1LO5qIrN)PEd_D8qaOiU*8gDMC7N*Gz zyFp(kOo3t;XuqJT)j7;TCn(Gul?Ley*gL=$HZNcjKowrBI;S?33?N$}F)c6sjr!A+ z!7KO&g9P{js9+s@3Np!jhl6PkHQ4xTg1^B8QW<&e0=t;T?4tK!x5A!?nJxxeq(SnW zFLb-ej<1P<+8{=d(VbKdLJ^|sKM3TNeelo4e$?hTRSJ< zW-nUl(g=L@n+t{Op1GcLW#W*=ZWF#nD&jvA@i-j4{_XbR1$R<#*)!e3L-R2#;08uo z!SOWdcY3KA`kG^9+!l-p8FAnsSwI#*TI#@U%*)5yjr=V;ls}*AfzH56fGCL;3l^3g z$4;D}Wc=+)Y9mAp(e&ZGH2js*u5{Mr*s7vm4AJ>#n?eUOy*cA#O zgm`zOixvL`>~03=MI9zQ9e%NN*%Pchh>~Bla}utbx>@k$>HxXzug#=ThhWJI4+jGH ztfewL+X{zZhT_{LBk%wm7Q8%g?raiM~T3Z!{qjUNc@wg1rxyrkBBTP^=} z{U32A!e+`LQa#A9q34s!_+z`fB*<&u)i@LGY9@_i>5F^EjtbK zZoW~VB6x_d_!`cb$IT*k5HNBB-Y>PXZhPE9t*38ZA`qZ9;Z7Etndg{)Socci3SOe$ z0^|)Xw>duhQJT>N1RViyU)O8b-dt4a>~cLZOvPEOqB_d4zctdy@#`Y1nr6Q&Z)=41 z9!KTx(;}rgsW8mVK^=_g5AFHIuaxK zlfPjF(E$eV2(v&V$t%6>{m;~y?@cyZxz>fvK6aXs5I`1NbLEis8uxmqeg(ceXOn(i z&NUBMe0KP^L@8;gMd(rc))%Wz&Xutmhr}kH+W73gMsKH&RX3NA!7Lx(oo)y)$MrVw z=!7HH$~DJ9_F|}J*%H+?N;QzAQ}A7C1TcfW3Bk{)PAF_(;Vx&4&dkudfQaW55;Q*R zj8?Qc&p%EsllxJ#fj-*{H6+{=RmX^nl-Ow>BLiNl%cZVitT51L1t$I4pr%0L@yfLiiVKgFSkH^kqo> zu$XzJKH(*8SRrboVS_NeA1mK}u=k_ZoVRF)UR7OfbQDOeoPIvLgdw^v=)?RmMG#}E z`PPhUcSt5-;BS?T8^MEbxBTULU}sa!5OxMY3cii3_l7TQyOHPzxAsp8Dr$o2?n2+o zFm&7QY35lX;Rc01sJXgHG(!UXl(8wK7ws6m=^ZG)Km#ub5j8VVd+rK#b`a#WV&ue1 zln9?(5{%ub>kUk>){2HvHvg$5xPWsR&0ER&DHe>FXN53*lvb68G=k7rkr&Fr4){t{ z3w&IAxR=IM=2e(%eT$3GJUA6SwzllBJXE8&4rNV|!Kpfy!g@Ul$^@~-3-QqY0$a?9ODCjTq$_3PQ8ef&@*+zUmjZ}8fQv-T&T;CR*mD62D6j_1C#Nj`$D#+r;zzM@pXlLBdHmNKpNb+1n5RS5AIcK&T^ zYEH&tu2l~Ahpv~pt4I!NP_~-Psk|Q_M`Y6#W@?xV(LvVzk2FXZQl~V9yuJP!A4BiQ zI&pmiUfDztkX>_t{>okz@N7-dnC6a3<+|V~xd}!_PzE!8F`2ggqDZIxKtVR2O7Pm0 z?R5CxJ?3lYYVl?>bt%i8*u&K&7=x=XjmTIMYyq3tVC>e!lW3K zsU1o8Lt~CIqTZTQ$78CuAC+tGQeJR7w^xRHfyZV@6|Z!>H%k@n6)kx&kSEW|CU}?h zKq+0s5a#AR>lSFnY4p{rKB!6K83G}(TcAArAF`G^O=szNs2Fy!Y3cg|?}M#8bZ>?G z<$iGKKRcG`c)jF-o1ab;4}d{)KfHl!YXHv5;o1NPsx@5TGeyWqw;5Lo;BRhDe`Z&t zXq#xt{HX6SPpv4loX?mI?M2=Np;eUQ70eF`#WuiElcMantVdKT1jR7owHx)ns7r`a z_JkGi?$`09Xg3E3R;02m)X-d%1Vul1gX({JEWr3&}&Qj zYK{~U`~syKkOxvE*2MT&+;2FL<)6FI!}tgZ%L% z5p<6Z#i2&SZ}6|Pyzk~-!1r~R%f*|Z0tb8ff1ZWM8g4^6U9ak~tn}-Pzn!PiSbQCkFq}zf5bRB1cSs!PFvO^n~F|ke~UU zWKeru+;Iq~I@$0fq5)Q0Nt4$SYM7kEQuxhCj*-`ddL|a}$p!S7Qqyk+gl1(*6kIFk zk@t;u&DsU31~0~;Idw-i6hhjCx7eLLS3vN${xVx3Q?>D@mcJMQpC|gC6O!@h{Szx8 zb?n^qDl0!&wAC)~K;8tDeh(E*sgW6aI{5I8d`~9Gwy=9N(%Q@gC0VidphNrRMtC)v zZ0-UI;>-dRnvU)bQEx%P9LLQBlg~U-f(nbmCTQ>h3ow4ff~7#G9>q$t(&E9%ClbIg z4I9aQoV}}y%}~e*uUD;u(4EaIx)mItHGD2TJI?WF-O;0Ov1;7UsFZND!cs6(MZuf~{ zBp7VlfE1?S5u&>SEWocvUa$O@gsvsp6vg5Jel{|24P!5^Ty@%nix%Y)fCzqUWpDw? zl*ET`E*r8|PUvrwf{wtRin`BtQ7}a?%kYzqzqF{#zXr`t=z0J^Q!k3LL_wgAa9v5E zzKWJ&ZR~SG`}2oWufR)&1iOF%;b<$Vetbbb*D=*%L+RM=fCwN&-_=Z7a^tN{QZ2AP zW+Mw|$|a@-V!i0s4&-bq{pm)7Tn8w}?xwWoRKXOASX7J}9}~IXnW!XeU;FfeN6<25 z!JTEs?@fICk}-yn!HW^k?Qf2l1obv!ur`<)!gdieU+f5)(>yrarHi3mDkw0kA#Zj0 zva}fo{K2Arwt3Xsp@Rv8qG?&UXB8-}m!UCcgv$HyHB? zILU7LLzK0{PdJNf8-eTpC-h77v?C6$q;kOS-p;1hF66&{KKWw+qMW;6n`?^V!~VEi zV6>6N7X}MO;vL4QJ1s`iCfS#|+3}wUNyVkd+K*n>oL~DcJP0r{I2Dia3ef5lvgDywv4-9 zH=VX@$$sR>p$G0p4Z3nbOT0R`b0KKJcuW(OWiRz9C#CZ+4btaiPN75U^0CJRuJN2D z5wIw0@n0Js-K9E*br9*YG%Y+P`OhZ&`B(tnZQU=3&h2vatNF&ka!tS=^1vN3%Hf&s zgR6Smw1RD-5ExQ-hq`@(P3P&=Ta`Tcftwj_mH-MSd0fA(V`!7QC`5y69YTl)K`1UV z(PhFGIw*9NG_fvTu^sG7@duPFj>m~aY$ zqs#Sw9hHF*J*#4?wk0kRa38`n8o9xgrUVZb^NA#3BfMW=%*6!YKHm1x7%0`x(n7O=&rFGgeOi-3eHsq|J>KiOQ6%zywPd zcKc3_*!M=m5Az^FvG5|>D-G{~zUMnQ4I-03ackse;}NP1z!I5u?+XP)I$0V#H89y5 z!o{B=$GruaRuPM9X-k5AQ_3pQW0QXE>p0m5Er-;Ga}gy(6%gW4lTLFgXfTM}>8fOs z@&Mi%e$B($qnB@k|E8o{WFn+qXjNNmIq5g_et7S9_$H|1wd6O8MQLmut6E3h&s9*% zX||>-+Q*Rkru8YSV6yviU_M#J7N49s2#|hb67~=LX{5wri>6;487e?i$5}|_Wl^MK zEvKdzI<4<`c&OeE9P&TjVE|j0N3nDRs&D17*f|2Bm!}?cW|3hzUWVwp$HoLyFG_or zuxOc%!7wGlA9L}c*^N>cuant*PBCFLai$AjN;FZTpXx(1tb(}nJB{;Ja%6@n>zYMC z-0s*;ovrp?_tEibxoT!!J}D^2hROo6xle@Y4+kTNyP%)g}!iB8B? z;#gRGal$(pBb*V;DLtK@=7#=_;{P0GAZDruKjJu!hW!${=5=IF)^(|wSuvA^(t4N7TIT>IjeXs8 z#hIAh*qO(cQn(HZtI9!aF@9K0Bc0~OP&NwLY z9tkO|+=C7m>vAp8)Z++om|=YQk*y9iyIQ+yD@n3K>0%5R!!oj-W5##P{GKA_Ojr%0 zibhEf!=7VY_TC?{DLF+IN0A}DoW5)0%N8gs5|9e}cw~fQ+R#)^TrE1Jse3#*rDNfk z0Y*jU;L+s>CnNpJ49-oh_gEa;5^AHAr(%>}m6i?`S}v~lg=xdIjp#wvs}aVswfFeh zZ_uXja3o`R*II2@nBUlE&aPZqZZ`c`L|p^Q;AJyIvvx=i)yP16smG?J1euPsK|RpT zJg!+P6woSbe=ZFlnZQ`@mBZ!oDtPDFV^x9Rzg`DBHC(FxoZP1 zBWJoE=y^X^gQGBxD0TFWL{h~UXZnk~bz+o4{vVWKzQHh>Tl29=z#II_rS26(egInT z_1lV65Pmmmuv>ocXgyjiz+eP>5;ln1nD_|juF3)~h>e}k@94f<5@FBDK`!H| z%g0r({>SANH*T(RKcQvyAcA;;%E^bJH9K23>s7)vlEIQhtElob-@OPt_;)tAM;5Ep zg60vQFD7D%vlg=WSB#|~Q8_9))QL)?jL{M>)OaB8drR$MZPz~)0!GjIIAFtH+ zu}nqt2V>a3b14QLnx`Edh)teK;o&klQoH4bmvYg!20uOFIf+z)AOVsO>6B(>rL?MB zFry;9+nOC(_u^a;$fi#jE#$nAZEqQ?YqFy0YN!Cm_(=Bzqsj&DU(D32CO_vqgxz-O z0cEULSgn#Kii_@~>z;R;WZ*X02{yo2`T(g9pV^uD_+p0CMpC-K;$hI7;KkRJ3x1ed z%{pnz1NmVGw`T?+HO|R_5{|D_Y3?B3sSz`zO+}WCzmdCkQZBF0bz(lx2Cj@I>2{9kHlbbUip8LdtqE zW%Mow(>6f~0;d|i(>h6tM>b>1)x8Ks%^%SG4Et~yo~zB+W)bVF<7ChM6%JSO$(8ru zVz*lwR4+3LtmSt#e9EP2f26Dd>@Q<&`kAtB42PUFh1iR4RF#@dllTEXqRJ4*H}n@z zOQL=^TI#>Go>lrhN2AQi+Nhw|;`wX)5pudp7qi3DoRv1+225R~@Q1+X0J;|8fmz+RI1grOFw95b z&#tJJ#D?UhU;yvz$xxSlcIDJ4PodA9W?bRHMI8tv7i0GU55Gi(ufT0yd>JA5;Gr|d zDi1Dgg3+Luo_*|xL&bvc%eMEhkcK^Ptugt~6mJg?4@leebjk?#T`~m@C)OwXO&wW* zxVtu}2l&%dQ81O~9F;$j(g^*RfXfPKMy z(Y*_97g|@Kt4+8ZiP0d|`h~ydjG75?+vyLq1rd!f%>V!qfaJa45T5h^WvtZ~b$0z> z!(Zw44wwTg(R)g!7ZMj0^{=8T2+ZD^XvY=6P-HljAOp+)y^Y1_wZ(Uxv_1@Sq^S*0 zV4?m#Fnd@pC8$%UwI#f@j|jmE9O3E$Bc3^b+?L-;)QP-%B#`-8fbyN3#Wd!#~HptQY49F@0}CeZPbO;BBO(sif1jTf`7VzD@XixeWRQ z69ZPV2V4%l1g_AL}iJLmW4B**DYdj?fggC@6-ST#=4nu;g;jmgEnKXOV`Y-pEZh@ z*M4@X%Ar6e|J~}x*TmZhWWvWg6JPbg0An~qD*9cjH|1gwhcXlMq4&7}kpBz5B(x{j z|9(InS+f*`A!Gd**mqC!=AE%Ie*&VA9A;Ib6F4D8Zjc6G;wuT0d$ZIM6zidd;IhJm zZ-m5PC(Zj{QNe`qF<#pN0tKlbr?1*63Esf%F_A;;5Q7$FXXnCo_#rP;Vi#$BNiGC- zWS2$oH;14VNLc8Cwn3(dK==o3xmJw|rjA5`Kw)ClhiZ#c8D1X{Dnk`elQ*QcgZPK? zp9m*Y2_(ob++*{#p^A1Q^rRcs0XZ>u|8U&#AL$mZ_ct9TlbnIKhR>iWimj7W0ft>g z_DxT@{a%Ra{;HxFZxNlmTw9AUIEjx=w3|mSZHre+;^JYC!P z(uAN8exK$a?93o^Mj}))l;`jlG&5em0v-VWZ`#0}Jr7+`632c1Lmc}@jNFP}aF`F| zHi#MEOJOYKVg^z0vRgn#vYK0{Q8J#_f?l7b2{1BIK;rr>f2-Dh`On~!eCWg~=Tqw^0e{o?lUjy6BI6(~_>Z7q`9ZhjSP7-VY^)1n zn*Lsn{Fyp~gK5t-MKM{k-H?kpg-kx4E;ffn$IEn@3{kBq|MDUX1|lkANwV}l9Xp-! zUI<2gL+eSXZKyadak4eAzM=NOv!)op*pCu(CE_GOV-p1pZ6M2Am$lI|+o10czzhP{ zv?8M$gS^V5n0nfB0xzpCyip&O>rPpF z2LUojZ9Q0pv9bHOH+7{g${w1_1r*@(Ds<}^lD-w(46lY&L$(0beL-uY08Mz&AXZ_5 zU=~2jXzC}(!(!K=)ok6Cc$R#a!#x;pQ$o4QGkrp6W$Nb)N)(!hgvKl?BC{O_2*pM* zU8(`NO_t!Hyzl~R1YJ#hk*07Mbbgyc3^`9k9f3Uqj@#6uu5N!fi?;NdMFonqox@J3 z8~dn=ffyna4JtCY*+u@cT#d?oT=5ebE(v+P)@?CWm5c6X&au!@Hhqr5`b+hpC59Fr z+BzK6YO)ljW1G0}v5-)kjp09lgu1PhEic27Ga0!Y61Q`=mpU#ORxr`|tTUmnp6@zI zl#f69w545_R<&?Oeq|7D-p+G@+*zzSZ}>1jdfiPXVRN#;AvUAVhxkX<0RWFeB}z zWfN)R=$b*Khf8>p>P9q12(D7|4a*C4Su{i6uv$lF@PPFBZ6IMf*|Ef#U7T%bW3@=# zm|jdcro(G5u=dwb>C|cidXHfD+;VhS=q^6gEs8*{WVpF(j9vFPHdSCV58`HT^z0e* zo>l07j#>FQJ<$80IUAkyvMAwzrJsziM)49E@ot^h1qk|VsT@Wm;?(i-BYEh?FddF} zq6AKwd%2XglY7_L&^j?PEHx{)XQhTaY5rmiYkC!+$qAl!F~~PD(s}{lh?n0CT&^+3 zey=qu?S2ceR`EV)bK4Hc?kbw?x)0j2Hnj(QFO|-b3W`wA{Jvzri(M^3P;K~++YJ@R zBP)lT$Y~;s6qxlS!?O}R0@2D12U>{om~yAo3JNX8+0uVk=V+Ow z=y%4kYJgt>2JP1<60sa=L-$I4PDE7upRT7*!~*f)hwDYUt0(M)P#9_zJ9In9=Q@uY zdaG-?9r#qW1R(;&`C=SlJEB8eQ$y#WW&$$8#}j6qMWeiFtZL^)uz%V4%J?V>rME`5 zR7t^KPAfzb7G*7Bjj(6=;+R+K1C|y4%UGz6MJ%7na938R;}H7m+eqB-ctIk>sMY4% zFGBL~F(aaaNnZ{x{s#nhpJR#DN4kkgwL%pdHz?%7{$tpuA=|uBaQ!iubbAMF42%S)nSX21WwDPBQ zS_>F$d0X!Y8R;nu>_;POE`gJkogShX{B?CJt_!4f=RTwVZ z?T}ORl4<6`hV2a10vVPZmcEOG9G}$bBy3J)zV3((X(nCQ5k{Ko^BiK=aff44Ak~BgxFovicO#%aWJM z{+}eMph`f{`Y9>Na;3TpeyIMf`AK+8C=^9u{j~v|*a}jq5wZ7PYTrZ5Gfija ztT`k-`xP%$PC7`kXTTM$e$c32$ZrP?muW-}VrQ_4#8_A81)?-v%dnsoK(|PV z4vQ46mh-QR>N%x4Q<(Kh*z~{h*i%{yEhPLLyR!S0%@Uodrdk?X5RC2sSKk-4jmDNy z5-MRFQ~Tk$&-)Uu#A>S2DzLu*2{{99$ad@dDrKeB$)cjP~sqXE#r3 zD(cU5Vc-sb8s-6MB5iozqi$m{FloPrLOUo^hj-cY`3DaoS$k@yU6^Kfn#WECz9*R9R-aj~mVF>x$9 zf<7&(utb4K$nH&!mcTBNW$ME+Yh@wAv0%|^T|($*noQiN*2@3~74#d2Tfi#2zN>q-E)=px zcrE4*Eo7KqbPlVYZVibkeK`EPtxNSje+k82QMxfXMy0p7h@Y5(OA%&ssu~; zEY)Gz>2X}kpzcmOg)Lk?N6|yj9zGgDDlk+HHEZR({$>u1W{S4kN_00X2jU3@H*o-( ziw2~OCZC(|2TrenU-ZTav^^L;RKo5N3Hc8_bi=$A5ERfIpRu}ZH>a8_TfLq=p5fss zS89qg$j2oXu#I@S(o!k^46+?4X4lR+}=>fq|t6Sz)G3NhDUn+ibggge?egmUGdI+n6vRnT`7nZ)oK1es)L zd7lsr`P2R^!@wS_08;HKJ7#dRV0DkEwZAA^44Qu5`brG|j2#c$&N7#TBO&n0MNnkj z8lwe{Lf;!K%jZC3XSKuo4D_UM1*4tft3)~}bX+5QdRfIjhx`~rC1XY)a^m--BOISg zB^bb71dG)e30&0u2aX84 z(IGguJu5(9EuG5FKn=9ql)4nVMre@HFF_Tc$PlPQwt%~g0Au*asWg66ID(vCD00rz zM&eQymr^AC9$eiNfRw-Q!b&> zIh_>X$_k^|xY=OkHU(gj4=o0AN#(=E=Mz{5^@OKWa86#Df2;S)A9lSIXof1IoPnr&dEDRcCe|*+eOWMO=-Fi9RsCaN*n5LySWZSVd|>Z0&tM9>q&S^^F>c~6}7EuJTM z-=IiLbs>uU@5C;pB?}Ud`sn91b8vdW4WR3P)Qoh0n?>mNEb!R^6Xf;rW8BV!)F za3XS2W@Gkl%Q%tQgHH`un6P1q?x0I%V`j{uz$5@x*=qXCfNqa5F$Mx$UqwfKE&BbfKNwsDd6@R{Ax_})DR+U_EVR84SaWQ022$u0Nc*TM!kD-9(~ZBJs`1a3j-7eQhV2f-?^FLRPDQX^w+D(mtFaIwuYMY7p22$ zKB!fHMB2)ckH!Fksvl8R{cphugCKNJr7Le}bY=gwt}&_L_Y<=~lMo@?!agnmk6tWQ47PKk(ziE{$ z00IE)Ogs|b=rhR9rb;(QgDhN-Bf%qlK+F?ozmGXt5t%XvwZi9bSG(<)fdAD33Ytmw zl2%LACe@v@RLpCse&dbG;3N?BiTfg%D4-E_;NqO(Z4gjSuN%~ZBc)u8DkrkIeA#nU{LzUE(BRXm9XgO2^ zv04$RY_Y+L5ezgu7*D6FLQi>qYpR~mErOFU44t`+=K2|j(bWn-?Zd0UJ&l<=gnDl$ zsSeW9MfiswSZ~Qq&?*dykcau#QJE0n39Rzpw%JwV6xU|GcK0iH5-^%Guy%$O5RUnRt?1nyR!q8gPUIj0kK&Um20sjFFAXI51XuH|XqIF#4dFs)N ztNpHfXemYdrLB9#rDdcar==qR5Ay|d%!A4N4Fy+TE5O^Hgucc}TJD83xn$zDA*!*n zHZ~)6&>P9%@(|5vuV%;^0wU7egBY7&SG1d%^a$>?;N?{4E*= zlm&Z>W{;)?w`%5kTJ7MA+>X5c(_rv+0wSZX(x*26`;GCrR|pDY&uD> zuFbfp;QU3fm>nNhRB{(xbbupFEx`7qbiaWbiZ2il-tGi+k~hig+A(D)3E5tat#b zCoNGiLsBcKzBP{{|LuZ#c#TH)#g^U=Sn1W%@9O9o;Yc;x4ao2+XJB_rVk67k1W$4{ z-L1GrDBMYMz~$ovQMs)Y4JbCc-@HQgZ7i8B(Tl)4{Uly#NFS>}XDE;5@j@wOO<=$~ zuK}rK*~Fa&PrF#3h6t#{pkoA@B$36ai2srm2eS$}?uOP1t{vPQ@Ii{P)@1F6ZZWtl zpjggbh9c}G@oq^hWX6jZOAot4#{v<1xC_#{py)dkWs@bhUl%G5l1don#yqyLVoTV?#qjN_1;YRt4=)K(;pR zou+-j5U;62bvRO<(qaK_2SdBihetge^)3J`#^Y@kPlF2K~ z>=N`D>YQF@Al=gN?U|HqXM;X?wtwap(MdqI>!Q|rQxYKpGjz*}g?^_$I#|0OH-);@ z6h&;kVF{q?Wyd&QzI$MQi4rmW065r?t4P7srJwPphI594tsZ!FjB;~@wq9k(d~xdI z*dR&&B4)U~O8r+Ot)2{`maYzAg59P!U@w`__(gl@j~!* zHifSy?5#WzJ|Cpvz;8}$s&4-IR7QRpyqd18KqO8~p^C$z$J=7gI&$#x_$hmj@`ymD z;XwIJvC;9%1 zwg#Qth9@*`!|&)2yZ}nKkvGRy_a{{#0iX<{*INN&tysgBHQ0YA=*C}K%&GkZZa(4l z@8GmT1BQ`Lc+>_-)PdU(tB_yT-My0oQc&bRpKoP>*doowd<3^k&&_0&Xd|5q*yUo- z17bF~QW!yQ|6QDBxZ~mH2q$tSRbQ^|&K!zL9KY3@23C+*C-*_r^rmUL?0j6Ss>}kRHz<#0?E*;8US~l4+zJ}HYS<-c9FiSD^yI+E_ErAK$4W-K5LyB z6!^?v0KU)VKBNgso{&)<1V6wT)G-T5jVZ`%(@H26pw!twK#t~Iq=ySRnF3%=#q9(% z)_{p9{DFaXRxrG?$lFlJcaqDWu*1DQ&D@k096FFsZ##eBehnHrufszRZ=QLL~Y)UW{Bm-*7k0Uk$?vwt`dfN#eJ31$y zX&8?cK8{*g+3@dg7o0`_{Wcg1!&M|AjIW>mDW0Lw3H@RQL~YRB3Sj+!PB4L`8Fw_0 z0b4)#bB=Pt~zy>aj!rS5Sd1F?#EYAqP$>6*sTeIG}3~cXV5EZNl3Elkqg4 zA52hyhg*Pk<7ie^&FdKJmsTfEF^_z7#=JrLK)1zorVRE7BC0JZ0@SK=RHc+wxb>AR zrQtshIcz*0<)$|0XJ2lb*~VnkX(!L#tje)wej^Yr0EjN$NdGSb;5qI#fG{>C5OYjE zM$!7H^Ko)y<`g?wpVj_IPJxp3<&2G8wprvvR(0LmPZ*R15nGZ$zj--X$yv!Qg1J;GaQ?uo?vLmIVNOHCU= zk7Y|(p6up>Zqo_|{NmHuqjVKCYoNCSK*H}=yvtBlQQro@t}E7d4WD&-f%5H2rzb|<>Uv60OJSoe>tktXlZ*D06eV-_vDXF{mW5+?J-}awJn={kW8UP)q5(z_hlP-4b)LGNl-J^S z9{^&8s$NL5hfby$()?QieXAw56vc!$k^(gtHz|K87@wnLyWc6r!iP%Q9@9x&$>ztU z@Mq9(0dg|^x*MfG-T<3U$1;s0v5^r`26O!p?)7)8Zg8|EC^_cFM0X}yIM=U4bp4`; zWyqeOjR^YgcZ7N1HyTMZ^PK6Z=~CgC9+~F^Db(_VuP&6SASclJ$`bG^XD^FdDEx17 z5V&K+h-Yl)bm8t|K>xJ_@C%HJQ!b50DOHW9ZM%7EHpLH+jOZN3I=yA(g#fH=m6~w7 zc7FAy^O%i6a_3$DLfzyW+btLH_?6{!&$8|)NgB1LH&M(tc^&U>Z*<;zcKOK=m5^%j zS@dnkkz~@L#Lt$wwvs6|a`Q^${d66!``eIjSuY>G8&`=2wZ&4j!9839Q0OY5~fd+%wpd|I{E^lvfA0CkKRO zm_TGO=Q*n?D`xcsTXVU!tKO7p0ghNjJ@J>mN(CX92r@%y#yMW(rb#!|Bsb8wvS+)f)A(5PIy{PZl4kOixAX=upu%8K-aaiCT(lI+yXuk!veD&B0H@9 zuV(9rQ>Vn8pf3|B6TxxItvjI@nhP5Kj_tgidVvr;l_RM0wvv6$c>m8eyxRZwvc7>= zQ;lrKT1=ZSTt#k-TZy;iy3;#XYq98-#+ij~aOm0zrIU`#Hm*A;5T5aNmfJ54KNQT|z=3q=&dEZIyF{zq}Qa!6Rv3Y^<7;%WaI0TjcLC9CF@>pFi#uan{@4W;D zTq1So7FDA2r_P)XKK`i*_IhU>*LPF?ZEJ9aHr%UH1yYfRr=&!7v96>`W7WLDq$os4 z2YIk3g9U6r*7c!1ewFhXxM&;<6qcVx^HSgj1>jX&_vBs}pD6w8^cub4{#G z_#02&HSUkKzUIQufcp8MwhMUQGnr^*I&adEo$wSLd>SW6#pBhV+waMr0=nQ#^3b`^ zsCd@=zOf4?n7aW@!i53m7sGQ#gKad!$Yhal z0_zam0J|Ct5k0T~3?)J%HW8s>1blFA!4^<+=3prnR}N?D3xc-x*Pg?{%gIF)pmW^T z52Q}3h9*fOQZ@PCmG+E;^umCDFh-H`q|?l2o6Kwz`3Eu0KUD=RBPh}(%T6iy&MV;w z7Z>^gTl|9oYPH2%9NJSOuv%LIg%}U%WEWuzaY&Wrix(ho3o(@tVgEd3t`tJfVj-A%k&;3^^x`0S))+WCRj~g`mpRG#G+2Uk1)g75dS5|5Qv^F1bd z!|(xFAKf0f2V{diP`^3DOb7W^O&<&O9XaXuG#C>}L7Y^XxE^Cy^fX7iNg3)VD!g!@ z%Z=*=$pdMl^fA@=^D4>olDZz4bT$l(K<49ZC5e+LSkOVx>l#Bb9piT|$8cKDGP2m) zdt=BRG)(9eMuIPNp1sUmT}ao zhUl^8cKq~G1VArfXGCj8PBg9699pl$zp%5RgT7ZIbnUXWzP`A1VV-)f7XFzyJFFX{ ztDg)|pcaM#O1FdI+s=k6II6VFcLB#M>bK2I3S!uv*9?iQZNQ zVZ$3JFnxzF+>Tp6h;B@L?HLxap$*@ZaSioqNH4`nr?DNW8IfH)I{*Az@jgx6kpq#H zxkpQS^CtYyfNrn^@6x;EyGGj-A*~T?4Uz=heK))OJRZHrq~}WUx_i$6hT_fDBe!G+2%O^yk{43;U(j}dz4lLs#L$?Cd#L|guW=1SH>kU z1H+T9*Im-!WR6Mb2l?s(c92YwtVP>KdQ9lzOH?kFppz?lzuZqh?1MU79)kKB`qo$r z0tAx8{476dhB$Bl0LNgjH7EmyQ~;OixKnozR;NQ=OtiMhd9bqcF-U2XdXn-PLS&fL z2X|772yAa;J*EG2P^cIYh3VHtC5IMOZEPbeW2m+@jx8GJSa7_Q-=%`QsAwX$}F85J0wc^jypgT2>u>$&Elj^C|0dvRk7I` z=bV^&imLn&P(HA*{OZai_!S;s3Ox>-Mq%$;YYqqxQ*IZmk~!y#-T74~D7qG--@{`b z0bo%I)IeWtB+TfhQ9wW_OD%g{tx`%Lz{%uTrvFS+r|Vb|pYldwZ}lAHzsPfn=AmD} z2c1B5P)~niz0-`Gk0u4rBK;lU@thz;aIn-B^c$FGZY`ta?h<4dKk^-rp_?V7+e_a6|7|T^>Bb zr0=yA=0~|u#8aQ zSRfE5gJV-Z z0=CtD5^fR<6Ds=12y}t3{Oy6ero%x;aWd+Ut9X)rQBXB)B%29G_1J1VSwO09TDBq~ z&Vs=#Bx^N16xlb=>Fi_kfGYimQW;0T=*AnvdIM}8uGpb%NBPn4Si3{t2K&)h{F~x- z#6_9}ig~N$dlN`~%3%nXKgg?M`zVE3HF_)t>aOBmZ^ntS zS1bhR3Hspt7|Iz#9$<2XxmN(Tpi*i-P#~*CuQfkOfi23Xz*~%U&VeK)kA?@a6Z2Dz z+-?+rZAY$#CQzpG?&37e6@KJfIi?cbQ*!yIx_@^gsLOEsCMV|5imSKp7 z7}i3>`{V7PlV)y1)BTWpc!``3%JKAIOZLtoXAn$gFHK|4{s)H)pzMj!)SHq`A&HFRT%Wx^_e&Xsh^ ze!D5lr6d>hQ-_eT&1&B+vceg$@xJVxOCUsr zjT}r_3qFg6aNtJswYLNGc#(-Q^-QJ!80SrS^P23M-xh~~(DQr}76~!#QR?TC%z?|c zsEQLgl@S5;#nA zSp|P%~#f+S8WmW=UJUFn#P{}xuwfk~`hS+T(%MQ+<4 zImo0PQq}y*T$1jgDRuS3&li)X2jy-SQW+oG9F>gLS18QKhVh`bg*rJPZCl7*z3>({ zb>FC~SDqm68a&^ujg1_c|10Vyei>hjrM$$V*6$pNJDxe%y+wVgFrxT$u})Llgw)w` z*>TS1z}2tEF5HcL-f7WH5Z`D>QZ>Hbou4uM3jDnA`J1m&bTzS%J%n~fX^Lb_Z&gI> zVejVi9jL~yp`ARwclbOkYm8(lEO?;qQCZ57dC?ZynrHIw!g1vZZ$jR~pZZuN@1G>O ze9{|RE=>dRXJY%!GN6~n9nJk zQR#f;DduT99M=4hJfZC}lSR8a-9|o&n*Y2yGJiotztexUQb*TCW?L)3Fbs?CelW-+ zHsExqHY6MlyjqX2XC&UO(;+xv0;m4^NiPl9c`1K*qp*;8Z9{WQdbyv)2`*Fgnlgj) zIHzXB3cYR}v%=-zbwR=bSCwB5{iQi0hwJ?#DcLmtvThoLPvK5_OP}rnU!#K@g6mbq z0)ga=mE}9B6?igVji=amqOo;u0~D+?C9r_O?IwRIf_2RF;{B=T6F-xL#hPIbZLg`I zD$aRakyH9q&hA2ujXYgMFM)o)2wA!R0~574rx3JR zA&XFZdS+%L8N5lC({vd~^PUu7u`YHYfB@ZWSEOx`um17y@rOZ_#y zEnY`9E5B-k={tZm853=*w3;aDcc4xCmW7##yk{~} zhRKImIIy6I_TvIk4g5d6?oIE%WU*82SAAgBEMgL2*FW3w!hm8>rvvxuJNEteLiRh_ z9*f$WEkp+R)124aY7YGjM=LbO4huj=5oj_m{1jsD%MdRS= z24<*w{(@iIkP=Q=U7yE+_-b^B@R*JO02yuvufpCSR-C&XVeqOn9(FhXYg=d@4F=8w z;{w(K!oIOTL*i6-iRf+s2w-F)H-nmlcBt8xp+y2ON$wvzK2P!sa2Xfei+tx?=5Jd>A8!-xZ>p!nZi5Ship$M3G9 zW*e*AesqkH)7|Som#03Cnd7bVj8%fu=SdvOWU(HJMDjQDXv#dM_mYhW^22nj4*Z+^ z1WyYKl7dj+ZoJgOUBsX%)snLTVFcp$qGi(f9%M|e<g&|7b)9n#)2Ch&ruR%<@4}0wHPZ(H5||xN<1vwj#W+2N~b$!EvG&5 z{cEbnYx1SO;n|gGk}291s`JS>1S7dxz~DsG=fOcnK?|7ziimsLpkx&PdZ&G zpzp5fBk(2|lVzn<0JJNE^|Uqtkp@-LguYf5K8|1sEy{<3!Dtq>Vj} zO;Y0S`l$Wva`?uRnNrd8Jkx0C(+jiL4*KLyj2;f7+^&MGa=;o?JATbHne_Uu@Qy7!=w0P3i-1GCGQ8d4piDF z(V^!a!Vz|Jw`(3cm-j^C@zRVH zZCNnJ6J3|;)l<{^p%50Lw!3!Q*c`Qc?i3>fLu9p+8(Jh`V;dZdOsA^s>QV>l$M!ZX z(}Zt-#z<;IbTDzvMMpLwi}yd{r~Ot)FJ{Lc`@uT~XumqB;J9jj;9g3cZCizyEC?_E zq9QNkT%hqFA3Bx6*1oq5tj0ndd0YNgb80k!n4u)6pcq$THZ`%dU_zA(n+{49y0&EZ z`TqhfyZVcZ+M?0~7qXRMg9VrOI1(tJ_e+HYSOzGyqlf#gp&o1tdiUl4ufP>5Y9P8| z5BdIze4hzVV$sRt>3hhETb6A;G!g)G6}UrkcDq~#TAl%5r-DC_G@F2^28F!2a@yoO zfT&acvK{FoMd{I>xfAwcxVtX18tY4$qNMI>9ph0=#PGW$NCGSXDy5}8Dd)6vjvF3p zd^)}8@+gJadc-7MlFew-qTnYGcH7%aqF2H}_bQ*-qP!%x*cG0{QPR=(r2JkAiCJiI zl#NrOr9FzL*aacdu?RgUKs`inlQSY~>H)SO@?|@U%?s+d4FO>?Eg={V$W1XCSiF5Hgkid3%2bUl^xqJ+iID0& zrmp=9y^+zcN#RJ;O}QYNeBb4gsLOnXjbTS*k(qA-!V*>_sEdLihXmPp`HViN&etH( zswFK|DyqOn5)^J6Uj15yr*R;r9zQYs=Ugf$Vo(VQ1J76Iu>!(I{j&()L$ED`W!w24 z>I=QnDJWJ%TD-~3m*-KDdyF@tPqIS&U)8s$?~FP02;4}*EDgLB65Rewp9Do!_zdA= z6Q2}px!)iPwRr{<1b0)a7dCeqQX++F&{67>cb1VXyim^|V{jV!2hgmoQ)X{x>tfh9{-9C8B9)QOEDr4`6 zwoZs2dWm?Bpn z=@tZL3F_@iz9#CRTeC1+?`3BhkC=xKf}$FQDoUx@MjNo=si?z|^}N|BAhh3~nZGID z4+J<}Zc)NhaG-Jx+-w^JH?Qd%7Cul7S@Q`U1;(&NFOZ=%>5ydxM*GH>oNjjFl4#1df*q z2ra(}1O9q>_*9=e|ILl8O1H{Pi?(*)U;qw|P=OD|m`Ec@liR%7hr$f=L031Fmui+} z<1)hVxpu32dGpnTk#dtZ)D=QlQQuZ_k*fY27a;0_q$*3U*%}Me+e<4bBWu6xzc}j0 z5VS->lF6Ehi2Sb#0i+kNS&XZqEZVcmbU zth`XzHG5fWnRP;Pr@bIg%dYqx^_S=m7nW>B&?q?;1HAO7HHcVRU9qA}3QQ|w&QIe) zkBCcmQcn3R*-1%U??dreQ>G3qLW(`jO#O#cgICVUaERCxoIIdwU`^RMDW*WUPzYuqHNU*T`W6S}GsIlpx$@+?(D9x*)Q~tZ1yoj!~Nfh3M{zMH1 zA)@atsI|j$x^0QS!681bX+?s>RAmwkR*l&wXBOHE32;_Tczrx}`glWbSx$eLk(=?8 zt}$mGaqqbw!-+~?8$d9dnH=Pk5ol+;v>ZNc|G0wiUQ$C2v%o0NI5ZE*Kg-+ZU2sW~ z!Glc~!fuZ9a8pb@&EFMOWeZ zzo?h)O9qW}=Z{H*>nu|Pb5v(zE?+QA!+d+aG^E#n!~zl$+iV(9@5_6Xy)#KewRZP{ zKe?F0I99yF2!}@KHI+^J`W)zmEgrX38IaNVqiE2$AhQx&{#NHODuNN_>?d9}v^rU_ zKnN({BjhWKH9KyhuB6>VUM)l;(nZOs18FmmJYSFiMae)h{gVy@p+-nboZ)4%sQ55S zio>kaCeC*UT{{e`0@l}IpdE}5aDGZz9|EcPQa?9U{$$qG?k;sQX0qC!u#|O+v84&l zsr9Ub#zVes!5{lDMA9$yFt1Eg>j{3Ki>2^tJQbfmQknp+>tJoCsH5y22&{&6qQH7= zFU7;MtmVruyzwbmKJHF7F64KdIM%OCx^EePEDCK`<9*PPjVf(zeoO;^nB)gb`46 zV1^Mq;o|dVZ%=^{Sa_2;oJDeAjRp%Jai0CbTU9S#kNGx=*W96C#ZI!+E$gxkhgYKs zKtixfj8RDFp3k-gplTJawMCpieIiG}ovSfytMo~-7zBh=gT>3r#X_tqry2@UlV3>$ zA6FGg!}*!xReYnVhy2mSUc8iWJE2Z#jDli{T^zBx>3qnA%G`?lkq<+6(*Htu9Y`ws z$z(NM1Q@%Ht;@WW_hG|J+lCaZ1)w>6EUQLB#^AFfa+{l6fq=g)?tM63cM3FM6 z?s$ByDiVybRfLATR6LXidWGBWKsMy91!#6qjNhWo5USY|TwWoZ%czPOJ8$PKTSwqV zD2ZFRRpcJ>YMZ9O;vAS4fe0mGH4INL) zlb1^a*JKLIoZHu>nH4)>Ke56fkdG*_X&yd0l5P+P>}f_9B7RS*)fn|9Vgznt=ubF&HZif24vTe`;JO;HHqPv!3b`iDkS+5V38y z(#V?wmH=@#Yetlv(-tHjM{v7OAW39T1to|o_v*ltP98+tcI)q7g*>~OgDbA-y4vq;Kuxc^j zjK^hO+QQLTx=QBmfFirwxn-b3&Dcxhsh9zR;>!jvWp^^FNUrsB++1-xzrYA|S z?=A=f#_3}iqbA&=%u~Tw(h@>P;5OA-gT+WpvAuq8l47x zw2%XooV_}C74YhJvAvEmh(v>%q79;>fZS~|s1|$RQ3CBFAi#SUh|aoKmRUd_*`n*K ziR!aiY??(*zWxz0ZfLlwH`0Z~*o`Scwg|Y!Zt=?-$G$(NrTn9VKaO_X_2K<_-V-K2QXeC$L2ps5;@ z^b?n`3M3@xvZ{X+n73gTqm`VydG|i)J#6=wDw!aU@lD;Oh^rLBEiE~K#t0yeVh>9; z6l++tX{BYf2CoHmPa+UlOWGp+`z4FHMbWb=#9rN zIPTwrBZww^PfpIM4P|BH#X6b<9vq&wnOpJOH{SL!MMt3W+89og%-gyz1NbLemH=*) zt+>c0nG)~n1qx8xf*+;l9%>pxF{nf>ZoOZiD1yHbNB+bfUL`lIkGnGjanb2ARn7wO zFwvqL{;<%3O0nG5j_GluVD@j6_HaffzrvxZ#|PiE7CkR&YIyc5x&AeydZr?CADZyN z2%H*y>tN}|i+2k|ssGk%w_bR`p($G8+M;CW?5iG+j?z2LY>UHD$vSb1DBq32y6TvhD@NA4ZteCK6%Z&_QJu$6G5Sc~OEF?dfPM64X-p&wWb zPKnO#<%&qE1&Kyhh6AxpIQR4jITZ40VM=N#uqTV+mrkK_A`udXgB;W%K?OuJatJhW z6sdw+0HA0RVN0U62{ZQm(M@;fUqvg*#6Z9Az|(M^8DDe7^P3D?0hYhRc$@!VKaw<8 z4i$|g@z$wiBt+CZ7juFIn{rfj-F#DE1ERpJ*mD{rb>0FMsPT~h$5%>D!-PAQ6L+-6sin)} z+s$2uygTc&x|~N2^PmDr+6f|9(vb{eMN^^h^;=CsMj|C`zhPs*XEB_-hHRkz3l6{B zE??Mn=CGoRteC03qCCSd&fkes&)+II>?@6*8D~QGrze4Tg!}-1vg4N0)c@n@Z_1TYEJlu)D z0>2w3wV(Kt1=5hS$3agv%;}cd?seGM+r9uM5PvL)3!&8XkU`h&jbX#Flv)mYuq&$< zeZJ>D)FvFgl@T zL*zfWzDfgSDw3xJAw;~A#6)W7Wg$_tpS>WV+ofCTC246x-uncKK7fnsolcGwwqt87 zktCXGl0?SfTWb>UN@PN+mj9uKKGGXGzGXk&!6Qxstp9twT}rJc1YBPo)~@Vu#=)5| z1(Rw?zk^GfgcHV2N!cul_5+CoZ4q3oeXvpx^I!BhX(rR%D6q592$$>6S_+msXgRWZ z+R)A!xLvz<1^&!9)~T?VP$S-rj3R}KSEvbkC*Iy0V?Bi6;2>S6R0oOx>FC`09n@E~ z?GbTpW{SCY=u0q*FQC9JZ%G>urfbP#?KH0iQI%BX_9=&RYFKA^Kl7>g*9N_hBCTb1 z3)zx_h_07M9Rj>6`5jgwkcV}Rpif2|!4PHP7=F^mDE-m~(wrA*WOz9`UEcI%I^>>u z)|a)L&eL@&hSFq#b)Q9~v?vQTJN#fBV4B*~M~|JGNj*u69=Vs)umB9$qeyDNI67&g zsgwjixQ7NILPpW7D}B_a?$N-K)*KIRCC31Av2vJDOZ^4h84j}E|7FeZ0LA8jCgjbq z7SA8O6U&wB0}PDX?#|?C4TgmPpGjH;g8pKX6PAkEwO4)^OBr!!%>qEDffT#S3CIu? z{2t#8XFCA=eHRLf;)tXXs(AKHSQcTN2nUdbuYiL@86EPr&dI?tQuUt3m1AWo5bECu1iEiYi=>bB1gPYkh4Y@YcPF@8-kqXwgR!3`kO6Ab1oTN5sdf@tC z^5Cj(QH?T>7X6rxO)*iML7gv4oe!{PAR8g!DTGWsJ$m^AzWK#`3t@bmzVfJkfzR8H ze1Rq;pbpNaSXaV+N+Eu_HP`#qAHT20Yx-t=8Rqdoy!0S7c^H`Gey@h>_+dxg!BHs~ zwR$pHPU1$N?^nV~-dCB%u#w8?lLEzu5o!xCc2r?61dy1K7%FT(Di-l(+e|ig`Daz$ zEMw}LV-kQiQ_bl+oig^ktLnQ=V7`v3R{O`{v-S?2NqoX786>8O6DCE*Zc*Ja>pzWA zBkP2otGIO<{r*RWn6cT1f93EJv2c(>8&nqmcK4Y6?@p{3m~3m{FM_7cKGw@h#+MUnuAI*?z!#O|}(AV^Rr^2esh|!>L)`eCtS=Np!+(VsKKhl7VC7WU~m6k#(<+U zu?C1+$O7#FHLYUCYTp{!@Qu{lP}C~xyWKbuv;Rr&cguk1ucAQHLdjPi zX5{%a3XcFj>-#@g`&f;$Wz!Fg6kdC@Sc6(d>ZqaN9iq`m z0!x}|M-x)o$r;lRzWafERVMR`9&X28DS!!mN;-(Vm>zPTc$UE0d~euh)o=X_25_*V zQJbM4%x`iJj+lYnUwP@c3BMBtnAIc*1NPfmzn2dYa*r00QKgjPT2F>_-}x@ z^e1m>-A^1vFIr8-X4fOylN_;jR1#>QPQxY%nGr;ne_d9N1Rzu%$mi{$Dc&DE0Da3a zrm4|fKf#*zgl|8k(M?So9Lg9OeL;Auh*q`(Kq1FrXYwvCI*_2DF>5XL`nQ+Dr)Fc( zB@f~kSfAQtq}R*_;mH=84Zhq*qxm?tHrTQKV)44Lj>RAv>?uznW~lTdpQu!ep^gGh zWamzDaQ@=6#8~4@NL;2lFfo9tn0pdtE|XGLWbo7J=;AosFNJcMhYb2YO_zr_`620P zHnjA4?aU#-M!(;ty&DDkW#x*V4zARkCOW@iYr&n3@ip!+Jo5vB6esUc?A9RkOS0n^ z2A0?4A|DL}U5v>#!cqA_xD5uou*BDW4eFfysy0v@@>2L}zNx{l6D$lpKft9dMSXn1 zbYx=J@2H?dHcV%%Nr~=NZb9lkw27x7--r^3P-_RiH}xjs0)Pczj-Ss`jR!yHA?@nv zbWOI^+R_5W-7P=#yN6&c5(GdCw3_d|Bea#M2uJ6)%Pcw&ulVn?p5%~T9?y2i` zV%(89tP5>TSTznHCH7i>x@>;}`MX4ZBs;2jM>vu(rw>#Ohy(ShVDbYlV7oD~wPWw0 zhDyeJyRhlDGcOpdf%QFX)P_`+NzxAkI(5lMU0X2^7Z9GU`EMVus z2*3Wf*IBtQ&q4@j_I!|v&#@iUvErDdCWMR2eH$>s=m6DR&y#MK>vgXNR1cC17DdsM zkt7Qb0YeaoS>G3hH`R0;zR<`$ zmqW1m;_>&$WA8VKTHuU7=uhPZ_cbxYZzxgekWIeK#MYN6Dy&y(#F-xAZ3e1zh7!5M zT?(-5FIw?(KUQ(kJ12=dc{=2s;k7lR#7+C;0;wgt?_%a{s3!V+B&h3wT z+rDrNVWv8-EsOnx)XA^c?UNa65A!7Vp#q+b#6!JF`BncXr8MvK*u~b>1{p#oZDliV zgJ!o{=gL3UC=iS^JRH@%^WUL@jS7WLa70SYP2Ht;PZCNQWcd(@lf39JO7Y1u+IhwT zK8M<{o}%0wMk)|-)9ynuLupDM3A{SM5|+sM8_t5Q?yl8;faC}hAo$8e9L@N-9Swad z-u`^KnT!Q>;hdk#u)lMrj~@n@&MfZ@1MTTpCk98~iGEN{r`{8|V>R7)##Ek2)1p*N z&pa;=Wsl3#%N~qwCkv1RVXV3BIuBl!u^8E0+BQE}L;Ls2d6w`tP+CPydv1u5VKTSX z1%7n6*`V2bpPV1Wb<`E0?JZux@BeG_2IYEmf%VLcZcDQBT@hlAA67v0V@?@a;#<9e zpjhWp1b9~@55vSKRf)4CCKu9zm}v;h;z;3U>%CBK)yR4?XIlJ~SU^_8xTuEIr(^-~ z5g3CJh6pN_0G*l4PF!s-LhM9TJ7rH(b6GL@c1DzT#4aaAxJGa>6LvY$3oHoJhX3N|UptrV z@&mPqV-?014Y;eYgYWrcbMw!tNlUS+6x*xVV6x)Rli#8mrflohS2WAf?u;i6>xp+c z|0U$mb?I3H{Z7JDvNz0X!Bu+2!g}w#5ReTH_w_tYB8fdF{|87lyjubtPRYq9JRw{M zAc`9xLocBm(b78|lj2KNJarcT_23=!IQxE<1B9Ouxm^etX3mL57>T9K`6S8qEQLPBw`hu1uB%R%}ecsW`<+P?+NI@gYf!!YM4Y3?S}Wo4O98(YFC@?0`NGiAv_w76%> z*8F%|Vhs}+1wDXmo#!9bbwjV$m?l@Lz(Qij^uqE_(AXw`{SHQpPj>a6u2n*S+*UfP z1%3Wmq#zGaBswy4MzQQ!(5uxO^2jBg<@_82#FN-uo;`?eSTqr?C#R*E)l!8y>QZQD zHV)LN3=FMR{50H1y$}UKlRY?r42&ENs7G(>U9l@EeZM(5Sg zE2)%{mW9#RfCP$19ku0XFh{q`l9Ec40TmxTvVgNL2qqaVg1EG|KfErS(Hd`7&fq;B z@N$I!C1^dBIs-_>$xo~1yTdJZ6YwXvl3Ng24Wf+z){T6E`$6p1>GLQDI5gA5+eWS2 zWpW=Tjr2+Wh216)*3tRzW-@`@j}ML0IskXnB^90Khs? zK}0%*_L6M8kNB7clV9~56QyEl=QYQBB_~Y&;ampliDHxUeRHd+@HEoP^4h2$IyuX6DoEN`)McI`48LN< z9X;)?Qa`WaMikI1OIeJ>BzX_r0X7iDvp7V10$3yk%vbgv zm0w{=y6m*C84$y&8TTqbVtZ5ONJKiuUC^dGwa1N2@os=4j=phxCF^B=$`!nF+cU2O z_2m+yohS|C7~CU>s%~$D1TkN$_s0w_>?Sv;mkOnHdd(M;9#l3y*OMYwqOu?_H3>O( zw!7qv0k?yX7or2#lpyH)z28+)<(6$(WBmao2e`(+;?yF314o<7rF#8y_^>*->3uVO z>lICxIaCziL^yXF#aL&3+CPZ zn{Z}F-q$eB?hi+YZcX9Al7c~FXcHW4PI4*Bj7x-?bOE1Je;OCdg`^|g4>lSEY8&^W zia_%hS<&%2GP%`L>?}Y5?fiQyRN}0lq1`a{I6)CUi}itR3!qM?0eru@{g5%)|ylafX;9C0%O7|U~nAKlkn4?~KI7EYF-o&rURwF2)mybfS_)vSe9B7ve3U2zJHLVA<2u=s^HlsC0 z@Jl?!sW@`UX4!9!lv%T$OtyvNGQqi|qOH}ObcukJmer!hP_TkpJlNfTnWhl~zp|Gx zU~(ksrka>7;CKP$NKmk4F1tCYboCCBZ)DW5Ny*d>;fQk>8!rV7yothq&lKn<#Dy(O z^NcOwrbD+ci3Eb*R7fYTJ!qJLqF5+;FDBk8d)Z-tSkUK=&N0`+n-MxJ1NsZH=k`(b zRE*qOXBq2<3yM7Cm?Mc-L6O82Ny*6QEiv(Mc|CL2bVFxvm#<(Zr>KKzpsvk%+uH^^ zqbDf%176kpSm*}X{D~k)xqN8tRTxhrixJ26JAUPN1p?knxy(8iYYS!X13k9@&3b%G z*cb=OGR&`Dbs?SY0S+$*Jq4djER9sYow{{ZY@?y(u-UqVMwswK&Zk8#Ae;VlL@ifV>(V@{s43gaJ`%AYh$o)riV&Xjm)zSo>FwIl>7o^DOf*K%T~P^8AbioW^YKzY zW6j+ep@`yFIt7SuQlIN5Oaba+so8SSb`N>T5lDD5A2#GiA=pBx**0#&ujn!v1=!?j z?{{}&*x>*`#IdHn2qFeY!PwFBzZZJ^Rv$h=<>xkKEQ-}^I@UbR(a|ZtFe+x58KB*9 zq4g%N2%Lw%er4b{nYaXn>Sau=vJ5O2te7UW3<&a}W6~4P!OX}SkM8kRlu7H&6iULV z2sC_De_3^&k40r8;@Dob*W?l+xHmQEi9H%rdG4RgoSg~bK9r>@Bw4}VB}ToT^QF3Q zk2$VS6eBi?M^1|GcKwt+{W|^$pq|+Hp+bh7-6`uM>Ng52z2d+QW<^;^YgfujE zH-87=74dn%=)CSzf-DOmkg3L|CTDwr)}WUD`Sp-aEvD7>${pU4#Gm1vr3op?*v&xy z3})AQGDYU!M817BoGISP)4baf^ye`n>EkrB( z4|qxD-Z=(-8^nqsd8rU<49v@K?3VwAT^7D*XIiQzz0G&6kIP0sgW~iOy2hPC6DT>{ zP||;o)*&j?>H)Y2P&2qn9cwerZD7AT>~pM-?Im2Q$GEq4lCiEqY}!N<^NouRgB+(= zQo(uj9p6;GNDAK;T!2LL(WreU~ zgtW9S^}^sJ_-@T6gI7rCS0Y^^_*UgSUCMfZ3|EW$SYlFi80AWmKtvlBNXG(2Np!cW zX@jvyj4b%K3aiSxuiCiFiqJsITxmu+?=hh{a|=j7K6KDYO%U?aRJeVGvo)-CPzU)p zmrF}ctGDEWJOKOZqY7?$@$qoP@t#ia?Xj^1BC!CIs|~5H^tL}D)^sSL zt>XALs&{pQ^Z@JNvdT?ARmo_R$Hok$f`=`-iDvknITDVi*q}A&Ckup1nZcPOP+3R} z+OvvDGCu|rIdWf{(Gc%Nl*9+%W`|}9XT4BGBqBo@GMj)#wG^E(tj?@OY4EAvu&SBJ z&9zL?jWg*R%JR&fB2ySyobve$PVpA{KB~3ob5*~}ek3(DDr4-PAr^aGA@@o|G#V{K z2md6l6(*Oq_L%;kw8?+5!_tsn;hh+dNRLWkzEta@?DZ1G%X%2Q+51Ww>Wn*%gB;yRPO8QnXC(1}p#BSb?ID9W)sHyo5|2x`iChqwyVi>w1JnNnyEQ@-8Rw zawi5d;qo-h>=+9&J+=-UXsrVyq?@=-0x)A}V=*D*X}`UnZ}z2=sip@04BON30HxTz z0`((&ogk>dd@zua_0faKyX8TL3J?yguS}+XBf=c%a8g^mW+^O^hxpH2_CZq|uH&x| zz}Wr~(kgtoo;~++q`<6JApC^z9=hB<*Vi|u;h)`CYZSR^j&2ymN9(5|Qa+KV!kkxJpc}tRi7+rdwuu#GECB0unbQFpE!g zH2VVKm7@`(3wnG2qdH+^FENV;F`4?E5U_JNseDj!#HeP@Su!<63@uQ!WNjkGPwo1Z zAox&f`HiT8uRUYsNh^+vn~s{mZ_wrJ8)$sIc;MyAVTa6S@L!vMyFStT&A&eEr)ULYNFMHIg zAreWpw4W8!kD!blYk3o}XC%-*?aMRSKkA%s$;QLSpQE5{KmgT%g7T)j66GxA_PCGB>x}v zcAR9iP=*!qx#C?efQUfhvEKjz&CM(adm1U)k!;;`El-*3<~<5=0m%gQ-!dR z3F#2YIy&0(y|$|F){P>Ou4ptIOY-uUbdv76pvNeO2hw#4n8!qf34(ae)iI_ReE=rq zZ$^E?_3>);kHwXdxZAquq9s@suk84FQ5iF#3aCKFt3^yR!qJ#_sZtpd8RC~-ka^50 z*V@QDYfF^aK=-S{i1a3LB8J7`xbU`}WGvF51K@lUWn99oy>-#AaL zQ}Lp%%Ht@`&(1$nu7Ge)iu!zT$6b$mWaPjfP+LL|Uv=B+s1M_pGpP|o(DUSa zk0<=`bKByXjFhgbxM9n3aB54*lSo-cw#VNFHnH9UYjM5p!*`x=3VQ?5mGK*yEN|rO zeywkf%_9f=#4yU05ZoBIg5j?v0WgWL=Y*z8T&mEZQ#ofW9fCg>1I@Y$9&@XS#g7ZR&~Rk7l|0A8%n-pIi}HUON+oO2R>pyFakO zU_9~zVisFnVEacO+%r^`^m5fy1#;-Z>P@e#kV|7^@A?R-E=0cC(5lMvgvy*a5ES$$ zMYJMx=IjS#a{@fFzf$kdJ&}A& z@Y|fM5)$&OU2~E8*24R3_KT8+sfo@!)KBvjoTX>Vr>5CoEJD9OhHgmH&p#kdv*4{ z(JhY_SIWe|FFXtTx{~W74s||UPnlm`D7#(@+elryR8b&~bR_D(60ixGz1`^0RtDK8Ps4yUx^k5gb#SqM%%A0?N=@80f@@Z{U98V zk|wF@q1O#bsw)m|8k6#i=()&9g{KPShM{ z6@tie<(^_!UD(&)hI^5=^-V%F0WMYDD1t3eEhZ)JBoe0(tgEgyG>(MY-#tz@a@|Lr zj*I#=9aHO%on@kG{X|nw-aK*M^}H$0%DY!_9lid)dlhKx`MbH8i~q{e4&ay5i7p5> zTjle-g{};`YFhH21u>FQI?YuPS1rjfw&9+*bpL(d7Fr8SGOcoyGtYVVoiO7lcQ+q@ z5OTLORp$+Bt4}=pprDp`g7SH=9li>31Wn3Pv|1C%hzVM#Q*Ppfr{iGF zZHOm-2imf2Jm#(8_Ee{upzFQlzHU=dC$FTm*eU8`&fYrQ%XIDhZd))Y)>VSZL|ktu zTIU^wLf#8T+P&^Ncp;ALb0`H_J%i2_B|%BjdJke^!>Y;~44}y9=K7In*EoC?Oxe&E z0&%MX?P;qweznoXBc34@TT**t`5hQyV_C{H8cAzHoVOLp{y@>ot#Y=PYjU1E3v=yk?kU5wRygHO1Z`6Pa!ISYZhB{P(HGpf*0)hf~2o#8jG2m`;3; zGEk7_mj2feN4_c^t(6UqnL(`h}JJ1j_Ru_{D#R5WKNF=L!#LjF|+#bgjxyB(F@L(vkpp;Ek{}L zroKPUhK^YA{XTWCkdc(~VV>q$RY;p6mP-@QDd>MqP@nBZiBxIKF!gvAbjib8Wq1yj zBHU&E8{%_U)G>t->_jl|*8xc?C;RJSb+75Ejo*t5Tyyd9Dh2*Zy`CMB?ZXeir`~yZ z5x8sy=avgBhHs5zIT@B8JP~b@WL8#fQYmEFWVihN#DC}d@67~PWhV-x?E`X=IL;Gb zWmWL-+?15Cup=w07>;o}?K7-cBEM4-L9t3WTz0hOo7NoUC{FhNmY7x%%n}}N0Bf)c z|7#GVz>8+X*Rz@wZD#mN#PiA2ICYYFvNA0yMGD8MWILZrw2#;B8(o!cy#9_sXENq8 zFr$0zNOcOSx9Zcgez4Ga(1zxwj7jM4 zO>bvq=sV4=Ks1237)iNDb8S0(c{tp&G+4?hpU}=SQH3(lVgi1cu`wFqNp;dTqSU7R zswNr_lx=cPlch#Q?o1aY&UiMweu_Fsvgq@yz;9C}W51bp)o7xdiIn~dF7K{%S zP149X!X}2X*_WYgni6Q89Z`!+Ea~_sUe(JwuX#GXo4_@|Ql_!xt=gwfaQp~FJN%)- zbx7(!)PtY;;Di_<{^{a*Oa1IL4hucu4v#WP`2!N1qQ+4eWTo0_J;FXf)fI?^0Xc7% z7>M_poBQzOQPfegv;eJiwq>u>2(tMb5z6ckb8lR|bUO|UC;6=ORa|;%Vy+}l=y%NM z^er;C3f3Vx?7a=YQiFvuo&vtj4{-^4yM^$s@6$c(5Tp=m3aucU#@{@V=LBV|QDx_} z2$r!Y+{_l?7r#M8o}~&AAd%U0pbRNVQd3f^lE@T)5z^=hco>E8Jl_l})_p zHm$&7KH9{0*o+G(x8Kk>v4L?%gOkKaN1BE9Aa$WUi1-ROiI59)MsYf72c^8n~Q-Sr`?w!ZTuWVyQr)9vT!cIA|MS2D|~isvbsA+}JGk+nn` z4MX44$edAZ=3%t~Q?3wKLZDw}Y6K=mLk@OEOSc^)`Y;8i5tM&`z7xc*LUxj1>rJ`L zWc*_c9^hoks*TBjPNvJoL$JvnXMlx?%+~@n@bE|#EGFF*Sa;MBag>u*!Ze$y&bY~H z07F2$zeD{FZ^eO&X3VNMw8ex-B8TG~X~>(9&dVK_W`7O%h3u9W%(f8BHp^0|LeyA; z(bAk-B|EUmYLsr$`?jVGR1o`1zOSEk^H&-=nA@A(7ekPUlu^VI^Sw0c4nt=R`=HAC87Ma^|Qm7E74J5c=gy`?v7XLIre#Qk=?J5M){E zpl9GO_uzfxQUUR$?&8_r_w+>jC98#ov&&dBeiOlpi#|RgK7jPl7wdwuH8M=xDA?gv zS`sXJ__5BkfzY+`F94UcnZEi9Hwwqe8<=&%zofi${?I0jGjch+`9AV zytu>#p#-h4XJ~s95|vnx8Ev6R%838rjQyUpWO`iLUCtH%M%da|?dLYFi1kXP2wcTMT@x*{}iDThVsKjYER;@W%=;w+e7+mLN&554E6zQsMhl`dIqI?=8AjA%(NLl7c z7rpaU>sQ#m@?VQZX)cjucfb1aF|_a$Ypn2P(ZWBL*Q;m{N}Zhg&Jgcp;iMrCV){*z zbpmXcvBmazQ*oJ!A6*gikfBF%Ll!anQ7DwC`2-mDR4w2mtFMnGbADovy&d)N9)>XA zMDQ-)!TB6fJEbnYgl@boS}M&_oE2_MDmdfpt4W+um+OU zJN1D8%^+x3>C5MKjVQiWrboDX*x#n@i%|!PrA`*t<1`C7b;N}|B*)+}NNmru$>7Wn^fa3~h1 zVT_sbF?mHW-481G5KL_8TO%ysZo7pz5mNVEiW}GQw0^MqIb#X-CvlQ^Odwi*6`a>) zUg?5yUL~NBhf(_6neS^>5y*Lc%8^m=ZNX9FYWE47oUu$jnI?A3pG~5F{llEOdxjV% zpQc}BV2Tp9#&%rC-VnU@A4qJoN5|`WxBct0${;s^S`SM4O@f>nV+)C)Fh#<&Z4l=l z0Du=_DwoCMG(LT#2PGz*&rb%|H^}JiZSGdE7ih$&ejiu1M)YsgH}e3k$mxxnyX%mA zPhK@o?}UVe{J{?g(W@5@I`}s;bLr{LXL1(cXCbgj>KQ>7+2Og$tx}P} zekm~>P8w@!uqt9nwY9tBaD-%TRH=Lf<6tzSPaP_P=D=ozo*6BSIW0-di4CX@$#~4lz-`)t-H~{rRV3JVQX4o@1@+sou zl30kkoSF>RTft(MwO6)YYf4>IU=ph|oOli{^#-d}hSNA) zlOru{ce_40U@j-8jmeh`op&1(kDsVb|L94S&6+WBAvTF2nn%j9m)@?8U55_*m=XM0 zO1*v4WVB)UDe9v#=_bi^>I(u$VY&%SrP5=gGKZn>*^n| zkpRCBVm-Gw8KN?V1t1DLB0#}hFNv$~r%Zjv0hU;2tB;H9?g@}CH`j~k2TbkQ+nj^~ zp%nR9e|@F^`^~J?74Kw>W#MmNZA(>Ge!I9yTI`-ec^Xr~yg-x~C)+;riIz@`=(^)^ zKHDd=?&1bbLa`Si5lW1sV;>-2P)zhEmivO3VH|?}K8htQqNVPr zRu>G)>90)~qZc^^2ORbYFtFewBm4d99EDS$NmXiY$kVwU*lSu`q2=YO={8AaSBye- zRHsV>*U6vg-UQ?H147zeJ+?F9O>iqLKF80sm0;>vWGI`{fF%rskMyTN`6ZDUIAjsTIE?fRKsq;WAniAK+uxL`0PvV0d^#DS1GcwF_^nJgKq;Bw>SmAf{pxQn|<^NAC4GTWD}lu#bo z<|`Z^K-vi;7%Z|U4RU8x)c<+M%a{~ow@a}jeBIbHmceYp&gwFey7WVT+y(c6v(l%x zRJr)Kv}PIkf5e-@;bbZ1WJS%!q-kG}1B2`Rr<_{7@>2H;W(lZ_t`si3iWMvm^{CJKkUAR~ z9PCW=VH8;8SS8~6al8<&&y_vM;w=6`jP>Swa7UP zCGp=~hWg6=MHcDS3#uaZ=?5d(FgKPS`SLd(C=hPc4_OrZq|+v%k!t6@ro{nDObX4G9v zF|-N>*YjI8qW3k;lM{DpckVHEFZ$7FEBU}m81{-=!{aoNPLjq^47OX&{+U}zHiaP% zQZ5TnN&zKVV(7srj1z&mvI^`R71FT0b@5n%g+WXbwci8?P=ar`UnGM`_Xb#YXl?dYubQJ%78m!P{1$&i(KPCNu2=m*@YO*9 zAUCN7GSP9_KUw=|XcOV$&G919u11dYrLjo6%guSW_epGxd7|Im2fq^_l%b#8(ujSn zB#nSv#ga;W&!tSXQ&Ifk^i}c0GAR(QDcF^lu95K19>BH$@~uIV#9dGUMaX_Kj3An1 z0a)tXnZ^rT4ZJ9U_<|&jShEQ^JO04cJ^+=+1s#@aZ?JH02}>6ZgM6&1OL#x*UZQdf zj%g9S8vdb-&b0Rm2{d9|Acm`2glz3XG6u%P18(BvzM?P4CR>4WVa7E;9gIe7~vV^rc-&Z{L7u zaK~bVxBL4T8MBIenq|U!*Uq$dR8yPOmZ-n}FI#;T5ib%ljB0ACxxuSvmh=DV6t#RQ z&q7jw#jjsHPFixzSKpY-%*HV1=LLBfXDC?@jbWaUQhwg`uYv^NFsddiCCNXAP?|DEe}_zalFeWZs#H!Z4}Q z-h1fj9)1?MB$j)yNt=|mst-}9wjxl;b%G3uN#gJz_Wt0BK+jEnej+Gp|3cA#3_L{^ zyF=kZ!Mk^fC}QRiJgP8qO#{=F+2MWqpo7vBM&U`lxxvAK?%7xcv;Cq1e3B;}F>wAJ zLJWo{QU6F?!dG&P$0n)NI>+J$YIh!%{3*@cmEik=#BB~6|96jk;>{ZgDrHH|`{~dt zP^SpZZhz(NuJX>R<&QB2JH&9RNEhLL(Qv5xG9eYM3QmwJ*Eo}{O4u`8m`%+~vPG}k z7T#w%h1$Q7z1lqFXBahH49^znwDPn-eNkngMn`Um90A6J4^JH)EuB)GHe75`i6C2- z$V+sWls~-)#3~r3`b8RM^cxLv$SoF|RZk(0g6w<~0ea44-lAVZXX0<3>^riRH7PCw zLW+HtQ)ijC+nG;VfHPwAq(+AP7M(`01>+a0y2B%fWq&Ul4 z8;!xq*nFcv-i5i$dJ6uG-x$ z#x(vLzh~u4^JNA32m5e@^#rFRQY!wUvnzX^tY3;asu(`b0Epj~g0~n!k2-$fPSe!u z?7z5kPz*}1R_Oy*6f7zDk)&r>{4o(kHF5rZr?t(KEumAgfSegC??`b$KnNaW}L{$_;lW4KmdS0lzPY7YA@^#09w#<00xFg zKonYVY~TOOW5{LV;i6l2sULQ6n8uC_6=*p6cu<$SsTs1JFLphM(~f?l!(mkYg%j1o zR5w+~3Ub{!-FC8R-%OPkCL#?YZ!z`zjNk}xBJu^HV9}qRllHbwK-sK+R-^Iy_mW&R&+S$!igntk#5+g1AA0(}_?`nZUdf`7J>$jSb#| zi&Q+I6HSH3k=d0%2aGo*YiN3S)aWWI|-`qOB7R94Vbyo|W-OE4IX zion$G%Wt{ROth@awqVqX$hSCg`o*`y|Ke5>Nyd(=A|uk{Dg#+&NtaE|diIA^Are$D z69-$(MoHmVMx2X#YdZwN7%>eM=!|VfB>MRF6hJ9sW)Pg^Yj3LIl z{A&lx6geZ;QyEP z+aU3Agoo(fUi<8M?oMEcZ_M7#BL7q;gVsVH4a>g&W{jna4OS+~bui?M{R8*cO+0!1 zUqof$$TmCuIMawv%=ce0+}nIJHa#|RsA6%|+Xe92CrC^_s?JBnOlX%SPUe-@_{@a&c2yFUw4LBKM=Fv2;Yq>%LhUTUezn zx~=JB29C!^U`R3aiF}2%chclb!JRqQYr{W5dck3Uu!GTF8lM%mQC0|e2biPD`yOn) z3=u1g*4&!t(zXAhSeoC#+}?R+R<1GNOzP4=6wQeqY;wNO@S3okLD*nc9azwJCh%@w zriH>M;zuzs-UhoLYtfoRm|Mqa+YngX1=AXIYiXL&Bh&sM)@>@ih7v|8jp@Pczwubm z{VAiwjgq>Y6tbo3x}N);Y;wF#dN+CE?6AoEQo5}mLa#?JpUxo;r`vXe8F4VZ>w3v5 zCFg^Jz2E)_?y0DPo%jDUK*!a7ASvIs{2@@MR;<9J3SvDujp<&gp*r;64?`ex7gdmA zgIJb-TfSiN%paF?8Wl5-{S-loHG^#O^A2?wvpyIxFHL<{=kRVFFv>@Q+q2jB2$P&% zTH3JU)uFy`QLgT<`+J#_$F73&c6hH3)IpVXf8ErY7K$eRYS_>UB%|Sn#zBqj?kvSy z*uqeCHW4q^0USm7^|Qhb^{)H$hTt{1`-zN@=0Cy@t#ofeU$po=x{haDA)_?k=^J4) zR&`IjkCc2~o}0ScFSh48jOsceXY_;XuO zpD~M~O7XQett=JtH;#N>toJr5dHJhP6m8t-kxdJnsna7_o~w^;J5jSKGZ`UkHq%zm ze1Le_hbdB%8{n*+=ajno_IGbTaq)FZw+LpS@_WrzZ%GCIF5eBqr_Kbo4*Y8^QV@;; zEClGPkRyV9&MXINWmkMW^0h+91K}QdL$qT+q=(#nM4CKSvhaiIbH6N^QR(BxL)0)6 z7@J4a%4QY_NIH>xgN^v#rL7g z8vaH}Y^QK(qI;UJAYxK&6A`SIPU4&u?$UlVNF)17TAsLNoJKvme}7xz8WF0MIMsL1 zKDFAI@Z#r}gcO5v;|^vbs4Bj&BB={)N&qxl200b>mQjy*|QBd{|KQ za4h6PRJBlM%1?wa*iHFCOe(dLl%qt-I(x`hY3;0uToj?MM)=gh^k)*16K4h@P zmV5fX8UH%zR!pXX?P8mo;Z1B!X)j%86ZjR$+{OS^a$)=tW^RDK!CJzeL-OIR*>j>U zAU(QKY&mX2kFRm??^nR~Y~%J77*ENQ^ZBR(aL=~`U(TLmvjcT!b2jQ~Rzzg1Qe?|) zpjCcxI`26ftjj5DdEP{k7>59txj45je=3v(j0Dwq2RWMqSsi7M-XKhC?YSWUAFo>T zgGpm^fCZU;Y`hh`IioGu76JQP1FzwiY(DsnGo8*Jw8KD*bEmbmr2zc8V^c!BP=a2R z!U0s0b+giRg3WS~Z=ke2oiO7NqmxVoA_=QUeDZI&6QNj%W11cBU%PH;k;0Ml%_$lu zz4>ttBnq|q#tdo7lstz*=8>$V3|xM!n!TW&Xp)x^XMEOYa1Rr%sURfo0Y(;f9wBrakeC)}GY3dVuXsB_%y6sh1q>W^miPJI z274d2@d%(sC|x4P$sw%=`Ku2V3Lt$4hYYdCVa;AyFV!P@4-^`(g?gB8%Et>1x-yK= z*JZ>1J1t$b=vL74)T{TF77}2rb%#b(eu)3tixMB!)4` z+x?W^?E78n1Y(!C;5AE>+F7O#ne!qtjy=-A8d6ibWIk4d=ne5tj0!9*(p<<5j@$}q zu~FNuHM8q}K2pDloYH9b*@AsY9cMgRkgER}4dWbfgoa^{w&+?kIAJ{jMr@(%3G3NG zX%Q=lCzg{T+zoX;z$cgEy#NMse4_E98Sf;%&%WF_iZCD;8YQhEa{CJ-DnDT~o zf}hZxE;Ft2M}j2rWeh3+Ess*eib7?8*fzBWpa<*sA*~u--65KMab{OpH>;8S1-OY2_d5V>+Gxq=nIDr^1gAl@?D136&{|RG(ONww89Tz zIC(Bo_tuJk`AzxhF)*1Z5Wj(2MPmds?%>1j6m0r3Sra+(=KF0rANDh20xL~E5FmuN zsH2jBYX!BMJMa>~g9))!)>nbMwomTx6uj-O@`ko@-vtDjI^LlyVwrVyh8dWY`?Izy z1JLgu&7W^vFu2Ih!=DPg)>O`9VH%4CaAY<-6@+%# zs`vIenezJZz;@OOV0MhL=$9dW#kuK0y@?~gqJHl>OLhq_NB;!lagr5^a5DU;a)LqK z9TjhsPR9=K7J~Xkg#$V+D9g!;L$n3& zaH_j0VzC|-=WWocnaz)vRfTD$Q%um1f+P8u6@qjX*7(@9gBGg>%Izjszmk&YP@;5!iPw=-t}$oRVI_ZM)VrKTIHc`RUHe$5+~6nvD&rzFZ-7r zf*qUQ`r=}UWu zPVYc=i6hnI*Q;rN7R)ZsZSbj~{`<_yB|h2jLNs3}Gvw?XL2E(Y#+G?beph5%c)Kd! z2PMy=su5RGlWbbsajT1a{=r&Sx%e z;3xNN5+bUXsAKEh#?^Yf*BS-LUeFz89y-sPIo?5Y>jlyE>Lf%H_v`inQ^TY19l3A1 z)uA>vmh&&h_pBraOR$j)y9&rrTv1&rd;Cwr7lGz|N#%3PI}2PUmp}dI=nz3^rPwpx z&OX1Blpz~1vveY}0^@BAU~?iwJvtOTHoRUJR^^<9BeU&09R_Z3T$P$n4CkbyInyQm zFpGhv#MCMiWeo>IH2@lWE{_|=?f4=y{2?`+;8&|CyJ^=I2NZvWK-Zo`4FA?GioU5G z`^7Ijk0_DHz3eo~!+i0nGdsl!!NHYxO3PEXk1nOzVDQrq)aU>=VP$m% z`2*B4rfh6eosQJEZCv5w!FMqu#5hHY@UoXu=zSp0|K&N z;lUIU?Nn&C!tQM2I20cnX?zRCmL;hCVEgZVn5&@(dqqzf85@%hBtQ_0=DzLunJoe3 zSA;0{3U-V#aC*fq!Bf#xx>VDyOB{EB3+OkBY4(v7t8IBVV)hy6gQ9obkR5St#FPf`QDJ_7htPVrBDc!P9 zg|z^2vM^c?0KmRg@upoZMwesz#I=#jp3 zxdb9nH=3XU)>7b67_Jc5=8eVh*DTt@ji<$7%wIF%Fv+GqK<7}>oKc5)MTHM24*%4J zxHJAV0>cey^C1omt+2j25HGeG<7?~mVX7#*6!OCOGBWP^_7|6JQ53v@pGx@6e^;fV zYO5$YhSyC(#C6 z8+;6=%!Odz-gV3wN6sImW4HU${_kry!WD!c{8dOP(;FzdS8_HnWf`1_dag5daVirn z=G^ZAYt|AXQKiwgZG|to8@H!$W3cdjX15<}ezDtJ9`8ZB*&RYu>`oit9cCQ_xAxZM zNUH;TK2wLz1)ZdqSwp`HjtZ8WVJ5{iKyIo&rw^mrcf_^j0`=bk-6Xsj^6Vc+-k~?4&e^r7xr6-Wd)6Y z5G>rc;r|?`#t6B+K29imZO?j!@1g3(R4Tb7f)F$3?>ygaxh3h*IEa#=7~;8yO`Mn0 zEd^tld72X9muK%s+=1*8)8GA(!Qrs(G_`$-EEvn0ll|?n?@I~T!N4!xddLe?hEjZX zihZiHx&i%wmY45xp@PB_0lhp0#}G^E)K2YSEDwTLDR_J;%GBTA-P$Gn*vd9XmD%Fz zOYffG0Xm1x23;c4^=Fw0R)tiILI;ID%LiB1@q}AB8O3$M!G~b4mzIHb0i_}UlV2)D z?sD0Y(605p!gk`?>zu1-J|K87+|~@A4+50~RcZ6+vdnLcIPpS@fc9!)wK9@7V?(XP zDsvm+sbdiLm~u0d6kMKt=!a`C6%dBk`^&tF;ur-~dK-)RN+?Jd1kz|}9x>Af+X8W2 ze%7P~XNaJFqHqA3c?|3R%(f8!{(B%tVZaheqs&If&Xg}~+f(5xxQ#-fjmw$1Y#4g3 zz;6OkJrWL;gr#z9gAtWQ4aWp&D5SqQ-~mmx4|z+Kbt(o&PqK-Xz7Zs)J0{QOl(#Kd z$R&0a6fewAdSH2v-OXOD^l_6gu!w^D9SJ~D1%2%qE2O6jriPXxFcvxwleu*%two@op;YgK{&izK1Y(yShNz1aklGaiCBJj4G(&u)pr^v_0;JLu(YL>S za6Z(n#Zy0j0M!c=+H&alY9+{_0*+6v>=2a++IHoDF7d!9S%-M-v_np2I7M~zS`lrD zvJ7lNvpQCMAehX*1ZlZyj%rhn-aKx}4IHoaNxo6{io}aJ<99VSuq>3QIXF$;%w3iL z0hGgah?-*hu<9p9&|Wl3>231EA9b(`T!Me`>yQZ1j|JcudDN2~m)O!Y##Kc|M4WaG zTw-dSiSQlsDAc zAE_ZWlkW@zzEWw6M0&pm>Fh%BDJYcH|2e&B>e?8PGpv3m{YB2Cm|jmQVfh>EMVlSH z#~R-ej@ETZ*I_&RmRJBDJTa`plU=QT`>Z&q;SlDdqBKa8Q^Vli70t%yUrem~c9a7R zO-v*Bi1M`~!$NOxVp?W)WH=q={g+ccvX_;I)0Ntyfd(5k4_Q!vS3$h08O3-gRkC7W zx>RP9!25e`07j+W=W;*a^HuZ5@U=~Fi_6A92HA%-beMz`j0C}PcQ5pDBXfgLH?oCy z947){$LZOlk~y0A*kQuhJ%!qe()Hblqqy|}i~1XT!_vf?|7pcR?H&t(k)Z~MvAu|r zNZ8HHit3T#10fK_+QH>C+-&+q+n7^fY%u{;UNPO1MKbOqNwYx$0F!1*pHGmrXe{}2 zbZyPSe9RZwX{`Pu(EuEH_B-#99^{LuxjH&M`ci1seZtBMh|i_UNBFQr~#b~?cZ-48qAE>DB$If z3Mq(WV*C^jD!WO$GpbK02UtGhKhh<^#2K_Q$V@UTABSkCr6Uq0lp;*7|58Fe{62mN z(xujH9*`M*i&h?c*h^dHRu@D+0y|9vN|i07Kt7hCM>1C8(4ZdK79JS zp6s`^3_(;X&uOBuO)@0n{`ezVUmLqsvt94$b^}tiXatBBZ1w&TU2d z6>|01?ou14+#bq895g8b;@omApK$n_cp$A?tjiR89%2$4a==@XfD7Rj_2w{$q@UU9 zpc1#NkHO%#T)d~ggTYwnC#L~}-i=-57lc6*v&9c_GwKR=Km+k9hIg~Y&P!)r>+U>KIP1tQl40b-Q6bMxlkq2Z29*n%fB) z_4pgcBx?^&gD^O|JMK!vLn(RjO@P5^pac`9OQ7XcG{p~!x%gLnlf4#hXij|jXbku_ zkO#ABi-OT?y7Ei1=gEAo2-d?k?LGFZqK^iIac_dqRD^O5ICf7cpx-(;ZV)uF$s z@*GCWa=Kz>R2I#1@mj%$Yi+ToQYX2s55dA9)&4xgKWh3T!@|C9NzyEof0dcj2tgup zSP=d5>kuD4CTx0Q$8#Nn=~SxGiuF#PoaKi+g+fc0=?p2lU{KO+HHNWdtKOPe;MsPO z>J*atD)Oqt9H?r+3SLJjbb>2&VTiA-nrx zC%~cCNYk#?7X2)qQulE-f^>nM8l?x~_fbl6IGLfsxI-Z|BBO&Euyz-v*Yl5F|HwSmU9TpE)%_vfb+do?Z z`26UJyV%!x*<(se?4iOq$X6gV%acz(Xu{d^?tDQunbv!ZlRqv<)>_&tR3!1ZlnPPKLgX4Y(;%|D$$Y zAZs}*b=&;G$l}Q?>DTwRf(It+K$v54`HcI72Mn{o0(deP+OjvwByS_Meq_a-ln* zTCofq2)*tg>TL-xXEbWNl^H~pj}yT_4plj6LjaS3F{)R<^NYu_q7U%&+Y5k^JHZ>7 zP5icVfM?h_)7_s@eAIhpI@Gu@CobBy?4#BhowJ(*lblmLTR zTb58VdhxQp$BcP&Ih3oMk=MEWZj8RjvDP8?5J=0ju~Vfdv|d z-++M~WWKpIH=vgo)WW}#MA(=$7|t6=#Y2T!!W^#fh=ETx_`dRBe--&&zA}@{iiOcx z)qcy2@!6wJKx3PZ2c4wyqLrs}E-TR0%Q+BG$OQGY`tLJbNoPV!injw5BVOd7>?5tq zqqwEeQ-V?uZ*#RFNoHBF9UR&!+X8JIn67K>e8Kub_)tkYyz$b?!>|3}$uL&DV-*EW zdq6|MQR)u%YAz)aug4jNfBx}~1rINXKNa>y7_Mxq)kVUGcESMm?{SFF-HDUZP?*d)*d#-yPm$N=~KAe+AjOIz~!t}=zt#!P06!7xnhy1$5Xdz+zPa) zUA6l~A>5jvGaoPQ-ED@^bG6eO6&sG>3?;DffzIE{Bm>dt;zAlN^* zC_zjKx$npkvUGlm4f0}rDyD2Sj}CXTO!qr#i5hPPq9WMs$>Ops99GctN|hu@ zux@=|L>}Jz{fdKk^Equavs5>`jj%cvL*ybrTP#G5Li=^o`aL&sF!!)96UF1L%V!+M zNk*j2%#sGGkOgc(@`;Gpj0*l z4LFAV;>07f1@W4EOvr;DZy4B)23}`ZF)2VzCg{^F9Elo-&^D{8U;sHU)-!pS%ms=5 zKG-;T4tam911Hv8nq!^927N@D)Z^wEcXoHAM}IQJ13^Ip-66F{N}*<-8`!;hgkgxQ zyXG0W0dNfsHtuUxW(HzhNVM4H8^#6xe=kRcqhDcv{!?L~vy=PKm z{d`%Z>^TPDqUV43aa;85i5WPOxD$;Y;iF^xXmJW;`-ndI;WZTYI{>)xHqoNS7Sm#R zlP@bQYW@cg{+fKDl9q8>CzQCFYzN-*I6F|CC)&49^ug*3WVL0|7OBSlJmP@TW8R6n zNOc1sndO|I9s8!m27G{js*DZfAA{t^?)vbX;-C1Yl^$HMiG%#mSm7;(5704MWOJl? zqh(=jB^vR;&xMWz*!odTwkTdKzzu+9%GH(RG7|Vd*?7dUW%Zd0WdY!hvDG&QqsyhOTf4mUiPM8$h}g4mTbf??CdT)H&Y--xrj{WiyP}_kOd^Dufa9h7 z9f4R%$Yxrw9|w=!k|W^P%TM|6#d%|Y`iG50gs(}`B)c?5_$#n$+r#BvoCR&fWoY<`;)lJA2LvVAlJemKlWoBocowsJTJ6FxMyN`WmvATe?o8La8 z3Rmp*aDrGHsq@L)<9Y#O;;Q49ry;W;e^MFpKPQw2*4i z_k_0=N@N3N<8Z6rp+tMST8mX5KTS5e4AdqSUHTFa>3HGBJHk1fQ4Cn3kGV77YnL4d zKWRr7@$;MQF8Bo-5I+Ke2Jq%HK^_rgZyLr$Hn`z{O(^I7O@S5KZegz1-KNu8!}8-0 z!zIB;rr%Zzp+Kf49kE}^bH{+PQaxI5sg7{1Arr9q)MZF)x|fRX0*p!EWYhOf4uqU; zpDUhuqRIo+1)d0$=Dx4Lqdw`QX$`Gyp+Gs7hwS-^>V(dAeaBP-c(HUzVmL3JO(5u zY$gbDPALp3%ezU{sl!m3{4s*9Y`Rjh@eKq{UtS7BX31o5CXbB6`2Yy@j}3jA|FSkF=FZu#yEvXWHq7`R=NHxu zbJePR>m)^-+*A2Cy$}>*d>|Y~kFO56*#Up;84-Gs7FuDjgK7k_=HT7;B#xyG;9BmKQaJ-fC5n=EJ z?`W$hMLH5gp8>&{-5)$)uE(iM|9W|fL-i**Qh0UVRisY4M-wF#Q(N(r!X@!z;(agv zt0eeGPD9O^GeKx&$AN6xM$^sUmkSF-7??cZw2Q7F$@KmyULPz1o={co*s}GpJ;y-# z6KLudF%@%)Lct$cDANqmF74NIGs(uX5!MsX-9-`C%Ou%Ige(3_2ao`Ck1u<4a; z{jpGq;C44l{iSN}@mn8Tr&e_pmqq`8!SP!X7O?E&vIHID*C&#y`BlS=z9v6Q=%pBY z7})?L?Y_aF0iq_HdO}_ndmg72oo4U;%_?} zDmr4AL%C?&%xrn3z&Us;T7TC*-nu^#CrP0lX3BBDM|tpTqRrHxD@3dN6>LHojTH3* z15n4-29~#GInR`)868hTc>SpDebYBWjjr!p!k-%FvN?qw@;0J;P?z}-P|Pf|P5y%( zI%ap%x4-1~7dW9jttCBEt<`OFi1W^T&i%wY`m~zqK2vz`%5i*qNz=yMqb3nrzP;uJ zy>*4jVKk=Z=EjyRv`$~cSpSs$FD;7)O3uI9tUCxo*;Gj9f{*$pKqE`gb+6dw)^!uV zkks1Y6Ibp7Wfahjwkrt_5jDbzHLNN)X~|!-$|9y{tpO=UAplc3h!r?#9D8g|I-OJG zWnfy-YRlij%LHIB%tBdY%8hJ|^@g;!TCiEdbWGSg5Mt2ZYq)pa&v>{uB1YPiwNxHH zsu#V8O;h&|}P=TxQr`+e`^#}B}>XL0}cq}kCB|JrbBeTZJlw;b-5 z53+=aV4gO*6=q+JFZonPS{oAk=oi)#aab@}jCKWGH)>rd5%U03sUXJp9HPB5o8WDE z-B=FQ)eA{!?i{&-m!^Rs;h?vdCjaF>FH8R+(R!2d(cB(rj+6Dq5c?t)%`bzjhou2q4yqh0$ z%)dsCWP2G&1_;N-@#?Z#()|kCM0=kyKfRmC5fCv ziedx!u+|z|D=|^6?DgMj=%5J6%@^=ij$NIx_^&y7QdL|b0;of=$$eQ#_z^EIAYfZDK2e-_zuPfP(jlEzY^%cf~arH3vp6HgGZxX z5v7O6(F6{%FU$T3;J=}t=q^d@3Zl0azf`n)S$VRKPw3<%dwj|(?sCi0x|+=OrPSIhJ%DH>@^MG-~>ezmgiZDh1Ha46n(jY~?Wav(|u10iFqp=Zyx zY`L}#+5RR}765wkNKKBwtN^p9R802AcG{5OQVem>c3E;Wu${1xzpo(ByQ2plLf0vIJ=*ixqRK0;ArhI%C5=E@>kLlYWfbbaT`F)r`E!6|Xn z-C{v;=RviL?ZO#xK}3uD_`CW?hI-nSJ7B;9q=^SjBxY5e{zo4{wH37eF4)GPu}Od0<2>|*TVHBZDrePA zD2}PJl%@NbZQ+jg*F~JdUExP{f^JXR@*0cUW-4%QiI3}qGvIbBSVo-i(pP%6m!a?{ zXmv%Ynuy^UdA``Shx8Gzp)mK#5Bk^H$QUk&Tfq&K+A z&?xYoZ{}8qdTAn|f+gK~i4X0WOvxo<+LbPO%LOMBGMBbvxI50jOnI~>b5UOH80P<= zHV6!c!&UxdxRIUzh)k1Dz0L1_XyEL>a%^?YkvKJpH( zSwnsy%w}ojS{mf7U`K3VzWKo~oz%!Rpi^BGKBq#ywbCUV9aIH`;CQLMmoJuOfleFP z{IhRPh~r)O*2fe1F1!FOs87Zw6fjI4NT%8)8rE$cBTn1XnIkVkPdn~ zF0+`!$o1Xl<`3hzP4c*U#K zg@F zn+5J&=?^6xFR)bs=zU38iVPoaX&S7CI+NX@@$ z>S=t)1z!avmmFp0(faVCXP+cD`jFQDx6u)CCg^ypWYa_tFuU9qr#0(-9MRR-=Q^$^@8QfD2y zs)N7r2!xy=n0cOe#UREadO?iHpN(IhDv>oKTmCag2BXPabwHP~{=GK7{*+6$e z^bCa3SEW3FHc3iBngQ{vZ(mv(R?Zud0D?FS$nsfaXrUXZ+e|BWKp#s|Gh@Zvj=%`v z#r%+PiGDr(2~Qpbb;OC{B6AS|5fEdyJ+-xwJTH;ll5*?#QhWp}k^D=!3E(^9{O04~ zKN7$FrR=r$IK)*-?J&NrrLgoZy*Kiz$s?oY89)O~mhIz49McZDSdf^4{kUfZYHKRxu@SgpeQXr;dX8bdk)^|9xpLa50g*S=!t&5N) zteoSV`xA4K1WT2kz<)ID5am*rkP<8$1z;zYRV!V>0{kw|@d2JO&=JLkfLR(VYvrw@ z?<~$YQ#{#?i?`wxwQ#C~d)&?>H%7~vomff*eD@htGU4ML;w%v^zgdG8yIg6Iwj#H! z1hh>Zj)!z97T{kC_DtqlwMvP-0xwXipVS#Vi(6+lr-cS8-aqRJZlUJ$ww7EZ?J;xa zC&036ZS6hLLR)x}44h~#nwfhWvY0PAh4sWn(kOr%N&Yt(Uz>(LB@a-ezlJ|p*83E} z_E$){n*y?pH|K3rAbUzsq9z5Fl6q$y5f)C_!0!)iY@{4=R;S*NpDiYu>GAx?KOhU*h1z&)9(7kYB_W% z-c&yv&o(>sqAM*@xqVEfKgj+l4FtW8b=WX=;pf7|AvLCm?ORT02EqE9EQlUtNz$c| zGsEs)i3cL$+Fw7~yiut20SH5YAukZ-=ehqN;B-d{8H;Mw*ZL0+hPdRW_aR6>1!j!Dg@AR8hD zV06?FarW&Lre>fhDrL8tC2y&53K+B=qj^%ro(Ev0LO~1j>g5pqA4)#Of(|nf7yiE0 zV|XU==u!Rvp~R*HQq}sRSTbt`zxCvz5$G%}!iog$ivzl)uOQ%^7*861W&yMNwl-QleymHWEJx#b>Ti`QRwHKH(fthTLfJiV&e&{UZN} zlb)ZHO)|ZHO+Me#vvK)+l2UKSfh$Xf;wo_zTgfkUkKF_>ZcRejeOfKmf{+v+tcP9V zgq8O(Lb(q4ED2m6!IX+(Sw41E;}nn{?*w97Uf3-LQ5>YaUV~)5aJ$ID?}9D?k$I5c zjJ^g;2jtYoH}d!Z2=2-(4?FZxoXzFE1D>lpbuL^+n?mrE)^}>es2_XCHtMqdrv3i- zH$^GW+PINUadCm z$aiwBIKHt7KA~3UrUY7{^IfS!%Og!s6U2wInW17Dre; zgG0wy2%%tLPMf*HXOuC9KqKPn$T5jJZFO!X?d?k~cXEvU9Sf|q560{9B7cL2{5f;4 zFrFsHNh2Rm55*i#Kd8l@4(BAj69^vMdOAG$tjm`VDWh7&$%I&j%Jo^y!S1>V-sg}~ z%h-y3tHt(`iz#BXveE>{%?2gRYCszmNWw$MIvGr6=4j9XCKBX$_jDNrc3rOL3)h2w z>a*bFe^i0}#SEdNaTs=oHfwe#%F)N1Xmgo zjmPsatv6(5G1R}ZijIviALvcUe8|4etLVuaN{pE60R_o;TeP7XjnJe$WGMn)g@$kt z2%&db6DPG8QjfOMPPs9$UOA3g?YS6W&*8jJGjzD_H2H~-+82u+vD96c`V=8rs0oND z6ND5KNzu2u`K|h?~Jt4fm7__)T00I?z)$wOY zS?}qNzK}A13DARoKqg-0d*%X284D63e^@mTofZYNjxK9jxW?TL{)44m6lStOaVjSy zW04Jftib5Og6DKl%40>K=sKbB`Vvy!Q&wZ9#sph#2mL$=Lej*raAFK0bG*l4$z>{J{iSP~v9nW0iA%BwG9T4spkLu4PD$qyC8}C2Y7{ z&P)I=hCu=#68xO_(JU2w!VX%kM#Jbk`nM(4qc)KN2PZE>Hr2@qkuHSizmnr*CZ@R- zbj&GDjw9Nl4-RuF^zxu%NnFBNT~?aTX?nq*5B2&JVPuq7n2$xUFy&l4l8%Rg2E+KH zpPbM(<4=cy3?+|bhR6SeGU&8;AFAO-QVs>#vX{74Ix| z3m{)D1L(zF%78;f>)6$x-^`_PNYl0pwL@7n5OP_}#xWO@}z!D;)oqNT6-|}LMbiqE< zx1%f1m6XoFUL$nv!Dg&3v(Ya5=)rKDoN+McLz^Qb)=efETNN+oOfSZ`v443~PXqX^ z;L3~d*E$Aa1zB%XbI2cY-|PuY3*DNS?anE_jNRC#?v5!I?W!#9HpFX~gz*3iD+ zlhy<`%r9##`es)4*q#qxAT=a4xYs8HPC8zNikaN}cQZW^d7`uiSPK%N@o*%p#zG@+ zBDpP*?RXbNCITMpX=NqANtF9ZEvV}D$-ZzI57v+>iP6i;=D6mSs63-u+nfh785{r7 z&Ek$)Rtsez(gXm~VTNj@Y)Wrm4oH?Ot5dt!fdRy=?UQZAEey2#uVog?2pO!zVpkh* zMcr>7l%N5Dr7MGu{9~Ar2O!eV_U};$cMa``Gpr`RDiwc)y;?#AAp}s9c038aV1!yh zC+r6NRU#r`tGsjk(eM2^e{g1s*>|TPo+^=WNn~jfsi&=qhAK(d~Io%BN zrBgCUS;Q>CE_B^HBessp3@K`7qCZa$R1P5Ci3oK}jh@6(5lHl#fmKcRKbI7y=NQ|Z zC8?I}c|v|>Le4v{ENXsG!}n@T;P)H@Fl3d~n_+sw?}X8BK!cRR&mnh-s%>R2vW6h2 zIiw<}Mc%>iAwR?b>@Slr)V2KP5n34YPefRM-F`<4_e3#C#caDNj7sy}F z7iHQZF?#>B9#m1v=JU01G|T8K#N8!Ses&p`9(`OrV(RJpk;|#)k$%Wy8UnwdpB(mM zP;;W>*lIG{8jf{EQ{A1<7kv0EFysIHV?1d|-UlX;j1z{U3TC)RULJFNq}jz`*u#u* z_H-BnuiI_D8(&{azx0aer-NUPz0ruRus=PL>X&Ph1VY(mI0s1Yh<`0#ZMxe%RKrIz z47C;;$wX4gXKAk==oZ1pAfWWQWt_b6VBFS&5#%0_Oh7ncR zv|yFXrHD}9yKqh9l1Rgnd$NR_X6}An(|^Bv0TtRO`|*m&G6iXFB@;ibUBebuT%+b# zN3owXQQc!Mfta^h{`^#gffo}&(k3P6wvZP7i^ixtMON)#Q~iKQfru(bRECmJVGg3IwB zmZFm;|EjO3a2)elxh3^<9tu0e(p;u(?iRC~=$#CER^OE_7wH}BR=!k#vZSA@aeW9J z4u&w#+kkr;Wi42UGpK90HA1@0I9-b?0%D=fYG^fNlp;cHl3W)MYJg3GB#8yzv+?gl z-hesQA3oK5{i=32Rr~fPYbx6&h!*nU1-s8c;TT?8{T5<+`ohv+=H7yMciW~uCU{W{zsx!{KL1hFKge2dV?;18B9NPk^us{+h%CGQ2Rpcz zUvs{Se5AjVH4c-=d;VKS_A!Z*0j6VtDBbG)OA!mtOMnAL$8u`p51iImk8GKBhIjPb&ossOLpO#5MqoYXAVtYv3cPmsOy&mtg0NAaz zP53({u#+K7Btz88N+0I$!U9*i#Lb=S+q<@AhOlP^HZEVe@fvo3Ilt?hqTS zsT^7NZI0=@v@qSwFFcvPo;s1ndXb-mP!S4r**f?!%;YQF`PUCRTh@}G-9toSt*sWC;CPnne0%_rd!yXobsuG+)7usn*)K=UA`cK zU4TN|oli9cJ$tNmqTJ_}nghFd=D*0=o&#yngcV?GC$Hl4()qn1B8vjH2Q`+2SEJ+n z%VPo&gAGk9Blf#pdO_vRo;Vna=?>}tC4#xhod-eUqdILiAgfZC^U2!p)qm1B46^$<*6dWk>dr#EETy zFy~s={BF2J&2A3sZS#2hn3goebm+nGC}y%&zxRL=Crx7GwroBKA+yWC<~V}xlXqm>Wd^&{1tTFr*Ul*3bG{v(;A3UbQ+d7hG-R= z=6WKqc7QKW?SV}+R%z$TkGf@$$e9ZKjy-4+g6;UjWHD)P(7GvPq#-ooyJZ{8WNEcA z&aVsoC*P1PExo1EgQdH09eMg2RoS^o-FwH>0-SXQ%nx3YJhx>CtP^RTR762%T`|A{6`xTxo|$A>1F0n7mxRR4Af`* zE=sXPTG{g#!l$oY8{$4FVjKy?$7VF*VA?w8#exdDHUMw?gg`N-f!darrtNf=t5_~L z&T^hKQZAgmAchjen;9CH@_E=)daPK{hW)IXkv@33-8UF-q@pHj;yAr3hbasXa`V>q z`-Q&>yp^ORB7UTe#E7K5Ecln*AJ$!5znYd$;9hJru>2_kHF3c8Hw-P^+y2lGpnoVW7Vd&A4-3+8E3Fr6VOKzg zDDD^;6;vT4F3Y&|6EN2)@(WH`Qg@Qr2?*=_>4n=qVG(T~yL^~iBBJacQp|4oyFBqB zIz$G#8LRPr65lojGAc9Mv`E_8drwNYW@BH1d+4c^pQg(i46pnQ?VGFi&BBl)Q$kKy zwTwLaOG>6eRI1Bt*kS^4>le;(8gHXgUBHF#z4{G_@Sj44A>sbKXT%8eJZm{kOuoivO&fSwB{DyHPb?AGz00Ll4WKS*XDRU7PTH&ohSkLWi3zirkRj>^A> z676W?z4v=7b?xip#B#(q6@J#KcZE!q zLok;6Y}e@?=A{Lk#(`bKZmFAMGItsRc`5(_tH}Q%mf7q{`_;(M5<{h}G$mAanP19v z4#*>|?J4`S7Jz5)s48~@2Q^@%sHb`)D)&RdwdT;U8CXVRV{yAez5bJzf@L;d~glI2?_@a zZ~~@kfzYxB#PhwIPl(T$9KD}zdMqa&Bb#7hOntda1>p!`-%o zh09+f@?820|4>$6kG2&aH+c8>fM5W*xFpK?nqteYDfBN2bx*P~rBCXg_ZJ)5N?k6W zF475%{TW56zBL(^Q}(UI(^*4F$l$!taMU*+te$rjf7U=4xNp9mx(@3xyn9A&!vBnp zD2Usw@UzU6B|5i)>Rxx3=;ByT*9i``{br_Ps4wCa&!SsPo?_K3%0<$hO^i zTssf&RbjdTN1E$UN+h_ZM%SHJqX4G?ZHOFGp2HppLC-!FTNa;;* zT5>W^n&uaFfq;mVgAyupf{-u${AnqX74n_m6!o}9M!wMZ7vGC?fcrD>aHSwYpKw{W zdrad5SDq8IhZ$bs}k@lRM7b+rid*{ zVS>oIoVLwH!+66D+l*iN<%S+`3J=2IVT5pKAcQBALZfQ#Zh2ms)6?Cje8vl)1QjVK z0rhkHXO=-M(V+obd7XlF#-O1Cs7OxF4-_O;B+t<4$Ha0+ZN+^23mj$s##sy`R%fQ$dRsEbfub5P|5=m{-{p zdn=0@-xK7U+QL>8W;2@_w=C3wZI?;2{bhBqL353ab8?W-e~~lRvQ2yYyb|Hy#H><| zTS5te(xz0bf8Upk#8hZ3aPB{g^P}znPZ|MY*x+k3@Mp z`^dqM_|ivHH$=@u->CB`UasUMf^CP`9TJ?7B5sX$G;@33;yC0dT{o!&Bb5&3Q8bUG zSL%6zzL)kFYaaZ93nLMNE66TNa|tcmPqACz5r-X<$N3pwk#ToZqbK+?L^plvAYMh5^hyO*FH5Q7B67{@kJhp^B{ zyH85rekUaTG}mT_ZyX**K4-mytvJv2l``r!IIz zcS&nQv5IQf;xgES47MBDb%BghUg0AAeSB}Mtcpw;j-FcialzuOM?2nHq==mF9t(5I zt^a=Jug-rDWAERkHQ0@qGXlr^`Eop}?Hs_owa7tljz8rOh+Vrh3zK&7s zR&tH0osvzP=+KH3J;nsS9AZ&nCc(E!i>eo$uoQZwDN05PrlF8SM^Em8N&Vfl+Ouug zT4G`L1KW+if14InheO~Ei9kK%Co4ySWcK$oWBMX?g_o7?e$z&Lu}C(!sb}iO@IE9I z$%JfoZ?Sqt!gIeQ4|Cqh9obgpUD(U@e2o?kIZ9ryL7+kCR1q&OvDow4#bfBg!*h$@ zFzWy<3=_mD-AD5zgqDs{o5)L5REPaih*wR1M_Y_luUI})Y{y-cWPRD@H+}k^*kkCg z$Sjz@J80rG8yT{2*~JMhbAqG?-Mqd)o{5;6f0}XUfSj%3H6ZplQNkY5`WC_r zt2`bw?d(4=rmiIXq;6C(3yVv~Y76H7ptP!liEOTQ{D6JMG#(k0Er7J*0%SShl_q)6 zv+_G@6_=sIFZ8}d-T3=VG~fC_QYB7F!Dp9uCbO+pyitf0-1_ehYhGQ*uuU6B@XF=Y zgxpa5Tt=*LPEw@2kWpJjudNv!g69t&2%WM>N5JOzQXUHIc$UW+lhoeK3NhVb2@43! zhC$>$AxS^Q9}>XmBS?Uqkr59vKga)w1e98MLv-Cix9Y|_3p^Tt&0l@!h3Rf+b9kS5 zn^tEr7VDu4gj0#WZCy86f9`Y7^tbzX^5en@(NgT9ObDtu8bYC|{(-_*^SQ1R1O^5w zlZT>J%VWy0VWa%2vLXKwRuviG_X|VKKAgWgajRa>;#g;__5#MdC$AYa3A{-CG}5W2 zTRUyC!EQ*XKY?HkK|F`D=(jg`jp&^>LV#sT{o1nD;T0sUM8MkpPz{zTlja%JBfVRG zOhCa+OWX}tKKnoZ2OFXU?J2lY7kMPRv7Qv@ z3^`u~20j04EgSsVfFv_aDYoyYSqwhF(DlBQ`9F`i@mflCdd#zN8v=<9DP_=tGXA#`T4ZKJC7`oVub<)={P0lyhz zkmWc*CL+dijWD1sN#xsYO{F2?k~HynOHzc_4{Wc2PPO{Ktlx?R|!zhe1DF}kN_ z!+EJsKw)Vo4}elVY|GU3a2UdcPEMS#K!0@z6HoK6bPO?#*^;sfP>C3Vxy1G8g-yFKQkw zZZxzVH&h|`XUwyi2T~BBF)|o4O;hg1Akc-h4nY{~euB9s1jrGS&`el4 z24a_q6{6(5QeA$uHBr-CVK#n1Af~<_F>01dZHJUkmGkH7PVET%m7d<3E&ih zAnWMXR+jdG+?UizoMH_8BOc$GgaGJiJa`!AQ;*(+KPRcW$x2`r(f^>a2JvfxP;UN( z!s`8f(;va9$=xhX&Rco})cv;Z4v7)VFbIc{5RaO0G`MQonwslO)|(BDJiYGAseOsh z;SHJC0uKZ&wx0KQIWm;k7hRt2T~P>G_jfN`n682P*e8jX!5qEYBDik1^e{=?sak;8 z5(ui}7Oy#aT234G(VwMDMpXnn%q;l~+V6oHpPG!7Vfn4Es)@UNaTFO0v>o;9ZbjuK z%dIi{AtiPXtMlW@DO;$%8?0d%jR^?)a~^9B4Wb$DYGdyJzh7;3 zSP-IKL=`+JKn&N}F~qDEKrLH%f7U2~xftWL%Me)UQMG4HI2#K<0)IXl~#ZIH?I;W3XzH0x=66(V|2n2Hsnp_7T2W8mD8oX=k|84_0) zs`UUhxlrvk2%+JZx1z0~t2sP&0bd2su9|}(SF;eDXxda5C?L-hab~#lK<>T(MY}$R z0d|Ga+Kda3iuY3~1lTL%fc!U+cW3HT+`~k0cD2LS_}VNl^Wy zUL#+K#kj|OTmV;(Qxi9>=_tlGdEEtt)@~F^1e7&qBZti-aGUFC|0UFWa8NlQcIkXI zYZd_~7(ie}e3(J!O5BP3Jy}Za-}Pn8nFUUkKdB!l7;KC!ItQV_O81e^$Thm_mUtjm zD;0@&jGFe@y`X2^v0Z+OH9WIDuE3*c^tyz6D#C-^(E*mVTuISz4fg>3wMpW`N%e-& zeF|Ec7+RZ6C-_HUs<@rE>U`Sb1Jx-OLRruVf*DW2*ayw(Fb9N{nlJ6WXDwY7JjecG zH$@jHN--%)B}!||Ad^v@M1kW4;U*^DR)=dwGF7`Q7N1K#!Kyq|AD8iU7rlwd&?QNE znyWg=&i*&uLOV@0*R58m8~wc)BuV7nb4$J%jHh2`IIKrew4r20l{)-7#IXkq`ZL>E z;t1qLKfIwLB15>ZjmN(>xTh}Lk#<&3qsqSC!KPRp9j8OqInudUZlkz+rwx^PK8;T;1u$Sr?$QC#1 z>>71PBBLx;z6D9JghPHpo6~;akh?#WiKx`wAw@^e_*88}RlKlXgf0AwTM!({i5MDQ zc}0Qgk3>ULG&RzWxe94D zWK+zDvr!}Fljl&9MP^c`(CrCfx`LW_#5Nzw8z78CLRq4xAMafzYC#}m_S zdH;m*0z=0UHjcz!d-qPFZfx=nt?%kt8)CxWUO%S>CDalC0siklc0dhTY;>}d!ys+z zG7592iGkDxA?9_`#2G-r_FrFHm*DdtC5ZJ^j7OQsD(?YDiQiZUH`De9kNd~n{$6-j zfHK;>I`g~&Dhps?q+gfG$Lw_d%9Gk7MkvDsQ?xDtf^q!EFI~~r^{!+CE+`YcI`736 zhk3UG(`z#TuUIh;oP7zP{04WfDQ?$Ki`TK)GTEV-Yz7;Bi8E;r&A}UhQbK*a@3$*z z*?M$HSv-gdw1%JsSMIui0{Ov-ZG3^ZI&W~`L~r2yZYXM4`WXwe$Zv9=Rm05_*|oDO z%4kvG|08Wgp8ZI>K8&#`tL8pc^fU)huzVCQ|6M(LBq>X>s zZOz0WkxJCfg8@>{x1em+a{g>59=o>m=U82fSqU47=F3L1VQb6^)3U=?go#s2w?MdwTMSRGE)UqIxV1Rrm}%?cM`;hG ztQo3OJY;p)3H{lkrKeU3TlDvHM{||2uR1Zs1vGJAnLydb&oZ;W5`hL>zEdMB55Uy9 zHo)A9RpWlm+pDZx;;Q#gc!^SfOK(95rO0kfs-tKx@58?o@J%m;{V-zf4Pc)~@x4gH z!jPOel-=Y7=Tc^v`N-}dj&z7`!IbzOESoJmtC0<%>HN<(zBbzcpT^|%m zA73w)#b5@EC<;xLR~Tw|6rw$8p8dS-51CXIhvwB?TmcUsV_(xK02G4zg*lfAt=!w; z@)IgptZbN8;r1ch#&ywN=+O+P-pt?weCt=;^#)g?)JHacsw%*6iY%!%bJ}H3ptoY# zipF7IPs_c{ML9%u^dl;UQAgX`)V9UNzyw}_+gabV>8AB(0+(fyPK9BJ?lgi+?@>O! z?;@I;w%!LqN^%~S1cDR_TO9BZ${rvX0dvm&**;Z{k~g{QDLT-k6KdF)DSUXIi4fzo zaEgecDeb|U+?4v3j4hCu#tUb)RNrwB2VD>1WZBb1@h>LmY`pQ~@gQCH2SpFZvOiKj zTxOZCrMYA|)su1O} zMopiKSPiW~(}m3*mT9_ri27!K6fRCV+K5E-G$KO{Q?j;Bd1Nf~aLGz(BXe}zr4IHc z&$jV4;<+N$6xixcj<7fV;;<(KxGoA2AXx(p0mu1$?u!7BUXxcQi5*}l+*_CaZu7Y3 zfa7hfN~c;D5#J%k#9bUEdVWZsuCbOz2O9U>+xZyHAt4u+R!^flzk|iD#H=!5eksq1 z&zSgPoeJ`@GWtR%%3@M?crbAn7byL|a9PXEm}P!?cQDPPy%KpdcWgRnN;kt}&dQ~9 zJ0lslXwF#rEGyoegY)ZK__kN1o#MFpb1D_Yj5in;JymlvG4L&D(*Id(g6W|(Dda9V z#ykaP;JZ=XIOpvOoEAb0VEvHZ$CNj+68|S{IU3={f7V*OqP-srd zY&pY*B-@&}jGf_|)_TaMp1Cm=sFiwkKuo7vrRjg5}}sk}v`Ac(6#p-SwK5JSkDb8|*fEN~dG_Y#%;qn-^&X5&TnH;B6A5-Td>8bTJKtfvtlYO`Yda>(_yP$3SdwAJ zIN?o93UQ;N*!1w5*Y|A%(bHk-y}i;iroOp@Lm@3&JS$N_pi1i!_~XG2LZ5)u+68ZC zj4*=ti|Us|x0{da6SPMDal(Q5EN4?ZNs~nH*Chugxe3sgTRq>D5bwTWM&KsC= zrvJ6IoMb#5h#HBGZuB?aSgkI}|BNLHXJVM(Xn-<{o zzIC_(w}q2q%O>4fS-P%R>&6j|xTgDoRb!!7SDWc4>IHcc%ccJJxtbNiQe6gy+^E+1 z&rUZl5y%W-sR?l#u_6TPqCXKd3|YRXtQuko->t*B*$t{Tj4}G5aQ`Eh$1~u~9L=^o zmoqncBFzJ@E5yek0{1r>_oBfrvqN6NrQnz8rj2DsV5!AjB~siDi+*Jk>5n4xT=bBp z3mb;szX^8%lvUI8h$Or9y5Pm!$~lc%e}#=cvU?vrcW;}+S+O(ObQ4x4rmE;Zc7Kz; zccT&Nj0JdUx=p!m6e4BK*oga&wc$gXtEh7wsSoO8cb8V{*Pe`cN2G@C2XS_-64G#; zE}x?$#lcduia~Tf1OncRO16I5_tYM#SO63XhI)71-~i&`6hAVD)oJ4x`~v%~O>0|e z!9aO$&tY1(jn6;EcUDnl(FQknoTv#8;~$y_!KDKpY%!NG;yICT(5Sm10A{X~ScV73 zVR6r(dArBDB;YluJ|W`wu5Zrc^GUcWu;awJp3qwTT$fKz-z8+(gvmn_*R||#UbQO% zA)2MToP>s}1nKVkv5m&iin_k!s@HZz;M8!hQ_58`pvu9T|2=B_%woeit~A{nD~#5& zGhZ5oTc|i-=KNJ4O`8ySiAZ4d9744Y#wFR!4+z~X=qxg%4032oO{Y-l6p=!lJ}CFQ zAuVpq)=A|p4c8eJ5U`U}1d^IW65Ca7X)Hp=-{zNBEE6$h4qy~tX0Me%NZl1_bLg>x z?DQ&~ZVOvpY}VOkv1h3R1z!U)!+s=2=20svxz<6yO#m|sNRa1I_1Rh~0JD1gGvf_%o@M>V1GB?KIGgE{tW3n`SRA=uq4YB}- zSx99-AeGAT5H;x^N#BXTHs;CpNDFvm5})<7I{1cU7Qonsy-?L{&jrPO<{D<002FLi zL@E;|XhO0`Ky`>a3IxE{BVRfQXv`mDZ{Hp7^2Q+BxohV_@yPd@uC>v+FE|(>Xp1_} zj7t~G_3M$4q&25s+)nVbjqT>WpEqbdzLPYI2p^7n1KGINQ<^KJlucd~e1iS0kCc%Q zogSK~k07b0C>>%3SQc++@AWvwC5zx231n!gNDz!v@`U46cWLF%2M&p?Ro*e}_t=41 zWO2S14G6D_ayPHd_$dtqTkc!!cIYbL$H=_d*}QL3=C)J0ZL+tI@XkDbr(LN$s+faG zxf>sfRAH01r{n6$2FbP!>+>(=Mg5owY$_6oI6m8X0pfyNP3kXq>?_GgdG|GUC)*@7 zZXO8t*~{|v@C#7%hb`}S)jn35Oel;H5M-H4mD@CjPeLMPF+JSApbHe&fx(yLJwm&Nh~>$PMO=30{7Nf9c+p% zrp0@RgTAH)r9xlahuXOCICd5~uf494kpE&DSeUdQwd>~eFvOO}O6B$&0x(9#S42E& z+9Gfr!TVs!ReFp^yOM2Tbu(B|_Hzm`p9ge7olZDN&DMjVl7p((;2Ap5P^OfLHk2Af+k_{gRtuW z-$Y~c&2NsxZ8*O2dhL?#F3%7QBeld35E|iMeG$LQuIk{m{avC4ka!7eNx$r{63LXx!hW~u%mj5X@9Mv`j)8YGm%#1BH z7tQJv(PUM@N1iLLOu6(8_=T2>!QRy=nDJbeB99)dn`eA_J(s0u@xdECl%d__p%6R{ z53R}Z_i7k0EcjT9c#153U^Y2WI+Pq1Q81_m_^)&m!~?j7%*`<%Lhga zBLu=z(8fe$wBCpx5PQ~wqY$d4%DHN|8BQ=Yz_R)=tE(df-Q24azY3n;Q&TxXK$b>z zveofy1HNPL5?J0K%8FmK1W};yuqM)vV+GZDre4jmPKVZe#wW4gwxxo90 zuqyl-u8)(gMYBwp+oIAh|5YB+Zq){9*Eb6I3sk3sEsWR6r}?@&fqq>G!NFy8viZxv zG~&K~RY))D+3Ra;rA1Apx#Na&g$OLWrT~fY5=9AR zG-S-_2HLgrYPfeN_G1MWr)5#RY~9*U zMo{bZ7tPbYigp%}j7+9Bi%4!y^A zG%Z`CGM+K}lPr_HA{l?JY*Wa%lhDDv3t2{e&8(=jlm!sHjfDBJZiM(N7(9H!qJih_8 z+1(7-sMsBtzrY`L=;EW+|MHve4q0l1 zFo@?Khv<@FeYiWev{MVZqkoMV)AX2F_INUjDLHqXdUH9`dJ4gX@UO6}F7 z>VdV+v9?BsIMQMIOiB}5t9+ma!6xH)GExJskAV zm9C-PHYT~QD;3rkhsDDsI+#D@X3$nGwWjcuKYJal@!VEs3=rf|$sAXA5dc12 z{YYLkU$s}DX7=87MaONi7pT1_koFo_JaC7Pny8>K-vq}J7Cx})T@G|~wWaMo@20T( zNnG@*D7Kmla`?H9G=7uhcvNwi~(M=o|bN9ro?j zQoqdQTpp2a`#*oj)pk5xCPf6>xBg_MeR0(e?}2F|#}rDz70}8@el{^kk^;w7-!a{b zM}Lmwz!jrpNxI?A53o;ZX+P2FI)ptEddmpKV6#~B?$B>i% zKSVA0*h(?-`>&d)Noj{^P)Ej#yWVpFWNHFOk@lb5BFL6;Op&#W2)8ahx2#YMk5Vs` z*fd?aRCxA_ZHx=`0914|xmMCgsZ9tWE5uipe0VD?o9AaLPRTxLz38^ ziNCh_CGac3LMM10 zK8Qb-WYZGIAtS28YtTL;NBMmVV&iO;-nvE4H3ny1qg~Klo+x$nX}I}m+M52Ju&Dp? zL-!0&@_+H}ClX74Ulem*SF*?qfVm9Cm-UP@#_6M2aFKx=7`fld9<{(U5pV6o@8q0g z!WJM~HfYpCrS9%zJIYH)fz`i=c2y9iE64)G^@Qe~6RxJUJZz2Q$Zk9$NxDO_B`7IXe@*f+C zJ#Ebq2W5JPtS;!a3{7&pZcw0@S8_njh!k;T+7q=RAv zg#7FvQk_ippnNG4kt&SJ;7z5kPt_nqIq*`8Al)8!NnMi`o{(tOZsgQxWE&U}&M({K zj`OSRk39!hN`s6uRF;Wbnf)aQwfUrC{E)P4?$v0M&}?ub@B;*s(NNQm;_Z+avcFX$8D^VE&%i}3$i+3IMNrlc99MKB=(X=dWz*T*n?4n zQY4X!Bk!i<`MF-GhY9*S`o^w_R)GwqEn>RMl%SRD4*3C+8ib;MJIyg^Ot`rZnk~B3 z3H0zlx+6bKu=C=34;wEhPKA5kc&2g#M>Gr$=QuP)w`0Wlr0!|UX6ns)ZYhkZt?{fU zSOfzlaG&7DPvEQv>|zA)L%{vZlMb$fo=F>2m??1uOzdO`2SGp+!egDqsVS9H-kd@$ zAD_|ku0pxvP{GIBez>Tq*8^TOn=;-YrLNoEb}`C=D?__MDW0Bd{zF+k40 zk=^yDYg>ebcJVEIGrqaX)3o)0veo4&dc1-jDO7{m@_DOzliOeGqlguKjS$A^Sr`Kxj zSsp@KBoaG)x2C+WVd0+{Z#=qZ;-xnyW-cqci^z9-iG{Gz6L3QjQ zSVi8kDUX+Sg7`-TOJf{$j4WTIn-Btt&@Y@cANAF1J?+SD>G;`7Xo*MV7I9Q|ka?9x zOiVfV1sDd-Nv1h9AJfFoO^$}aq=M{xE7eqHoT9n4h{^7iuE z&EG3TTi-Z|_qd;G@pq)hI60A|#CM)U_w_*1N*>^DI-qRYI&$5x|L|WN)BSeSt$CPV zZK@i5VPO&lBX~q+w4FG)`uN8fTV~zg*E^ddcXQ8w=TwTYO#%1>kp`96*`2hQzMxj) zoPKHl4lAojkTz>@On>3*5GEV(Do#t+sV3z8iCdr9&)$6$9;veEy*k3x1X2rF-@D~{ z5vKx^JKrA(bRb9V0y8}W(?i^+ZRaG@h((4X{K6meB@?MgApB zn;1BYegMBv9CT!K6WngIWF_ z41UZ$=fV)z4J9*A)&hQ{B|*dezA45wKb~KgP}+IgI|a%KaH?v+^AVe*bX!(en!Xp1 zkw$_D5r=C_q#TE%S?TDn?ohENL?tJddT5?@)LhV+5fpTO*h- zBPO$8g{Stt3%oNB@KNX1tH*T){!I89%7FJ{aqlfd$;d7j5&|}tjKAT#NK_LyK`1s8 z{U2lQmPl#jr2=`D0||)imU_j8m&`%}rduO#P5l|3x$74q8M2~PoXZ+){!%p9Q#dFY zh(GpTo;YIa|!}Dt+v|qj+r}CVmikFL!|!%9g_bozNH-xl@>7DNXeJ? zTVjV_sGwz8Rau`BF%p3VBhdoJf$XipZ*v)r#O4){o=^e3!Gy3b>Wcm3-yxjbEEZGx z>#>=K!n4rE{6dnz6hx7kz`A0T+jjHH?EN{(UXsE)EufW}12+<2cgY1}Ch%v%^KT5Y zavFcN0xu$RRfWsV$c4Z=Ro@eUXG|Q|`lN&zC~~E#7U}P~A*g^Ke>bY^;V-h;$Vr&m zR9KZIujuwGdo6l0Y`syS_!Z9m8H@p}E^?23-X#WL*&Qpr7aO-6OpJ3ee8Q|ul+WEC zp5e0>ckRHTLBckFLs(dTx!?gr@BD|(OI2I}VZ~fSiRXsp5y~=P%I^S?t)q03eAEuF zCbsOVI76WP%f@r@mvEv?l2yc7)NeBk64qqGH^9NlNn1s|IZ)+%j?zFAx(JkcoP%S9`(h8u5;u z6RjKLBph2tWOpFL8dkSGk@yV)ck{}MPxMFIre zf5C7zNDE>EE8E@ceRELK-U6}SVr?l7?C*%--tkD6e;L>OX(jXmVv*`09r{f54f?I> zIpG$iSIKgRDcU>RTUu|@*qaFN_(7_H(*_Z{mDk@##9DOUe;zjFqEMw_K@4S4o;J0t z2O@IGC3QX&Kx^8p1Ot~_RlKD61)1WAoJyc_@PPx*-}LRSJWk8ySAQK5pXRFiQ4cSo zJkfZ;>yikypQO>uuPe7_%uJwhcok!!!VI}SykbJDr7!Ukbph_sz})`bRRwzDFGi%p z_fTj(OFajA-KsxZ;0sbH#b)!2YY1&Fm9Rwe^I`i?GXLf>Z%JL(_PvyL6W$8peb%$x za@~r!lj;?P2@rK=l~82*qXG$FcgL z()AmD+A68@%BFy3s<&GbHA(iBYLixDJtgL+mpp`BwF^=)3O{f#?*FQ?>5FOnp@rPp zs#gH-2%ez&<3@3)nofP_U7zCRCtHe33Fjz=oo8@V%c6w^mlqf77N)o{gIS zRSCMK61-)Upvib{yi4cK>Xrr@j9xb$hoI7p27I6KH7{MYmZOv2zv>V}(F+CNywYBy zK-LqiRa9z76Hs&@oKTI)Fa$W8Bx;KG>JPs>)dkODgP~2efD_Wq%3@`IGg1nob2il8 zabq^i+PQLI0j*?OZz{0h?as!sN}D{{Gjh6Sqp^xTxd95wC!#>mFmzxqSkbEFq6&4G>aIOOqLz18Yf4l!bgpqrBF3r{c z1**mdHlbgHgkrx!2~4ms>BvgQHiZ}V>R0%q4kg+y2Bpwhk^2pHr85TnIA6(4*mJQQ zU2p%|N{lK)V7_2LT@=@gjVdsca_&+!EItaIyTD9)V<1x&D`s#XERSOV^w?+Ht~0C$aQbH0F zU<0dGMW}nzQ84R)GNkgL#T&DG-QdIkzuSbA+7pk2Z?V6$^Iy|+Y0$heYmyzlT6JNQqQ(m^KtiT=Fxu_4V zpzR16Uxg3+fbIn;wR_?z!rSpy!{vtV>pCdlwwB+U<%Pz8(OE-mtzYaBoA^2MZ97^C zQ=uT67KrLWBYY;kw!0n?Hh4zj_(geWYM$LsO$+in$Pv&6va7-D98~K;d zLfr`-GMT>BerXCAS|)QqQ4tten}}5X`B?`NbY#h}GYnO1UMO*im+ljd6P#Z>ZuEZy z(*ruSw1DveKd#+>DLkUk_8$ofmjAJ_Hkv;z(7~GnpbynuvVB!23cE^L@bSwO)4Sx% zbec~)VC762OYnu0g_&Wb8)gZ84Ucuo-T(egTK_uradbr3bzyReS!{Pc)aRvT&hrI6 zg=Bt{13b^_^j*c&+4V;kDW$&`26>X|13Z9pGte4($&UAqVohMS%@jDX6tpt!Mpu7r ztQa~4A5s;5F#)h1@3r_>o85;jxNs{%%-<)%k|d>`7;2-mtT-xYSEXzs7 zIjH<;A*d>Y7(8t+EKVxDKH9eug~Zx<6u&mX6v*wc<)`hz&~pmVspNug%B{A+JdGAr!o>Mr_WPwkA`liiG}q5*sP50Xre z0-M87I#NTYq&>^VUT$j8jh8X^0lL^Zw_aCN54t0S)=JpkCZV-}bRBhL@Us=y(553H zQLE_-J>F4(^fGh5m-3MMrI#68$hm5Oc?Kp7UYZQC=Qe!OcTwj`A}v2YOh@ zqL7n6(2mBJ&FH{{bG<)ApPSYRuUBxtgU88b35H0FiDo{*B0ctHh<(8LT{TIBxv6 zypxE6B)!5+x-LCRFlVyCDV;()3!fw9MzD)vH2%^*=dk4F*L-Fl;-*il=GVAnI!G14 z@JT&3>vi42r6>7oVL|@9)lJ$$(7abMKWB7?*1@DMJcb8|Bom^c*~Y2ZS<}GR_nVa` z3^2Mc_d_5*9ZX~GOpTx{y|Iwj0`}eft&n5q4svw}CdtIL^P?J~fHeIV89Yrc!>PMD zef^w=#Oy>{6%pB!W~S-1J}!V}43oS`nElL~SOAo3e^K`;7%?sY!7h)2eX5>?Y6l*c zPq^rTgZLh#f}kd8*J-EX@XzGhVorCu8;1K0Grv2Iu^wwtK%)}a17nU{wP zR{`3ZxH(Q~irmr+0ha67t0x-af4;xW|GClPT3){kSlfVGjIW&O!BW*?yx@Wh;Qsrv z@!r&zCkHnIwpmEarI>Oe+fRL^sfjHDX8`_IK>`pK7;01&r*N0@1@_JiEgh&kxp^t- zTjTV!R|n6~p_Ehrq-E1H!*DiuDt5&iu+mvr%d8xYhdg~ zijc@iez5!vG04Z>Y8Re#E(`L^atP)&GC7;N9g(%i{b>nKzJiFM;f@QV51 z<6ViBW8)YqdvL!_nwwlXjn|b;58S>(G|94!ivArxzSKxS8RlDrt}~3xHh|dhtY^~a zK7k=IjnGY+!Wl*kq#3LI+2yU~*sAdSWpKWu!}KW-c$A`s-H&XeDz-3+o!xz;)Yr^6 zC$-nM9iNre9m4CbFfn!@GsG4cv=GrFnBVR>ok z2dR{F&*QV}QZnXUSpV5W0AD(VjTT3-#SlmY&7>}Ti_4bf; zxkI#?7QY~Y;x;Xlg2&kaP6@`e|R z9i7`T!+pIt`I=Lh6lG-xLk;^Z8Hnf`DtnY|WCLsmv=jKw^PavOWF3fNA&o`jvPtn? z%_7b8u~gb?kk`Tz)eS8&U#v2F|DdF5X?VHR)e1*#+a~Sq)QNx>Fm7o~Nuo_63L7;l zCEIM-xht|y9w@DeN^4UG{#`qW!miXNNyqr&q>Ifjt8&jzBm#u32T?YWM1a4Dyqkm9 z+E!Bhuy(|s`R`PfI@@#b^#Ee0Sc~Zu;=+9oz)Y_(n2=GIMIb&qG(w}Ya6=P-qHJkx zLUyHC2=CG;hy1_Oa$aZ3J|`e70c;dp9#x5l27(urNdP$~qQ+geaXUnx3YEEdPLeF4 zr(B-xl!u|g`Bww`B=mMMSW2V<91cdIDPMiT*P<+->GwIXJa6WfcY>)WqQWi4`;0Ao zxDZ(}-wA_gA{z*-w9KoFahQ0hWzRZ@t&o8)vy-6?9ED$N$V8Uv;Rn(yxDCA; zKmMq9t=FHY%0lEY6jQ8cfCHJj~vmdgA9NH`)}L4N>; z>oe#{V}Q5gPaB{B4&VxX$H!UnI5{!Qaq-qZNZXuZa)gm6h2ErZyxF}#KW~2i6nabR z1pVb6Zdd-(voZu@?gk1nw`eu1d0$BonRvpL&0>xAWgzhx9F+$)Pb9HBZDthl`l5n6 z4=ce4A;8S#?X4k-43RswQ!|PM8&uAu^`1!iL>hL>Yn|e{QX*c+10S`pq_#2)7hlG+ zbst}spZH~RNsT;P>!wws6aciLM~8BRB4R<_NGCu)Z|Ipq63;Kx!2|#jeDf<1{sf!| z5M6g1TLf=V=b7i!m`jZl0tQk+ZS8%B3dtt?1#7N1jk*E-;tId-q)<=1w7op zw`;`Vup}x(y)j@_;|V5=-9x3fhY7G&68%k_nt5tZ0^XA4CkCRrqB?cRXtrUFRIeuC z+@4!$WNcUsfjuHS@ADN(P73Mn;@R0sNFbM#ji*RhP^7iMOweRb#R4_0p%%sJCxhKc zcvo)?BN10Km0hRqyynL>_8xuVt{>~lPvWzxL-{Gk?8`dksM-2td`C>0ge~%p=t!Zo z<^;cC_@3;=^10qh#)*dxe5hjfjofDY_xhrDb!0TNaL$QUjIqGoV>DgjySXeB zJ{Aw|_%0OxH8A4M=Y`rcUtX)JsC}i%z@(H9QC%A1wT8!jX>d2??!~2=-K8>5>?nnO zSF+<)Gx^z4)}_e>Aic~La_6V()1Q1D5|ZSYSP57-1vEc%dWQCnOWKA3?Ut5zhais{ zap>s(O8j`BHN7?e*ijn~y52WHiRv}dK_~OQ3qd7BwfC`sY@B1!KQ!Z`4zw57C~rJr6NM`M2~Xy%F>lW09)zk z*oxeriVJ)i2cb7ic`25ST)vweDv9GP*tp^S0`}!+qa-`47bS3M+?r`~%Z83vw?Ei|Tr5`Q*Mbz<@c@jvSfGj4^0pUmEelSbsY7+4w{=Td5VBLDfZ zR55Yw#Pi+xA(+^86VH*sHuWK1h&AYtN0n!QU17H#Bx@D>|I@&PxyP4EieZ(voxvnC zyHP5}>9{j#;!%Geww3Z7R_YaAHrJ97o$n*bmO~dc%F^#`Hu9}2cin7h`Np|zY@C#F z5?T^v5NSHeOXcT0_nM@I^<@d&vm%4aK?^-nOBe%E19@)%(>9tw#g_gpha}q85;M&f zzFjN1&X0fNLIXgd65j85x1!~to<&UxVl-6Q>0KPD5$hcT^RH$L(`yudj3T?Bg z@IL5K$k<2{GF@0nH1=3bopkU5KtlOZwZ1{A?sxAX^}@)?0C)}KzUDo_#L>>Urvozx znGKSl+fD;WM$|ZV8^%}G$8HV%e?b#0!sbD26eJ#$&ChYa>Az}R2$j*QCgXb|%a*oW z_$5D47@`$ppb^+vd3AeBYA5+CyE^&Cea#blu@Tpn#dKmADruhvY{UD2kmVfMqe1S4 zY>VwaaP67sCSm;G8u)Ye-H%&(MI+N#*8@QK8{N)?wiFIA2bJ3mgCFBlRfY4TJON#w z9#!?Qm(E65HQbz z;4CYOzk~d7v*%)3tx~@DXtvoEuvvrWXcpOvo6pU()K&@y`LO?C(0q3t>4%$V^PdWF zO4Kcr^5O0XO?kZ$p?I}F$YSYf+a{b$dl3`~Z{cPo{20;DHpON^Mrb9__`Z2>qY^&X z2_Pnj9^KF{m)YG08+yW%&`u(&NbOx$<2yZg{K3pVW9uV#c0B)UiBtVMyzfmbq0Ymq z^K(hBHr_8ye?LC8Xn6bVMnWKC6U!+%fB7bzKMsj{$&;B1{?P2}t%UbbGpLqhl>pVe zsB}~jA|5mWT}v}X0$qaU)U+Zb^_y+8?{O(J!*JB40YKUORVo{7nc;F#%RqK#u0<^X zqrZb-hgO-aYAXT2Z5Ftk(G=(Kg^()^nu&Ds&w8j&^^YlsgpqoDy#Ol{1rDH>-I=D1 zKVxNEfELW{#*!Pd?c?`2z93&giJK-Dvv4tfY;@n&hx%&`Z=wu~@(a&D&A7b-*Ryem zFFlM#Mq@jZ_9q|sDy=Jt->D~EDrIsL;t=9h`x>dt)Fn$FF7*-IKypsu3dKP0{kJiGEjYvh zC_0sQKbbFD2rYLSpU=guo`a|yBN;v_z?Cxe0MmM-v)GBZzMB9p>ivz=E(i2iOI!>;$ zL`>svX!+bOV1CBe13qeKkl9}}9|9D+C>r{djOa^~I09TcQPi*I|F#I-I}WcCg?<&` z7^kO#+VoZ2YrIt$Ndg?#0*1mosA&+U#?rG2XutpiNBUGUKPDrw@K06v;bU%h@|%s; zQri12ZEy+?Jmfk?v5N}ouE)s$D&;gE7}Q#fUp>Nt+z>M!?oA(8py1M4>YnVH*ld9Pp(oxz+9=f+Ak}8g6-O z9F(Jgnd~muzB}t}sacmL=e||rI@s>3ni1JP=_mp)NDPJUOves+&NlO;_CP|7Zu4+o zVbQo9fm8Ml=7)tyQ<-nX?-xdWlZI=Pg5ll?F_6@7P2Du3(s<|FR0_zOpL1ANpsg0i z?q=XZtyaL_obdN>J=J`#qw~}EqFz}T(K8F-==MhIy2*eC`ubzI9#8FCV3N67;>8Gs zbs0=$F$D?`K4EqmT%$XfOyXB(d+g~%<(_d>XFr6B3zmC#x*Cg=-?&!Sf7LmYN~$TZ zX{pf?&waIwc(tW9senB)7DI1CN4~V&@9E_Ow_$5Pqu1+?CWA-wJ~1*n=9uswpn>_B z?4&&5ld%Wx;qKr%E!M}^P|ihWsghDdl|qJ%E5FL8@1c=l@81XCj~EK}p@>B*jy-7I zrz?JS%?Kr5eEDO+E`zV1->7xWVAOC7^ZObx~ zoAveZ{Jux}1%5^m?7Lpg(n-~emxS;9;&(qfEj4Ie@Ej;Vfo-V9BPu_^#HaOWQ(xad z2;GI9*$CD5_ltH{J$1GR!?9cQ3A*6c+XR-&*61?c#mtvm?*2o&t=_VlV9{yJI?+*$ zCgcG`LVfz-&DFf>CZ7!+U)RgRwUL(W1hI>83L>fsIs&wj^ujt_d%QUxNv5OW#Zr(mTvV8;bY^p%P3dVhV?g-K>uWN~#&m6<;Jw{;^9^zx3}?Y9oa zb!6%^<+Sag2wO>ZXnt2F5)7FKG*L~pjU%#WFPJ7q-R^>8C54l=J{}i>(dHv_eh!6R zggO~dgylq>LknX_I4vLh+dvs)>mwr3T_bX&@wp1Eh|xs_O5!+07%zO@HA-ViB#b$G zwGONekZgixNOZ(_r5@><0W@egzfd(!j@PVoEGE|47*l)$YpL~$rBQfhcW(p?InNnB zQoQ%(lD9T24n$U)ecx80Dhfsjviw@t6%bRPI2zOA_uF~nU-;2ri~)Svjr%Mn2T{J_ z0W&M48)e_U_?%uwDHD_kO+wMQgubU5ZZq{*axee17opk2sP0^k%sd}#`ju0#OuzA9 z>E)~Js3AJCWirVR7-K!Ig3Re)l@JZB;syX0BWje9icQthN`&wD|D9F42Q@S=zogg% z;nqIH$CG!C%jGYoJ8no3k82z^#l3^f51rDXmvN4PF?9?g&Zz=7=>3P7wKlU*r`jKy zfRn}OS=gTN6)r&!{bQkNtji!7whfq^5^fSwU&drhvC@iyM*1+gwQYVokH*)ZL-;In zT(+kAGq14a8-%!waNyNiV)}`vp}fAvvwzD-#FuS^M-P(p;rh1Z2Ol zlmKp`n8e9^;$9zeK5Y0n<@r{1y`~hFiDi&+q3q1tiE0MBGao8iTpM_CiH`4_N-)}T z#>~jKQ~+Z=1*4IW4JFHe9tCxp_2FIyusHlG)x1}D)^dW?eF3x;Jj5KoVyXY~L9Xk$ z8DBHOuLE^Ku@W*BD{J5_8U?cOq0aJ^fq-Qkl2`hk`_SSxpdQ{VCh@Pctp4*XUt&t( zqE2QPuViWnM$gXzrrg65E#16Z(2$+jNTN{Dtpb5x}zBmFVq|HMIuvt*XcTA zp;{nnqy(YmiP6Af0up8MTEy>RQ6Y17zc=hBBk~s&ZY%y?feHUl`2^h=?HAF#ICmLf&bsa7aF^t5jMMn`HFby-mUp`gA&Fqs{ z-s*hi_|Ar|*4}UL;Y5;w)i5D9jaz6=@<=D++djbl?@Ei8Dei;)EzhVi(@7x@Xm2wT z*8Bm8YQUsX*3{=XF0{*Joxk70-LYG zlb8})CvKixdMxN*-INXFUjXLvAXI0dH}D)0XJqz&7tF}({<>(L(77oICa~62XOwN| zCfCc`03DC>7VG|hXwu^!L5omc{Ned~QHDiWGbc&lj8z0?4xZc;0MalXmhrW}D`~&z zye{GS>B>KEKN5Gx*J`P{^YgW>>*R@Zmr43gL(HC_oc&mTU#e$BU}yR}LiUCn+W3H% zgO2>N%~xs^XXd%gZ`l>2M?IMsg~xr`stu!}{%H-O> zIz=He1ilXF{c?fEfK5&B)Ev^y&8eX>@tfe%XluVck~K?FG>zz7zRrX2*2+Lkwyh=9 za;o3j$zEFYe;TRA`;PeCsOaP#VfulqF6T`e(O+>tdAu*$rm>3~2~^quYFxzsxQ&b&z1n|COy#z+raE7&783SwNL!OzVsPt#7{><*QB}N!1YL3mW zG$R2K>cs!-lZ#pF9*&u(Ftm?cfKL_+y0t&FUKqz{j~>yJo0kFdSt-Jtb$bf;4wu4M zccpXuT~3IV7IBzmIh_dwQTD>-kSxoeGfIIBfEY$p^8AGqsTcxVAn|{y=`rv{;F^HB z@yq)11IxFz?GvTOk~)KkCA&AnQ_01 zo?1_jWpCHOCsP**Fj>Ym(b)tFuL7-^5mt-Qh~RMtpW)6{E}3Qq-2HRh~flnr=z|sBkV?%0;`J z=4m|`p&>j7@C@+tAb};Ou{G;#a&JXuTQdzGc`mTn$9(LKm{0-exgWAl{T$9Kvtq%~ zQO6sIFgX0-$y_*r=SI#hpBMLRVX9!Lp!LE!bqmvM!vg;Bj<%{{_06hhJ^&I{8lk_GhuFN^Qv2air`H65s6#Dv})v zo^}URK+K^yZwI4@avs`EqPj%&%aimJ;=b?&R2XikI0xF+d8t#eiBIN~QP#><-U4E& zScu{Du|^2{d57&lNug@VpWYWqZgIU-P=#Wc^TIff%NdrY<#c9;3p%_j5i=&beWLWK zFeN5`atA;Cj?U^Sw(tk4M_Dxc8^1%HoP1k$xuIJ@f4`Tu?A|K!nnB2uNvts=5`+bL z+Zy&v=2aM4A^T3jyv1_$PQe|0walwqr=kKT8aK!+mT4J325A!*E)n>G7Wj9>c@fzp zMMvP!Lx_%w-SU#VP&D*UA6if{X7ByB8KB z-h(E=&`BJym}{(yF~eOcsvWw?S1Xu0g{ZL(1YQ!(T5#106?l27*I_ux<%I5bNLSPjlu03Cy9lxa z@+_pT@OL-rqYO zj2kG2Sa|ZpKe6fhT-W3a2sl8}_2M6srZpo6+Hj5eQ4BQ)D|>!k>4LA*Ushw?m-K{| z+bVDoi3yu#*4Sb~5N2eP=Oj|l?G4(L zSZtITP8aT%sfHFHsA;5-XOjbPf{$&twsUw7YoA}wqjI@<7^_%~p}{+OP6!6qZn>`5 zrDOMvoR2Th)?M-spq3w$EXJ8e&PFS3?Mg$t4>_HwAd#=h#g3BUOHeUODw0c8|1G| zkmn;!g+g$*AZWyfx*2f^X6*vr8{Jml1|%e~*^&(yI^zrK)amEPsB;jAYMW zPj=Oc_zT+e1<$<$eC#qNAPX=KZTy%_R8R0loir zO)7tGu@5iW&x)p!Zh}w14%BiM05qAH)EVT<7633?c5&0lbIEz}WtzI)&7Z@bc87M?Sbz`5VEzApW8eA&nG0>+POpj(_M?u-3VfRJhK6ToxP-CO$-&i@g z1MsI$Q2z$%OTwRt?OA6T^Eyf}7@kaV(ScL`ch@Ru7Scei#d=#N9Yi#YI@}WjuRmnr zXjmx_0sOij7-JM$RjdPUQ;T_uWDXD0@Tox&E9fx)*$@sj!N7)%s_SVbisz2tk1n_x zL)4jqs%=nbknY9P6yQJt1RJ%ZkXT?=1@e_MZOWP&Nyx`(`CF+t>Vlw#x*}sz7dVU> zw&;qV_xCqDsAZe)g+1eZw&GC6oZo6bIQn>lEAAl0TFKg1 zp3#)V;!ZD1;E#ES;fUG-PNXL9sAy#;?v2p9CRjELg`vOiuU{R@JBVVvkLN! z@O3?UrKy^Td#iE?LW3Yj0IHMc%}TqHi9uS~la5Hv7%}hj)kR|z3$pv;Dq3M7_rTxWUe&zf?}p3gm)-_){c#>vU^N+LZGmV?!ya`)ZY+(nhf~E^28+<_ zQIz7K2>n-}qbq;L%0G_&S$&A~sh&PMv~;o2_c1Fyf1(d6?rwgt^2c6>n`GNI$5>L* zH(e5>8L!MfRv=sBJoQVZb*EgecFYZD~P&y*>`tcO~zbEW7XDsdXdm>lDEQ zY~3%6@y#PZlc6(})R+5sjZPIB+K`hN%7(P&4{_iBB5_m;vtn}YpHS6Wq+=^UeZ>C* zFIzFdTn8U8hgBzws_tJtT=1g_%Q2^H@5Ch#TfUnxI1)01ev`q?yglCQpBYd}s_I`f ztJ4nw@Sy(#VZzzAnkl2hVsxv(IA?Kf803ivRW7W{Z07!~@1gOlcWJ`2tJcA^G0^a% zpv8?EAI9*wttOhTPi1b15G{!^*iueI;E3sFlEL!Q{%j40_*c(spDf@aw;-q{*klVZ zVb6nawZGaw(#5BBHZ$f0jUn+SLbtzqRo;$=gUYbGd#riJ_Ee3+rYvm(A1mfBicB&8 zpU)XhNdf4LpLrj_jNbaXBBGeHw^356=~}=~utuEOr)K4x8F#}O* zc2wWVbt=_{(Q+ysI_FIO{9kgvBG|S*yu%pK819(!kLR=%-QsL$&P#ZLEf;Om>7%GN)Q*kP#c%X23XYdLJYYm3mAb{U5B z18{B$OuBJpz#gUrz@ATZ4JiH^)@72eeJjRZ(7$?}3j>~w1OEak`ZJ3fW5?DOYMRWG zBDdudt7fZV$`Nm?92{n}HH~#uM`PryMIAV}kYISab}Tbr{^PF)X_pjjbk!GLlWQjP zTmwFc;5og@i*;;pAQ-Rq#7wuI3BO+d*4i39+#QGwt5FHFc&=eVIhG!LKRW_?jbaY_ z-^!KsY+i7e_T&ZGEDYZ_k6-fM#OsTV0QD6(>!e+Dy=S%}`?kyg|No8!^q%7y6T!ls zT&WKBt7|}3d}Fz*(!YoNYqD9auDsGJa3?hQwSd5uY{#{W9aHo1phb5PPJcwEv_%zK zbdw8#3-t8Iwz|+y0qLIjf6nmjXITs8+F<+id;ySexc13I!vZ7# z&}{g%V5@Cxwh0c2);Nltuv%oq1^kF(&;8UKr49p$n!0GDJjhy_poDJr{8P;8a}L*^ z8YWQSkJh6~qnd`*=%D45t{)h+UL7$Ez@8rrBNbi!5A&y{7b#sCI%y`=O^Rf=XXO7T zykk3?J{`pN1wjO4npxv&;q8!y5my7TB=^@Q>z$?_HX?rFF^laJsuY&W$j6r+dapM( z#g5oo9O47vf!4SU(xJYut8;{R7pEWEdc}7nlNdWjb$2P>{1{ZAsMa@xiR|<1n2iEJtoNlDmnEk|T7BO)~k7*=Pyu z-pj+zIb_N?ifzQ%r&;$>ihLQUK~(LeIaN~P9mfC7*1c^^L4gzv zoCu-BEI$u_mN(+jRx2Li8cY#Emn&olMpSO@b zMd}9pYbP2Hc3(=Oi-zsB)`xJ(hwXrP(^oWoDf)J}^pwHZc(FP((<+B6?Y|bv_{)q4| zYV?K!;eiLmW(hT1OMnWCPPKhDlz1CN^KOfGz;K}bviRb!dz4^;0|f^P8HHymEHg^e z^s@9-1Mi$`d>Nx&#X*ipW}kg16^h3D{7nu8_J%!4|9MVv*Es`Z*LJ18cWdTll3O~( z9JfNMAN#pag?fwhK=tJg63X=bv7Jo5``UrBN7ie9?OSQ{6C^!sMu<2L1PCf*M<(PT z83Y^Im^8K+2^US%J$|}!l>;?TOTG0s8cshT!$>O}?lgApa1chnV#knTUo4REK4~Tk zAK6Np-XX}$A=EF=@7->_pbR%KpKMB`zc)W>=vj2*;Gc$@Q2CU zj?IC03q9HEOYjMizT;0E@1DIn*56$A+3_NYQX7Es3XW|)t;KQfWYP$@_I#p-eH##A2Y}#%pLYGShmLKkyQd3a<8=Itxj0 zV}>-#R+Kh5ShLp|Djd5HD>;LE`Zt78uM3G$Bd*Y;zN`)tx?k_X3$|YQH>IWJp2hmT z;vC#m+yFloM`}+FGwW9(D8EYp6A&-miZr71+X=HK2q*hX*GvEdcO zzjrUC$A(z}lV75>_P~gN6R1 z5u%ZaL!S0aQHVhg2%<7o{<;HWes;XYAO$6?I4l3)taPc0*A)jw67QfZ%hjA?9+wuo z3FpfRP#IW$D!J-&F z1xP=hCFb`2oBf6b~P9Jsmm8tXMbpK?=`w9|JCbpq|c_j7KVgkq%XMthu z)#QJ>P9I_GDr(cw`S#UReW1db@2|MiM94~MAwth%F0Jr6;8|XF-ZH#rp&*S16B{)# zSOE(%^v&K!>WHMnAS+e$gm-D$b~5dEf_E{hjdPTcgWJP{S|J1lMVuS8__Q`+_w)mt zHcn^=F$j45ggOhjCZ=@+W?Z-=m83xV2Q#SIY>}S_=`joHl@iTK`*TkT4VHSIA3I=z6 z&L8OWaep3MJAX)-f+4k|{d|DOsgwapzlMkXp{=y3yL2Pz$$KB)i(y|AJ_ry^7a7bw za>%T|J#W#c)BGvj&Nqk@^ zzp&goE#i=myo`KcEdSxIW2Aq@ES~GR04EBgU~WlUoohwxUU7;Mfc;TQrSQwq=!Fms zN`kddH05wFaxM@Nrt}}`5tkzgIx*PGDkv$0ZDOM=4^}Jy%fi81$vcra%4%F%SEt1d zkH)Bgk+4A;AB|^NvW)tt9{U${b29fQsU%7+wIlamZvM&H1Q3hJ7b$`|^?XzqP=fs>67vjdRbdapjYW@ z#|=-~IPJg~d<+$V!^b=QaEs&D!nQrCutgElg3}?X%CMcA-Ox05XGsVoSuZECHM@V4 zv`v8E%XbKE@SqY<)aseh#fbV=(6@LXVKDX>$yjQK&9Biyrg9=U2n_l&MB#fP25MIllbWn}&hxsSMBb%LD&q#}D2w?8a#7+RF&s>_a`{e4G@EG$hPdTy#>U`fR z=yoYdZ2QvZoZ&{Qx`pXbifFny5Vhtl$n!VI-c=j&lW-qKwLfPdZnQmEVqwz8p2QkX zN>PglC_1dR@7ps=_QE2;2cv_bRlW3wR-)VHg5>dY2d=RNH_kqykB4uMF!E@6-pJ8> zi>#}F)@GKHWhVOCt@clvcoc-ni;aN9evVK>?XJtJD)4JO#a@4u0lz3%#9SISxB=JB z3l;j@cHX+<3IF5J1>_7>lmvkS4V=V7KUyS;-M<47;mM|{53kD*Fl5*76kGkX#+xKp zK&UXoMm)*ID4(R38~KTkB{COh!KnZr$n)jr(@27?S=?&B6eM7 z|EI)V=V}ycmiN=Dpv@u}{ebdYC(P^NEY41E0ia@uFAh`P3in=oUfAnQb2NQlV)6H3 z@v6YBX;FZf#YcN%yFS`-hTy8xu~r{P5p@}68;?QnPy3t~4t<&7Pz3e($nbh0Ns z*(+ZjL&-n;&3?8B{E(vW|dxXZYhaPH0X6YF}tE(Lp=;5yI9X7atyH2BR| z#WIW@*2l^rRlIv^^wCnCnkLNB*D|{FS%4>Qo@9)CfuM5y0f96TKoy2FvxD?sv%$8I z?1Bl)CbLeH6`C{;w7m^GozB@JP!WJ3qYstH+9Z5OU5<%qpf0dRsPxm- z!!l_o*NxDIcs@%1v?hpzYb0d_37Nt=gBBvXZjo+v%=1fwq}eDzFb0F|FfssT?K;pKD8i9^_Sy#AH%&#@2+@O$XFX zQPqdyg}#f(JM^MRhZ$+`ltYOY$}l)xR03>CO`5c_udYmF8}~y&&;1L|-(6YcZy^|o z*qyww4&x#s1RpJfp9t2N}bWii;!z)vtne*cVnm~Eb0pNQmMO;8Cs~}(%(6y)oSANHlFaZ}A( zCAxQUusu9S%G#|%Y!qZ5LSGO+3MnY%=GXoq`e+@R_bzO;q@nEr5<7$QgfjTt-XJV9&dSE)F(F+tz8VJYoGG7%Cx;cd$a*kKZ7VIJ*i-vk0s!X(a4@-@3~(BN1V6iA>o(~eYXI? z^*os{KK(qJ&%e0!(FIVnXaQZ06-%86%!<)>G=PT`bEv&=76bixA4j}5kCmz1iE##^ z7G{_~r_Ge%uaDSvtE_97eDaN*&9{zN_0(woHJY@Y5uN8EyKrrr6`p4B8jWc7PEpP% zo7C-KmD}D1m@PRJzyN`eXI6>EwW4UeXiU797DEnxci|ea(@_0g0GPN5p9a&;6eOq5|OLO zI~C$KsmBicy7-h#L*58vo-DE zr|qUR)b|p7iY!S(D5!R&LrF`|;h^+9c{Y4JeS_-rd5q=w3qSq8qKHOP8lSW%^)%@= zr;e(125{BR4}IZobrjVWs??bs_X4_oF-i&Wp9R{_ud^?O?-LN3`;S*8t(1j1@V{+L z!?CAwc!e!w5KE?hbIGKlwmGxc>$Oaw4z~TSI74>U1BnMz`R(5+S5KWp?EsBsaGE8f4Yu4?iOiBa$HdXZE9m;VNeo z!c%Wnd{7+Oj_i_UUl{64Zb_$;aFGr5Un)IFjx|bG;nTK^P;)B}q$lMk22@28226p# zLmpWQfeN3yVGz{L_~@A;+V+mXnduxT(ZX6hPlrV^AC`X@Ah%^Op_6nmR!r{dc#VNT zw-||_s*Ul!BLpi_AXibxhs;Q$?HNdtUtl%*j{@T_812+K8~6G~mRYd3wBsU8SM_6U1$C?m*m?LJ6A&3w%tXP}AUUm>wK5$sUb z6Q6Ta#oq~V0)OpqAng*be5@EW3;-w~LX*K!AL3vSi99r!Xa+VeM8AOfE_q*#`1G4M zlX1G(R!QI+`AH_hf7N=o>E4C`To2$Z{v7HS*Gn)vP?FmF$czl^>IIZTAOdKo!%ZXs zO~yOiumHNaeIS|$2b)1i8l?A;+TFAr>GTW>+WS|0)YizXvxi6kjc#Ut#8spq(^_$f zXvkEED5agsA|5A1Qb#d@WzS>55clPjHDpNZd*gIdIm(72R-9Y(V&x!)a8)ZcG=~?H z5_b&}QuxW<=ANHu?;eHF?~)PT1SBNVHo(D{W0|QZ5Hg@3Qc)ZVI0AQkE7AldtixTp zVazeO%`E=E_`HVL`~;R?MtabSmI@Z1)sd0^jB&RZG=1XagSg5K5-hzVHvAYdx`1Y- zN%NQFP(+k3E~5ckkRI29#?Q9W2P4IX6!EsD$VXwtP)6Yy01Bgo`4Sq*lF5_{9<|B! ze)x>fD1|cX{s=_abZGArx&~eEG%fT%q%Nv~EX6AIU2f_;x%F@?(Ocp`vB>O849v%b z{jN588Xp->HBq1&GxliSF;*&ksI`U2^ej$9VDN)|E>~Zh9j#}DmeVw^n$NiFRS=!E zTZ?Z9x|?2d6qxqMgEiR$r6tVGrONE+qOUH?tx1}n2Bz_eCdNC?T_o@MjV`L>_a9J$ zN3yefoN=M_I>NREHdS5AyeMmOouPndHcMKwcfH}ZL<;XxBC>Ndtz2}4b{cegg&FD4 zQIZ%hZ_XI}M49amhg!6ymQC8V>vj&?Y<^NI*XaQFfIS0Kz;pl*GVFA-^omX_$rCTd zi;`jYl5q5^Q-L^%Qi3~>>oR4axCy8AC1Pz7-SM^)t%kxp%6;UT+qw>PIWtm>Z%@xS zoe#GNM`K?^0#j|t6h@^Xdgb;tj#=EJu<=*&2g;NZz|lI-F0!wTd4}(eC_i;3^9pcdx(-R}GAim3~E3EpI zZVP^z%&+&eYMOW%O&AE7QXi1lG!B|0!Lz7MEC2ycwsaL) z&6LKlLDLd6MoSuL&aY6yV*JL$bCs( zZ#^zUmy^L7cG1<5YBi^A{^ zojkSvi_|Ew&J=&N*kfq$kfP9I)pxr>-I^XR!6SBX@E_Y>Av?CN-bUO+z4%W%WOi5r zUL|JGg2w^}MvPrvxZs8G-03|I>qFw86K@BV{O|4u+8oK8TXLx0+U@5ClNQoO*%m32>WdspB98ujyPA|wHqcK9(!{t(hS zq7;dnXKQJ8WAxdG6GlI_Ea}+cp^ibA1T_;i7VH5XZ`7oSLIdB9z=c$!J+fL%qEqc% zZ|;ACgOHLb{0Cwk7$L4@Nq-m=c51H-E)TR9wSv9oAnscsj7vvs{CYto(iw zJA`yiQz}7fjWP90?LaokZ{WP{sHi{xc6N%VX~hkK>y)G-ixFT|Wd)EXl}h|`b?PC1 zA4-&}S}eT)#1ArU$EPT0*ZG_j4&xPE6q$;cE-y26<{-$`)?j$80Q>%ABgq{9<*Hst zXo1$!p1>b@47OSnzb7H!MRJvd%Bz-vN-j$=6un2e8_a4w>14OiL?j2d&q;*mN$Jw< zI0LHz!4JYQDTOu}2QjNdjZ=fK<}aa4`H!9l*V3#&L4tas=wVB~~B%z&a z*ob2H%QU8}inF+?Efth+_i#X-8K$E43#0+(hQ*4pWjGEJ0#=v#s|yW8=L#=?@$sPK zgo4kq9UC$f!A_I|*-mOk+S_uyQWTDGSlv$LAU}VH5fII1FNiCajgP9`+x+MNbGk>~n(O_knn7HV z!r0Y6PG6I1R7eX@I26)LDE>Gm9yt+ezh4r}*{IJ(aL5GM`^c2i03#%jC?Yjfjt^1u zfVOQXIM?A_&KpnZv=ubq9adpHjTpE5eXQHDK(Eo}X@=w>e$@F*Q9>~;&rB&JtLAlV zy?E+?Dy~DSj|jEz`vRyNNx~Q#WbfIx1YB<1i@|jrJhw12It{~1M*-r%ht9ROw*wY~ z#L)R>kz()9oWVt-{DyxlQCFiBhL?#)58~-?EEAgvB`~L=cGaVbvw>JpLpFspLw_e% zVgb-F-eGL$E5hA=uR@Iuz)J4^A1Q_p=)TT8Nqf06B4PqeioFeh=}&sOjN734f;AMw zYwzv~-br28wX)3Z?{ZCdBf)T&mbB%AiG{fccySv%7wcbYQAf$QI8#l840EaN#33~4 z04zk$biYU3jwnW%d-C9uCVr+jNXt*pG<9_yE+KHR2C8mVj{i&^DFo6EHOHc7*zf>MY~Ge8*}6% zX#I1P+fDF#uyOAaL5CgBY0z6GUcaM34nJUr1X*7HptSF}s*73S0g_YZ<+wuCR%G6C4857W7wT4eQI-(v{{?#Es- z_F+u%r6!hi$IORm0>H8+-}o%n@bP6{#URt+ppYs2>gg%8dySdMFfnnD>XB1DW7US8-rdqI9*uK@u9z)Eq=+6v zr6nU83bohZb$<|eOxzRUr<4W-L>BRrXCgKwR|geMph2Ys1sIAtJ@{@k1JNC+u}rdBMF~#LA6*(BHnrZ z8JB+POYiZt7(%a{iAqfR4(`SylBqt!#;w$rZkoQMzpAYj6BdOM@ILru3<%_r zJWcjp;zF~H_>9YUD^VE|SPGaZT41D^S-xId(#`Gc8``GUo*)B0O#B%?LLNy~lXlA2 z0a#|blR&|;IG7xjh^aba$=M;5QFrfzkKu8rEQP5|l5UJCqK)DyrS(4qu0iZHGKaDF zX6x}%hVlv{MQ?Ak$`E9%w#`Ys?RQ0%nsHIMo=f^8FJO!aL+?QI=|I-O6)g&h_aqjO zS7EkfDSRii*ukw`Vhw$lG^>`fdrPF@4?U5hs8k?Chf>V?hNGDJHTmR%A* z_dR$byJ`m}deoE;Xe@7!D_>;~#_yOWmn}aW`%pvlx}t^Er3jVi^y1Xo|A}8m@e6s% zDoJ++n=)=f0#L8cbQo8?gn6aBvVt%kE3(W111i>oJjND|v@&Z%(w>sl?|=x3u+kB- zav^tPA-7-UAI{j?n+X324-pztIf%-askk?{iYdnDhb(mYwPyRUqY>m^n#Vk%QQ8+l zjZZD~#GGs#fJQBTd;nFFaXHdTEl-UBFfBrloWgOX2De_)Zs7ycJ@NkssDDVeBRo94 zH5j)Qgv4tv;F_ph zk!;8SNue|gU#ZPq^so67l!Lt8kmhD_T@~WbN+GDYG+9rz1{#wBwIgRf@;UW!R$~wB zIBV>+-~A`}SDJCJKCNZ#5&l6PA+5?TOIj+aNqi`{06f!%YQ7Fu>L>Ly)ox=N~d5Ivlvlx7SdN=8MU))$@Lak>BqTcNqk{Ldp^?^d5V!@`1B7 zG0o3^jdjs~7rZxk#FLQ1!T#OCt=;! zw93m8=^%st#pq70DSTA8Y=hS)M*IhUD#1*>nh?Q z*cESsFtjf3$XOU@8uhY2=v zFRiA&G?U|z#y&fdt9**naqme>n97uyYy&XnOdE#LoI*NeS@#ykH|OaH(du1~C(RB8 z9q)b??tJ7d6Fft)BI%ChDiz3Mp?|(vc^+eu9-u9&_l*Z_E8}JW41jZY0=5zeQ!E?! zzZIuI2r7DvbFf7W&W5BEY|KSh5A^&D&=|7*3Ai8u|8;`-Eve%@2)$sfvUC{C{?#s4 z_erMN^=mY~I4^t-e?SD{Ow1ZbwDUU5Bzr!;91d>W3@uI4ap{Ec&CVx{VM{7D@(Y(5 z{p}mtF5ZeQIXbXHTsA99b)8RSl?a`m?-`&4be`qH}4 zssH>r@>lBIFNRrTc?{JbL?2z)ZMa#^;H$d1D42{z?q^*OBMAp#io#cEDL2LebRY9U zaQp+OJb)51G9ox*e+*$nD^nz46TRnGY4vW|hl^j9a#W811R^QNTB|AF4u#`a{P~7$ z#!&FB@E9yvm?7rlqN3EM$n1a4{I%6IX+F=nwj2bkhO-N zi?U<6bNG2}EO`|Ag2I`NdbbK6u4hobg2W3@#MthX(Q)w;H^HIaqvB}l#@Wf{g@q-% zGhuK*F-Z?K!FTaL&_NPXy)-BCCg}ZonGY{SEO-EMx12-@P#<6_k0UkwG872e-)(ku z45lrymjNl_M08JlE1)wy-|4Zc-bO9`SSbxY8*97&T=ihpgN&uZASuI7OozBmi&P8& z?n-dt;L3dovCoISrl*&Wi^U{;@xekjW#n8uL#?d0P^<2vvI5!-OaZ@Tl6lQDacjN8 znj6)nl3ZF|8v*EK{#Yv-HcDEmsVc~|wyHtIJkTTR+S=iuIQmY`^oIXL`|IjGX@`l> zp?;t}xv6}qem=;>J|WW4N}k8$gN{&)(YlZWb#~^-5PvlchV{r#k2Ur~2Timfz-~tp zl7kJ|zyVL?kcHIh@MR;zHe^tVn@$FDcCrtn`e_xDcAGxfw&`c-&a@mJ{cuICK|Te& zc>qMpab#-MHv5{O6??3GKrM&(t#MXR+zuOFjcm&?jaQXXONVAX*NSPl-}$zwTk4Rq zL6&DThBQqkkxE!Tyuaf_SV+Bow#FO5T^Xbg@Y3xUHu^aHG9mB)0!>vCnF$5C*n@N# zk{re9uqkJjbtws`c^tW&zRI#7*GhwP5J=_>muob$y^ef+I{$L?zEQ?cJbrHD8vOb{ zlzN=_(l`C8q8uMlhP%@BJQUHZacALQ1OOHsI?pw55StT>YYBG4S5szfBi@indK zVrsjDR=g>?CJf@1C3D{2H7VN%ng$PVi3E3RU&6HVbtEAcd{h@PjMNV42rdN|lU0Gw ztdP{iSyU z?K4QzrDw8Er{vU9peHwP{gVfj4j0OAzmcLZP`8^1-;!dHQ>Bw4$UU}!tRy9to6>=a zrG8CCR}KhCV#hcj#7YkIathU3vFekb>bK_&H|X7&+tF81DPwLy_2-lxwCJ4>9KrfneUDv^^i|* zhP9Zb2>s9BKf zrW7P-=gc=}z+ne%;G{qZnDn@r@5Y-)FgR8a#+2vRT#d*72Q6M9V&cRrGw+dbg;uLa zaw6xE;QhUsu5!Vkm^5ss9seY^dG^nCA&iDz4?%XRC0Wypkr)E){CwvI^cE_%T!n`0 z3*GrdcEG_z+N4sDj%r3ddi1UrEHT|A^^6Ug4_0$;WhKqP4!Q#ejyli)1;%F+f6z2H z+q|p2#fQ=W6-ht_D*vaP@+;+?5DGPNz2or52FaRp@+XK;)17RhiEcRGb*!dT6C-A< z&3wrS8Kk20C(q?1EhKGp11cuKn3TZ|*+|9ljmSXn11Weo&f@yRivifFaqhTM_=D_2 zS5oX9VF^^q{5E% z(oF41#;T2bGjYFxO?j_@?f5SuMGQ1QnA?jZtQL6cB}Rf{My}ThgpSsK;RJ=3X?Q@` z)$I=HEc>LF$Ee;{<&I$}Pj9VWHd5@gi^%zzTGsCt%Bl=*iJ~BEt{sq)Mm9YG?dLta z#=VLD$~;>j79&~btHy+UTfYqmnkw;d%(t_!1sh>xdVsc0!Wl53&Z1B3ncd1UHE|#J zzJ_is1bCs;cHCKKB8>eiYd)M+7v^G+I}_a$bvVs@Q;B0(HRhyBUT2RhYJ3G;$_xl% zr~|2qx*J3bt(Gq~saOM}vRBgOLahtBp#OVh=C0Gna^4@BUWyjYH}(O`sUpXOq*Pe$ zQvQXc?xQ{Su2dcQ}54O{QS__(D9& zSmU0LI$koT1prw#hJ>en{UE?4cN@N!W1r{;MS&m}%O`Sg(YH>=y-(9-kSQ1DUUbB} zKzNKfp{9=weAIIaqo^T-G@b`85(E%}@NWv_Q!I3#4o$5FdJxv<340E#OA06OT(Y-z-UAvD8-XfMn9E@JX#000CCG+5xN1{`BSEtJZK z-c9`@hU>s>!yn~<#!di|4O1U*!q~!<$)dSxLC$nNS-CS9r{XC|Eu-X8q`CyT?1Wus zm<0)jrF*?4%liQD9+zi)wGdChu)Xd+brmbZCO$sVa<^*MQC0*4AI1O=J)k*WA|UTl zFEDo>M`HFk%j!0yK|jKG^PnI`lxSWi`H0=PX7ufvsij=taj7CvZ6eHJQJY>OP6UeT z!LSSqO!PkC3V}GZ_^UJZj&DJQK@_!4x0*};u0#YRWDVc%kYZ8ig8OgBh=t9EH)Bv? zr-Xf31)QWiWSy2Q7}{J|j3RQ8x7TOPTR^QXAw1DxpUl={kqgm=7-F=DloP@nh`5qv z$42BYMCzamI)G;O>2DXB2mJXOiI${MB*b#k{-?^nu4fm+?Uu{{?>-E;0ec#zp&NRj zp={h0!q5n2b;N=bL?NcdzRAXHW7~J*Dxa<38SIEFIpqQYJ|2D#eZkHC7_Le6vFJ<+ zgfiMDeUK=#g>-pC#0oAW^WzC98ftQA;9jI8e~5LWac%zh8vrP@ug{Hr-2iDJtSGAv zh#N<>VvnByb5|P+kpG~>fZ9$f$Pc4YSb5*ftjK=psiv2so>W`bo$&i7Kmu`XF(aCP zCbL)yaNA>9SxohU0Ub1WQ$AMcEP1rb!1gUCH`;m%em~bx0?hfDXaMw+ubofYjqOgW zUmFGN_FBtM^Ga}z5AaJ%zAs&!DcqVC|>BaLkKZ&1T(x;0hglS z31!0kN1TtKW?3aut5|sZfpALEw;8+v0yp2MvH~N!YtD!0->B68a?ePlyJ67vY{-wf z%bnIu$6dZa!dT~r;`|iIBKH9zd~lk9Ok{u$sMUv$B$+RXQIb?mN}FWL$721tFtm0W zRw)wq24TzV68^q9IT?Jh$2@QV<2Ix!0lX@zlqu#gCt>r#jZsWDX!l|8h0Gz%4Yw~{ zEb6zjhFn0!3+4}TiNwSdwoMn8kG<6n@jgsZg{6>^jH$_+-@@2fBa@NC%Nt!1R7hGb znH(A`kB%Nn-oVErH}Jw_oi59;+C=>L<1CJWXAjbe|M6_aj;*cqCUH#soA=41kc;)8 z+`lZ$(}bYhIqAQulHcO!;zPzk4;JmtoU$&ytLlP*pyUB2wv_t@hdUoD4_^vr92-!D zZ4vjAQ@_@e$V+=OeS{f);()9`KbwHpwMRd)sn(AiD3k`r&N(wRAR{Rb=VMfZTUu8k zFw9OMqH*1xtca9F)juDn8DC5TGR5*QLBI7iS0yo*RVgV^bKXT#d&^mHWmq(tT?cKt zguz?QvcBF-A(?Gknnc1{=_oVA^F8ipYD~Rr#G0sjA(*l%u=spUOV}Z7(_JnqGdUQp zFy#H89r&Ju@h>PzgWeGh9gmC&a~8c*qL<_C=xdy*!v#^j&=g)?51dPd4;V;f zwx|Qckr-?7?T$Iu3=fJv3)VBl$`+dS8eZ?ZN6${m_f8>+Ram`N)a*Ca?w8*7Cv#Pr;*1NnT)r4GX_-y`PF$@%0@SxGJTAKFrp88DcKoNqOUl$joDhq<-Io zu(bIeN%?-m*exZf7n3E}jh9q4OMwTDB*^=89(>aIm;I;!DA!2Y7NJ>b9^w3g*gmg%QbV`RPAq{hAX^@r>2?+%RkuE_% zq~Y8-sNeVh_x{%heHfUTz4sgIUGLiasHG$?FBpuDrY9$(p{pTG&klXRi+3{%9gcR( z`TG4kq>&GDbD7xafhmgbSh%*1X=4i`9Y~~l&Lk4)G(dNuv6-FEzEGBqL}~|r*=R@3 zUx;F~7as?H>RsnT-n+y>2J#CdPbHE5lJ#pbfj;L?0+^1h&qq3VR@Eym?E~31DKEc{ zg=XZOJdrRt;5t0shvH5j9aOraC^w#OTrEVbdR;T*t$&YQxW$s|)2V_%# zncsE6%H!-1lc|8)i>}yo;N$U5LEyoh;{r z^tKH%W8$|6*`|iTwiV~RVQKpsj76SICQlO)spLF;=Fe75#~8C_xGS4`SPJJN`;RGZ zS?g)@#Rp+ON)R<&V&^|^G<=&GqkbxmEPQXje=4S>pSs>IfW8FD>Co+; z7V4SnhOgqYQMd^T0EhFkyj(?$SI;*2%(H+FZbs`lfM@Z$idr0UeBMcn4VWxll6yP z!37wbpAVs5Li3l;dqp;m;(*L$3zAwB)ALW<@z2~?%TV5+ z&TKzzq|ckFOi;wDV*~=sOR(WoWurt>niC6u)#FC{}@yAQr-RG*#QmY zxDq56{Woh}bFI;2^v3vNRk*>`XeRWC=8(Z_;*1U=9U<#mdD@@xf*h2683l7-X2LlvhlyRw~BoHYn1t?_?TXh z2jjCC)N9BikLO6cqoer`!1$rpH&~VUC1?MI=*kP*h!M@E^qa2#2KZm2K^LyB$Zr7T z^pPGI{XPCl{y{Y-l&5PydD#;4_2w}EPl+|CoE)rc>|-1~JR1In!s9Pvdr%CGXQZji zPg^{-GHL{-$$Mk{#|UFU;?( z*tVc~BEP9P70d8Kt8De$21H=c3ZpV{8MSt%Pl_~#gT-|yrKu6Z$uC!j- zo2k$x|0BY4RG2MkGQ@WzxK^VAT=AJ_vGlCm`W#bF^8v{dF*i(^l`=ya_ZwFkdaSC) zWE+Ft;C^HngAnOQ#W>x{;ZHJN+hO^ufc<~x;{rkq%HHxfB}hIO@~EDW@Jy7E&-Rtx z3s9h6EseeuJr8iedp-LnnD}lH;Xy!W9@dwL^5sh~)}ZGDsJ&lyg-tqvFY7Zpg59`Z z{2TngQT!K-MA%PZ4yk%H-jU)r7kO?lmt7&m2Z7O5s+_BYCj8xS--deX{40!R^2*+L z@k5*2?`vUnDRA&A&nXb{3X{0&--_aX|3$e1%Hj^&cmL-KA^7>YZprs1(_8N!8hQ1d zh+DHx56h3gL^-#rRmnY_#DzIMn+}D0D5Fu^H_xMfAyZMr#0Obj%8`U>-SXZa61M#Kyt;PPy8HzifP$t!c6(TF^m+yFeG=OLfvKphs3W%O zh5^=#c**<_lH%Cm#i^OTNC);*{uKe>ZO?>A-_iN{g#Zqso=K$j0%flA1N4Frg1|IB z!tGGKMf}MOjsS|vmbzPio@%N467BV}WapoA|00elDqf&Ss!N1}C1KwTV=xMeWy)(n zkeNFV26#;BB!KmXE zd9WT2ng~z@0J41O_!XLNAXot5Apr1AD(1651BiDDrx#R(S)MdEZT1Bh#m42&+UJg3q4n1P zumhomK#P@?slw}wGRH5hVE}X=0ouI_YmJeBQ8Y9y9a%rZc8MXQCQeT!(Z)vlNkEnZ z8xN7vi~%y}1;n-y*vYOCf(RQKuEr}+-`QtE7^9N>e^<_{`uk|6r_3m*5NLYN8>k6A zB!FcK7U4xE_2NqsD}x|OA|BYRm>@rB)M(5|=kTc4J#W*fqdCd}!}xiaZUEIZ9_=Pr zpl;EJSqC7DMa-$|OJ~Z*(m*iPf+y+VZ@p-2Y)?Pfpw4-)=O-7BnW*;xUavV(FyLnh z7XI7^$Z*F9yB?i&$ZK{=`aKVJP_=D^pg}q7U*2EQqyGjx^Awa;QgDPWSd!4~ekUIU zSw3aYc7$@!H8>AC#-r*$4;;)>!yUzr5^bJ;Au9ud47%xl;o{ar1z1gi`|X2iqNQ@| zkW1vI89%cIUinTj>lH*oP(_s%@ohKHcKh}JtgT!{e={)f9{AnXHy4Vy$S@#I3SJfl z>_2}|ideapB440VK;rhXeI*0(H8(-__?!FLl*Y*Ttc%EcrJEm0!gf}sw;Qo>XLwcd zBEyWFa-rfxPtGN0FNK<*#TLz z#g`@?*nTb81IjUj+%0<$AxVh0+N@H5nwvq>{n*&Ey7&2bAXfimEMFiY%Io@r-WCf0C$3iQ0jY8|X z@#-F>!%wH0&6-p$Yd>#%RBFnd<)>Bt!N{;hvO7c$|ASpIZ2c*KB}lfMj@qwQD13nu zU1cX!rhE;0rFm4g)#aF>|xq}9I#T12$ib&sM*Ro3_-`Y+$P4O_j=Dd6D52eSSb+S81& zLs0~_0ytpyVttR3r3?gHvncA8$KcP$onB!cj0!N;O;5v;Y7c9XD_8uBxj%lHx+r}C z7`A$oe`r|-OXH67C++sd+rU8(l%rf%js)Hpu<20V21{OO?|fb;xyyIYGOZKPb(+84 zP8As+6PV&Y+QPq2u1Qrm39z%*sJNa(MgufKzC}gPznJ6i?}JbVnDWZ+DzSdHB%vOh!gRF zzO4A7mXk>0LBJSDvw-quvrd3WW-ah9TF zxYB7=d!FQa=}Fg@Nf`~IqD}9JTmUMNnuG{JHYjke2Aw7>3-~W1jFr9rHy;^yC*Py7 z{zw8D$+^N=iFs#iiODsov7ll#lpwe$xBuh##x7X4DmMubmQkcDxnH{}sf(#Z1OVdx z>%0w`Uph4tZ2?(VSg$I)!jO0qn&LbQ@Z~uabPufW;lI3EV_Fx8ti<~->1O-OexODt z>^EBKF&-2py3>F?G-Z6q?NhwNk${y5O@g`0GI!oxMkY}PsN~%7d1S&!PS+DQp@9B{ zxcLV(QX_9`iEWr6y%2F3yp&>ykpWN<5JHt>TrV3K5maSKN|~YZ00o}vX6HGl>Jg>QMlr>S+KKl_A%Lp8a%l??e@;C52 z@?`Tu0{s5~{db(&noLK}p=2#^t>VVZli8Hrj2ko$hpdO-ZX^tYLh65dyXpiIet_Bz5lMW#foKxOrbgA$LsT|-8B5CD|M0tx}dnnCcSY@SrW;g++G z;wx+1JCfCa7Mmu~0VCA!qi_HQ=yXe;{*w>>M^oh2qYj6_rYxzVCGdlgVP!Meq0C5* z4b$yuHbB#+y@NLcf_Y3<<+B`UWe2;m3B$NT>bBBj3a+E8G`7SQ8|VPBgSS|LLR|hp zMlEwy*!iNZdw?O3-TxAmiFmE-DXlyZA&==v#>XpDthHJ}UP%i1S6%5918bify&{*o zlDeI`)B3!|>~Lnj-w6muXITfqmzxmLl-<mYaZH30Cl6UY%&tITXqX20%yY z++$O7(w%W@2^VB|+I5qWjH%?4mqxcg532mT2M{=;D9(fFo1O6=-lFuM|A<9bUJ#K; zH-sVpG~X#l^7(-fkTdA+z#NvS$~jrdCV_OIj0ferJk-%G2ed>`SP7LW zE5Puum`?_rf^RK?A=rVk%2TpkhE$sHhSj7hFfW0T7)BV}sf{HoKZs&XM7NsPA!q?A zZU460;V|G?kE_%_+BxtaR1mW`HwOU4tcOfkfB}n6$~x*oiACo~bR8PCo>!J{1tQ;? z_z5;Q6cbwL(S^eR7iZ5w3X3<9@!c~?E@6-MjrwF5To%cqqbLWzfra-Mq0j;qD$`Ls z-bf0EK}_x{0zR1UbjcL{e;Z0Rg#;=2f;d2x%$Hd$kLfuSeD_}n*+b07yoFm_!R8Q3 zZ37mwk#|6PXBhCPFziuQGdV74LC5W1d6ZgXO#QXe!K24sCSkQIOHeJ+!7JG!Z2bmy z{i?r?A_NNW=PxxJk#ir`5iVfO>#>&6sKWRBbom-|y*EN|E&P1GcmSkG~6I%<_{nbKvz5@ua` zrtiU<%-@swV4Xe8j4U4o1@Tb8H0PQq4WLk(vGWlVZ0Q;Oe+l?sd+>t1VV|}OF$Ek8 zFdBIWV1TUi>r#@E$cdNRCXfvz2_d#pPxz!7#IKpTY%F1pfk*@Q!haq`xg;`c4||t7zAiCjRDqcVF1+jFRxGAK?L_- zjsB1N#c zLS6qg!9Hhyb5vb24ayycu;fZhnWg?mvV0_|+Rd`os$~8%<*^q45rH7=LEA^Q3NVkH z_CCn)`1f@9{BtyMF+C%zjce97D99RKSOmE{W;1MRcX8|*bwLG^eNzTZC9J$WIE5^S zhYW$zh$QNfb?!o*+E2A?cd3MgY< zP|$*qk&S(meTNWLC$ip|u);CbtU38>%-^mC)%9r>OLysWqN6G8>I30 zKJp>nWZ3>tgY_wU5O^CSxl$j~h$0)HTns&2%iw+V~uY?+uQhOB-+B+E* zY?{Q*M?`pKj+>f9-IL8fG#NaIN{LmdB4hVepP&Q*a~BAo8kY>$z2ae+yYxXL>tX#0 z+I09%Y)!nSg63GpgKyxP%O46!^T=CPfatf;1kN}Y+%!`P}Q$RQF+QSc(wyZ)qh&x@^6dMMFGGzI2 z_t46xuWnn{yTdgn$tN#q_Tzpm2H`ePPFn%{*3Ck%1 z;J~U6HF3>Qk6eMOX*zMhSXZO09n?kMIoo|fRB3N~7axuOK;7h!EV*8EBD$jRcZ_vG zS6l(_sE*QT4}AV?88lvpN=BhLBRQ&V`eAVfcEkVirhkGxUfctdNkEnSkzt(?c`n3R zQB?tW#1vf`jAE1q3PAwCOa_A}fR=?6vlazwrIq0C$9EmVG`yHTx+A)Ufl|9@ZE__H z_bK?mYczeT7x;8C@Jb(qwNDg*USbkM7|N1f$3)bqJ{iUuF&WMCHzHtk-`f62kpV{J zK`f_T@^}cncm@w<{kuQqMF=H+J3*3> zmW-lqmu}a?f$NcXJ`D(SQ+A@eR$BN-XK@5%L*_TGB_eF)$czne4224~=EN09tvtu5 z3Rp5I`1ZGSQv7La&#NOmh9F7I;N_iB$Ozv#(z^EK&2^Kj)^L{wLPthzOZN7WNdq|mh4Q4uM)`Ybqvr7W86&< zENJpk(qEZGDIL1!w}TX!KSA3e4t)M!rJ1&?|LV;D3=)`n$)m|br#ENN+4P(dYG4fA z%a?Kq2R51N0HXDhP&xAhA#V0a$qZzD-J(^qn4ZJt7wK7EkXW5=_oe?S|`Dn~|4eSwrH!W6q{-|4f zm`kr((8?HYxCa;!Ku!QOiQW>!AyS_>zX@J(TxPXTq;bH=i&k)}*(?G!H{+@|$RcKY zSLk-*F$IXU2`Yzq4neha5ge7t$3rVy$E{AcAXc-l16sC)3h?(_(HJVY}1 zRzc(g)bZGlF+YZKl48uC6t6S02J@c|zxw0#*y-K4B2EFE^}t)$7TUd>S_1+%kq)g~snyIsVKumdht_RFfg**0~gq*f`+1 zh`1q|3jWxQW6qWg5Ed|dXtWTJD2ASr3bFUA{tu-llb-1Fniu{`_}fnnSE z-&iFoJC6L*6P{&)hZAitZnAf@?SB>sNznHu*T}&H479<1fyGx~86G92F&zBZ=LX3| z@C8D}K9ueTmW1IV076+59!hgcM#v#iEyB$z4AEiUg4$!+}# z&=etQtwxovDRfB^O?pRy|DuTV=#%d+B#DjVPwsX0ojD2^jUabH@IL*XR{3CnUfa)B zT11t{kGTEv3f|<0=b^TPt5i~etiOS0cNe7P?mh>UP#g;btabVIrwO>4&L1hxw)x%! zRm5g_@PeVa?(F6!RK}EKIat945f44Zm71ET5Zfq8tZN}qWy`P*`l$Nogwqm0KF*#I z;(zV*BAex|gJ5Lo9jCC8eD}lW`tal;8HtJbkR9|r?&rYU$|j_FbWrN`TZo`C@$?T3 zH_3>k?%EK8s%?516r9cFFKx+)yI_Egq#Tr39Or1W)Vj<6k;(>^{%lODr+@Z|%CC^l zlh0#F*M@kZc{wjiHi{jMhO}B^uG8}43B^ZSzs6iOewfFPIv6-S7v^nd##6yXlQKe^ z=F8ut5D*u+@p)h)<*N>c1?Th5E%PZdwE)w~8TA%yDZhrK_X^WU?^Lb_=e)31iI6A5 z2VhW+`24y3q z^@9g*S(kj4Zp?*#)mM3`Sn%tS;{ufUk;!S5v=FOc^kDs?1N^Y~NACh2|FvdeibnU` z%>`$3NN*~81%4(ZEK`_RSOD})n4k@c$C_D$h^Vyk6wWEiYob=PZ0b|RQTgPY?zp!j za5WM=94NX2w10an24B04{=_pN8j<`FrXb*AZ3mT3yw}lpV)>kD=zb4iB~KHc>vYybVj-#&~Lg9t=|!UZDmtvGYQEO`~i5 zQ=togcl9`a8=wrk8hGtJDwpK@@hu*)RCCJy{7tbBCVm%|y^Blo)*;NG>h+ECC!Ew< zrNo5i5~As_q%O-81MI%M;nC6f&0>~bqAqb|cF73Xn&?gS>@JWPC*k@Ye@&vz%tIfN zY_@x}c1JU_CqL(X6Z#~JSzf0-eW=Wat{HfqnXmjNtfuHY@l-M=qg?}`mV|v-mf?Gc zU1!Q5S7ll^>q0;ygWg{H-jm21H*o$nHJD4%!lP<}FzOJ}&>M^x$HtVg{rHJA`scDJ z#Dki8Q3h8W_yAY%4>ig6^%@AhZ!KJ;vR^GVeZ#l06IVUJ!h5WOB1MVu%|_Z3-pw`ROZb?7YVw#?DY#V9 zob`^m2?bY-@wUL7P^k&LZs$(Ss?+9=kD6we>x8IDidOX2SxPV4v2O3(ca{BIsnBOZ zji*4a+WWP=BSHU|!Bgr1wpWRIRTsGU29n&M6Bm7vGoc4hQ2gd0cCL^CXXtbUH$8diTR`;|^mUmDxVK7cJ&S&^AH0=fPgIWazV#ZcN5h1Ppsy~-=bOi2ZJ?*?^sJw%4$-(j z4ZX?)_TEcrfg8?Ttpx=s43tk-zwX*agQHy_JJYikeM#M5!75jNqT=(_o{gsPiD8y9qcPe-8Ez_c{c!GN&^ z3B7LtLT-XgBBHEeNPbsu?0wTs^d_t`zipgzo8#^?3Qv^ zXw?jwQXxGfVuGz>(!(m`LmoPxHmEG?A`)1TL_&C-sVq5IaX*6I`Rd8^WaK!0)C#p9Fq29`ZS3LP;ntkm`%sd}g(>J1dLFJTY7-3*eGmyECdF`7!?W5@G~J9`|3sGj#x7loSLt=u zmsc4B#SiY5I2@eb<*)l}T4%UVDiu=RaJa+vB#ENNg~DXAsFw{otBXmbs!N2uzGvVF zh_tE{D2d*GzNAC_@bZ(?)VkM$1b?Gmu=(ynw$hbUB{x|J9bPD7F}Ny-nXd-Y3JYo` z0qt8JdOhCmj4;4z*F4IRk(^P?4OjoGSHF;HJiBVe8@yIR#XajcdfuiQ9aZn%7Le*o z5NvfJS`t#V^mO7wMkg5*)K+D!qZ9aZ<*n8t(?7{>2r^}Wmjn+UViFfF&*|k9O0lW< zVzMc92D2c`(1zS8)yyttX7c&6x=NootTEVX`3?CD_eOw2uh;vJV^?!tV;-pAVyfx4 z00>poZwh4RJ>To3oe$_+kR@k1yP2PG$6wZ6AwiDiFx+j@zzoa73Q{?tc00d}U>kM3 z>z^>b{7b;*<$4!HTcNdCrq2P0D-8%z9Y$%&1S$pO9%9q?<2G{nX4+@k5t;mqKS`OPRxQWqJFQjM;N7 zDD9=W{;f_sy>R64cgFsCht+Jf7XQ0@%W={UIIu?Ykyn1kb4i!7XgrPhztHWuR7W`` zXZL>Ge>bTWgP=w2HvvRM%fvR&SvG7EZC^+YS8q$*p1_#h-z|CKat>71CeES+yH*WvuDDCbOnLU7FBl_j}^y})g!XN1cSVKvse51fO( zHcBFUs;t=k6p?P>y@w+Li(kgR!hBhp)5vi6j!P1Gd4zB~3Ti8|>{l9|*zX)!>T8dz z=!kXHOPS&f8e1-?50K(2s2Su~LGm)XZsRNDN+xwb9(1Csogg|G@;J2nUrG~|BAZ5t z@TB~N*O=uaG|{=J7vF1dR4(`ii{l-xRzvQc{Xp`}#^d{)_+Q{1xdpk7qXE0^{2cdQ z9;Ns8{qCp!m~6XV;cHZb>0Jy4GYPwOKa5Gpa~cIv3+ev7I3iA0RseOd?lZN?H^zV@pDh&}{K|N>w*blQysUe z=Sqi#gvAdf@j8t&WPFXIY^DB?S6_v781-y8gT-$%T+Jr=&~_8?dRrDScJT>eV%v6L zzimF3lfq`YyZotEBQ*ofUUm4jJ3+2<*b$Bo%JWqhejKdEC=d^Ba}0LFb%#8p}| zDvN6K7tRDc-}CehSj8d{mcQ&|yW7=M;YVw;Kl((WuhtvWJh*&yOtmy{ZSBsax>noM zr{#46RoIEoL}La&+P`i$)DsUeZtCIj^_P`9*->|`cpsrh2l42ASLE*M8R=|m{VCt_ zOS4AaW=U*Vkj6G8gc@=63!e;#xPq&@&lG(Oj`un^Y$QM24JcicEO$NCR-%(cp2k!u zIYdT{&Rnw0KS7?7eEZVj6n4}H=;#u7E!PKwOaJFd4yK!Wo@t19La>21t_Mk$3h)a-=N2Ap5NW@Zz@0e|I@aD; z|MFT2&n7;w@-+p|g}}nAH{z*kFWD;1iAOe$TE5mQq&?r^7QTNg@z&;nfGCIm>7GA< zTi$iiap@&&Vo7sl9`2WLyC(3&eB>w-j<2qY<`;q8<=3Q_PWa^UjWo3PpNNO{D>ue2 zM@DR>Qb<`^g(|fG=g78h)~Z$h+}?Y%SaXjWX*O$MyCR-d93VgWvk$mEHx_q7@Ht=0 z0=oiD0Tyr>gykMxM(=}%1*hs68ZB(WFFI`}Et0Sao{@NG$ym}n%ez%*oVTa08mSTV z6dxau;L57y5~yo7iuK=9f>CDUZSVUfvX!N9%FNINzQE0)+GuH|Q-9w7Q5>c>=eXU! z!DR@Jw4jbc{XGS-*u)q0s@`FdL7#Wpo`RbI+U$_~MPzxhYhAsOCjf)x3VLSbH~ixE z_Q9~zQ{W5{lVl)syCB(KvULJUE}y>_O}l*~;r>`@e27{aA7+>fEApGfQ-MpOG>yDj zrH#E~e)MfQW1P}^F-+45ejbI-dWE*t9^d-9{$MP`(Sb>_lbzP&c9w%>!~VAf9DJge zHzcHs_u^6;bZ_1_u3HG+ZJ&cvgEOzt$CJ7bg&hhpr{&MS_wS~rg{2-(H zjnllr_nEnEH7pdcVbTuog_4IQTEAb!dwV0_X6%>iR&-Z!2!E=d4?KSDxgIdEJqGSQ zoI+bJ4^C z+jw+o&L)@{?oj;*_-wiA?7EjNX0%DT%}Bjk{JLy9UH7LKUu^RwX&N4L?@+szDRtf) zr?_9`XFuEomL0C|v=p)Z%5;p#5;N*D^uF8WkE@MoEmBhZh;fN zA$FzULmvnL08OfPTe5G$AM&V{6bq<6w#xhcw%Q-37|v`N!KIm7@it?{?q9w|S|sc@ zHb_m*Ag&TlyuowRC1OLn-C}-oq~S6Mxf9&mhq1ig`WE@_QfyRr{RZB>_^M~(u1(|A z1Q`4Czl=W(awyX-_G}rJ<{J=S^f<5;Pz@O6X}Z~o;vkWY%LygVpYI{RgvN%bJXe^^ z#yUifisN^*;&-&o9;Fn?xw(xF1eERG=#G>;@Pc{krFuoYFEK%Ej$l;Y;uQ11XXf=iUXljRwanY44xYA_t4jNcu+vV*`=&tO1n{<(dOa!vONjM8AfTp`m7eZ?`Ytah5j!tq;mNkdv>6lKn8XNmh z?k{p#tP}X5h3u#6(Fa8BrAlVvy|3AfeBu)KrH!TY>kmuE9*CVV1_|CA9gCNPcM@(G zH*ILJw5DV|eQe}hRHg1TlQc^`e)ixj0I=_(q&Q3h{v1aq^0WiDNSHR=LLzlBwH)&( zqCUU7X@j<6`DQ)(UbB-%Zy>UUc2Kf5&LanTNU9Enp=-TNf%lV0zgrC(^ZtAX-@d2~ zhCiEN^&Td|t*s_gq(N7Qouh?>2@O4Z)BjvF?$cnyuThgM-I7P$0nC9al85e%#gD1) zm;fu^ffW;ANhQf7CEd4)nL#Z((@Fn?1EVxp#IDh32LDZK&~imY!%=j>{rSzR5$p?` zui1++>KK*qJ*vq}7ilk;SJ+b7v{DPatkeCGzmva=UkU~@vr`%LxR;aN~df8DF#Dz5c zNk}iF?_L|SSz3Ngigt>!o~OGuZ^3Dy>IJ7Z<41NfvMh|>^ZAn>+|i!~F0xH?aW^^K zi?FMsc+6sBxHO=fviHlXah*0W^qyDsO3mxJ9aid+%?4=&W;V@{6S{shfoHFIv`FUb zspzJdyl-N)?^*aQJ(1}~tHe)Y53Cexm}`utewfIw?Ef1)l%QZaY9+c2m!B*X3yfKHX1BZNIFH9yWQv9hc6l(Mul5Ur z?}m~;mZum+nBtA57COqdw-!Ret75+_9*FPTCrO_Vv_ZjEO;_B&CZl3&!N_cZ%S_i}W?SE87BnsBajDSj6!95_~(%Il{_z$Xlc z3SVn54?NyGnvW8$>C!JxGy%Suu08|~u`G_IR7mopMOlVxh;4?1mKHd!&3J0+w@ z&ul|ipRC{wAA2noJJY)+f}c>X&7sfg&Rw3?+8@w z(fGVMcOl$=+wrss|FP-Qc#Tmk^CyH;`vdOCQAy#O54gSjt?n^Y_nWGg*w|RG62~4r z7(dv5D3f96g!ZDk!s*zzSpxBtXGO`Rnag4^Hjb>~@#p6C&*-mW=N+_eqaK1?O#iVx1U_=q9W$OPyY`Y0KiGHN?%x$b#h`ZT9_SNnHpSE2rv( zy`yT72=~}+3M<|l7$cllH=+7k^Hka8N%>Zu+>mu<(P%W;HFLFB7%IP)$t-yOal+ z>U*BI(mcN1NeGVE7rt5`mYk{5GF>V4^vE-r@P#Lq91ptR_FO<4^vxPmeU}2JDB?jH zxP!Fj#fqM~Vfid?SL{%7Y)`xmZj-wI-O-maI*-z6-xo_>14$Im6l8BfUPEf|wIk2s zkugZ*h4ECAT{c|+J}-PV;~TXXhvQDl)?<8Fd4J*=wNgp@nM~8&=8mJ%SG8a9#f>U& z$8T*4kbgR(9XbtMjc6r)^F-fs=C?TS~91l#h*fG&&ai8&s5Uez?}dBuIkSp%=uQnlV4)^O+Fjd(G?M9hsMZyH8IH>OknjQXsTQk3{p2q$ykw%OoY|KuFH+m~9E zKM5o!GfargroiisEe%}#g!I8~bMZ>W{jkcE66*|{&^30Z0;PJkXWH35BQJlvxltsH zd${?FjL4{|oBX=7X|l%dso7;;YqoL9(&<}fqwmLq@%TuAScxC7xH9b!9Cc2K;WII; z?Wp$H;=HvbYH?D%5Sp806k*ETK3(x-F%Od`b9WiUdF6U)zBN8jKpik^l@ghgv^ZaX zp(GwRxF*(cc1_lq+bnYA`uV3@Nura4wE5E?d<(xUUEVr_&A4UdAUzMEyu#Nvr#o^& zmNRcYQ@viPs!Qco68C_UTt>$Ibo>t}w<$COj7 z_KeoejY?vF$ z=%dbq+(87MwjlQ^kPXPT3ma49k>;IGI+XVPS;NXU98sB!)0O$+=?INQIjahbpYyLQ zihGtcA3cq164xMp)BnrT7py(JO%Ry{jK>YAAu`(YAG_zD zu#X26UC-n89{Emr+~w>e{n1-(_LX>|Z+fwRvG#y@Q2d+W@_WH-%iEmMP376K*t7waXT&gdy-RT`}tT#viO@T3750@1ij*1nC)bVlZw(8pMZ zukB57Q*~sdZ}T?WiW%@&jxo)yWsC9Xq~{cp+AZUby)XXas~#>eeDsujb<#`nA`o-0 zGjq0ktSf1Vd(VuoAVh0<_`^>s9#4I&V|kurRi1}hBcDBVC=| zeB5G-@aRwVDbFqg&vB;L`edW%*cH=rSkrSd9Fyl&; zk?c*5vY(YESd^jvb>nD$Tf&)nhmZzS_6-G~K4INL@!2t#&N*Gh^eT#Xd3 zh1G1A78pn1F*EJQp~n-J;nrjmv;Xvc$M|jCDAe6$zaUESY+pV*teu6`oK^+@Ktseq z3G19#ZsNBnkJDvknu4FZMa*~x=$Y8J9gJx^_2DX zKlfQaI%ep%KQJdS#Zef|&qd~sM|+#J%{1ES1=NYncdRkIOhS}x5y#Ru-I2_ZSnWQN ze)&+Q^18MNewM>}Lf>=Z7@0GLP~sg|tYXacXLJao4iWRs^-qlGJC zFYKTPe@FR~LEv6*eWPyAWCr{nGSG|$gRpGRD#igkF9RPyE%{e1Ak zKlI$z#7t=rec{f_ zeKsk%=-pMvPfe_mo3ZPwtYn4v?z1>bc!@>yntG6=U-!jMVkgA;^jmHMvCek+j%M&F ze;uFbc4y{v+H`+H2iZWM-JZx`!4{Fv*urV_1~-rKdK9eS*RSD;QX0P{wsrhA{Ug%@ z!<>a8f?qcCeIboI)vsnRs|?verkxuu|1cc%Jpl7x+vBxZJ%)7;}5@qusFN?oT{vcH)+HM4jjGB%GDnD`lXp%p%=QYoT+e>;{64Rs@4tc7 zQBTF8JvQDJ!Xh8B4gGI9xjIv6PPuv;egd!F`ED*rn~%m0NTC4&TgU378>xeqg2Evw z3|y+DstgG+;<29Jb#`w?P_tZCM|tiyCC*ul9fn=+vyw-?@#3qNez!w6B9>_4eIWl) zH}I0A0T1_FnRerA)=u$Ii%iOcQY;G&jq&$Pd`a|&%=`CG&&SsW{k`w9`&AId5Y9aL ztX4Pjz$q!&_!D{PTccYp(!Lx){HgWJ2wY9Z#&0;(Kihl86l~?Ko!(K1v19LiX3$F$ z8LKw?X)p%wjC@e=P$1UIAg{wt(K~wQnc&HWI@W6s!+iql#NUf@Y>9x@2c4#IFQxmu z+WP{_9eke|8gjVk;Jg_+!(M3P!uDS;ziGt&$g~KEvg5bCRUca6ET+0{F_fl8&Gm%r z|KaK_qvPh)h3%OzW5dkM%oAp2Y@iJ_%*@Qp4Kp({GpA{oxk-~W4Z}Cj-tXCGpHDw* zEqN?oOCC$sTGn;jlSe4KIYnk<`o;b9;J^ytjuk8vwbCUi+)XeMSH&sFJE3LqQLn^r=2O(_g8 zV--0TzVtd~$zP2~1#cMAy98AGg&O!hr4&rf0vXv^xF>l?3TNjMZum-l|E};lva%Q` zOH9gzHO+tVQ*6kifxj_z8o@fcR=!`pAk{*|3MlyPvcK`y6&ZoyAusJiwo{ls)tB~V zE20!*W6J~Kk1W1m$&31%s5>|DS|3DL!)0&y%Jh%51M*e}Q4(CtRHvQ^OpmwMu3r#! zzp1V^4WJ{ukWX~*-Y7;MZs;5dU5-L)#5`_KA5p)In^IBp5<=m}W#jq|sZgS3=g4F9 zI6IsDkrenTYyp=$BeC>nUacexxr{KAxL3q6prB`vzLhyOYx2*I&7Ug$5aFs2Zj>Hf z8;RPsoFZI_JA7s)!8WWUU*VM@HX&5vf}a6%GpwbC*Ai2}s#`eD41CPsbK>$|hEG*m zX`n#9zpzy)EL=83T7wCaCVGpT#l2%@(!buC-ephtk?Z~LtT)XwP_ttVx6FadDJI{Q zZR8W=;N`A@T0YIz7u9N*AoVZQhngc|VOeJ;E+K8GAT1&dkcMR`o-EDbEvnMX%+R@^ znfL5GGfH=J{?L6wC6Y&?cP_NrA${)pQmhU6)n+?Ej;~%B%1o2V$%T)2 z5vY3RC2g!Q@baoX2K0QN6AhOa3t{(EPmBA3`t9Bl#CFzzw7+o8u0^q&cb}5_K|JEi z)7DxwGDJ5Ia>@(28zdfK2@4y;#vs}jlC(#ud!ID}G|RO(nnYrvkK!r0nIv!(`jRsrBO3uYEx?vn_9-tc<`o;_#$;xy|oyz(_VrbvxdF^dSZTg zR5V;-)52PcNjP1%{I2$Cq)hgns9a$R@U)b;g?3GN@aA1Vz}k2i!eU!|EO^g!saSwM zUaeG=_uM?z=|sXVDd-vHXhaK-l5XkgIZyhS57QoM!vPx3fXvLp?LUQm?P*L1D>b$x zz4cb`TN8G0`pXnrW0ZuU2|)an7q7flcG{t_{_O$Rio-6Pj5L0w1f50My@6U1!_*Ly zjD&<=Y^tW!^5q`xq5JQIG}f)X7-`uPYd^YmB@A3&?m+WjY17}q?6U>qMs$=(c^VGo zS2@##H$O?{az7aainVR&SN6Xat>~!Ydb6aiconwuD`yU9-tDIdr_=Au;G1S5NnZ9W zO&bpTk&~Y88UsYxNO;=6G+>J_xO17PlC>4o?3;*^I8Th-6w;s^K=!mbP6#dd;6*5p zYy5O~o}KNamZbU|TD63|Ppo^=h)1k~d@w;3Plw`~cO^t{csvpT`2H>DCVIapG^~P( zaUXVVy}Yb#n^Y_8Xx|Rr-iMrEFw=S+4{zP{7+U={pD#CLhelXNqp%fq5%O?VDdP(V zMKC_N+TGk2;4?AGeR8TLmo0T=UK(3dq& z29C}94*Y}RiJYM?b;q?9cGEvpI?SLYggj_70^7i=jf77o^7YiKuOUdd7`2_%jg(n} zG9jxz+d0vmm8yE~a7qR1qYb!@^v`e#9bO&Y2i&u4eLnpfy|~^UH}8vElT$q|>E;UY zg{>3WyV~mFVq1v+w|_$4)~4V^o%zA;;6@`8CCv88#)puhf_m14-AHi8$-_!IvwraK z3ENd`!A!A;fon;jci_OB|6kDcGpCgy6C_9amQoc_SE{&6x=Uh^rege3Rmi8k)m4 zf;g@JPU=wEH;S)tx5ulkS?ZTrMg}eKR4Y%*Ws(80BQghHhVRw#ssoGfQd0jeU6ka} zkE7vCT8NlP{!o5<`9*2?_)#v;PvG9fgF82yY+n~~q_IJc%X5k#>I^rIyD^1% zEQCk zJ+|mDzBm(N!y;={_39Ei*MTRUnI^@>igVYqi*E%W>9 zG;+Rz(5D{+cEsIhEk;h8zR+sC>lx?J-q#PI-iC)aLxwl+Yd;@lrrUTe{GO>5jzj7& z6l?zE0DFFSJ)V4JT3pg?IGpBK(p0i&!S2F&U1e#iE3qYbst`Gx3Bys0D_*1YcXhQP zi8l*t2|~=XAvzk_n~UE?9TLQ^acz6K6?F_VYhp-7^A3>Erc-b4#oFj*#2@`fqX;bUYXJ$c}-*9x@y@6jWDCxVR<>pt( z-)SDUY0C$R8F~tGRP?>v(i|Sh0*wLp=^%(*>$qQ1_9Sgv5O1c|79ZP*sN4^kEq84S zgx>yVZA{M8hcqm4vEc3V+u3!5NW)x4Q>(ZO=I?)9*qA2=}L|tK-_~ z@M_isS;KTBQX@ugB$v#;;F&GvYak&bgHJhAmuPV%YC_9Wfs0(@Q0`LsKV&^-D9K?Y zT=40%s(3ROsBQOof7?EdX($FyB~hNYH6X1a^KuW5m^PG%XONDipj`JYepxn!FlrKZ zE&erc4^7sY^``R-wWGhYO-jiFe`wXqd{y)fmjylkVeZezM(+Dx^qv_wv%OVC|4kI> z21i6L}vM(lio30**~K>qcB7O=KJd~ zF%zEfHA)a4OL8yR$O>}G)NlWIFG&iT=UJovNu78H*eb7P>fUP{m&r|k?=;u_?+VF5^S7EiFvMT=DJzL?)3=~pB1&Am zFt`aX+SK@;>=@+;D}%o7bL&>yq?+4l3hG&7__j~2s(6?ty{RhgmU2hJ8z@dS!zE_& zg~5kilNo-{9N{APRrXf7o}wZcBKgP%ZDFqJ9Lw#65qsNrRdm|x*s+!F=XtTAxU?lV ziAgT|zwH72)OYEDW$jck@a!RBE1);s*+N-)&ilSF(`C>@QX@apSQY(@VgD3K z(cAdPBnSPWhWErQ75medCF|MU`g9|mbBB{dmPmd1G%v{MocyRK`b?m49LuI7^5x52 zo&mHX4w|4gM?mJ&T*!?h-yD>Q6F)xEu(Nnx^oo?KkBAM365XMuVLxd*Rf2~O`T%|? zCN_G~24geLFy&3VSia@^hw{9Zvcz8vr7a&^9WxP)*q=7^+2)`2KX&%YAD}o$IpORg zf3KlJ*7?zNPT=%+j~D+i9SF~RcN`P3KQ4}MFqHM=P4m3oPlx#tFl?6ZnC-k~j$&n4 zh)BgKFP+UKRp!M<`3wGPLplL!YL*>AG*aXKoLbp{|FuRIpitEGZlK1!D zBOyV4J~DARL8J?-*C9}cMnP5H>p9%)e=<4$1oumxC#Z0chso_b-RQAA#OgtqjL~@$ zrY|Pm`^kUYbPFG7lp1ok2vsn2_Z0Apw!yM0sIpkM{dS|W+Q@8vaO-EyNMai7y3!D8 zJ$L-hYJhvcdm}yAYF$n?@u!kJwqt-NGsPnL9S+9GeQV+qq*5voNsW9kMMgKNbF2+e zdQ5kCnNE{=DOZv*jP2`C)6_!X8NH`2$^8aJp!vLcT$8nqOGvWZ?XIwK&&ThAXq<4j zX4Gx%s67)}GJ_>_b*lByDj!SdsfE|9kN#u-;QzKejdyVVzFcf1ZVNYAg-&o6pzi-h z;NrBeB#t|F(-dwT)EPlRM)EO5*YCb-#lKxgqdVKKuF#87Syf1NK5#Qx;Hs|kO3UO7 z_s6$_gG-5y|B-8J1hIl$72piX$-0=woX`L5q-m~Rq+Alht-HRZMV5a79!Pqwh|;=< zi=5X)t-IK+r!pSYoA-s@L<%1{C+NlSOqQc%^VQ{Je5J!L&KfUGy9*lm1vt8E_{M-O zN@BNV4mx>!%uzsMnJg(c;ZgS1zwfAxzk$7G%<}u>kifu1iT_iWH&lNPhz$K>qt3JZ zF8)3P##6zIG(Yqr5o&&;s=7i1f#->o16Ec6#Xx$Bd_?_|eYTi*jIWU?M|&;pycN`~ zA>tQh&htLDU^hB`z-03=yJsTX`fpOsw=*2D-|oNSc#?j%=f8 zL03(aYwmf_WA?$c4?(}$evmZ&PW|1!VL2u?`u0pYO5TcDqRJ3pfby|F9~!km5wlB?m}H{F*SG%d=EDda~*b2?@bq&G;Nc8f0&MrUyz}+f8li2{DAU*gsoT90Q!5DwCd!qy64(O1 zpTU>=mG>kJQO_+^-RU^8xA%riv!9#1hDv#~bT)R1VJV^7c3zanzYFk)?+(=Fbf?)EXCXp6>f2l-h$fSQV2%D^Kx!4x;NEQB{uVA3 z!XSDzloSMAv8tldP~y}Bf1P=IF2J|DFY`#&>EQUoGn8G;^hSUA;tnDO<$@8aUvkFT zK7Baa@l8mxz>5I&VFcuM;nO4S6J!`=GD%go*V2=dFYp)fi2@6y@;Pog>_|~y@9S6y z=3NsEKlHc;kgzfojsiU@3%Q~i*i=bN;ZOR#D?AzjZOlbrwJelEcKg{i_Zq4&Eym@N zw7B(d=_aGXF2fe;(26Z0WoCRNje=c*5hQfqaK_3(j)!$Kv|MePAvQ9ZSi-yH=(9e7 z^g!`D%5b zV*TgXl)4_>&Jk&U=iMSz!N=Qg>zGEJOg50E;tCSYV~B?S1pu=iRsKM}SJ0Yd!HTOl zqsn$cTNM4##8gMX-y`MI-B$z2(Uq<@-wwFm@sO^O24(+SfxMi3KdOD!-B>2=EuM-> zrp0i#P-O~&xh~xbDXa0df*pBhb_{rFebCXRkl-27{xSIm{2Z$s$%Hb9TCe+rW~M)| z$8Nl5Fj5Jv5aNxn`!AewE2S83Zg#x~r$@)Yi-6l$8u>1_iF_et%&`G-HXBoSq1go0 zU+lSKfhV?w`s+%+VdATD#t^1Gvz1(0LE9^u5%_LZ-= z4-q$-05}Q}KhP5OWmu6Y)j$UE8)J_RY-mFk*Es1GHhF%}nxyBN7TcL9Uw0|LA1wcz zH+^R}At8FX(J02wgykSxhu*~5;?Hj2P~=&CYv_%r<}tOmgC7n1O;RkkfQuR_e{}s2 zed9qY1$pq8=#bABT?;GPUCY&SS)U)9oyzAHjAfKPMX7Fszkfubn4o)IT7V*g`-2~U zfa`aMZV7*}-DG2a%r-8m3VtfNze>2NX=Y}PeN=Dx(1Q9#28G>Q{^tU}I%9IjPrn_<=(Q;jp(3k|0rE!Wd= z5YGJg23&=yz?)~%H|mq=80z*>h0WBo{%@BQCy899750P;Y=Aw4GB2wU^Nqqi|4Z{- zRrst1cuq4h`)&7Pv*RSvnQu}Y($b`^2|H9CA>3%cldZ46uN0@Gz_Y%8%H)7CiBqQz zuhk2v(BXExlW`v#r2DukR8np@g4y>#1{DUbeQR|pkVLwzY>Qm6S)@6Z)uiJ8M5k$y zfpXt4=gFGon-4AQR(nw6GDOgnvM(0#AhE6)YubUxA3lk!Lap&V>0&uXs0y1&+-t1{ z(J|ebLC^0nSHOPSFVT?$k$Z%(MfB{;Y+JXo|7fm2nLeU8cv>Y3|8m_-D#wSGdcY$& zG){`&m@*r;o!^@<7|3mwb4BKca$iwqew)6hXXR@D-V~SXg#REIvm87XAdD@-Y^-H}>Lhr?5In4xDOo*`LN z0u!1{gcB{WN*G7f{_VDO25NG>0&kaCWNKX=zUvMmGAFqPV-!LAFi;LNllnfm)PfC? z>0)rT?e7wOuA?*ws<$J*y*`KZ-8R3Gm%@I!=N<^dwbrfX4^HsEn&o`k#m9sEbTfHO z-IVA zUw+>FVH+uubolh^XWu0Cp~Q*)@#;$-sTAds+R#_YBzHOjbSvTDW{%4YmGx4nBjpwK zMY9Qq%%!3b0@5mD800BKn?s=<0|pJ_K<8q$@KUHzfDG!3IWTx+pkOMO^m@{9Nj$`j z!L{=q{^1>6HmH9Rm7S2Tx=FKYuFAIc_aPAp#!GE7gl0$D4h(o~@aMQ9=$kVV`duLu z`rJ(QSat?N(nM=8xLYV9i`MRiLr-6$!9xIdRJJ(Jj?A3T)K*bMM zl{eqSk(rs~hk{1zsP@HFV3I7W%vELYFUJfEB!+{jRZba@24VHp+zT5B zd`regKp5#fcB~GJJTG6%LBini2@OooRy3`}!JfWjZFUqiEcN)oEh|-g)o=l{wT;q7 z3hE;mXqk3L`vyU7HRVWO_5o`plN+4uN;P@i^ck#0`C4`R_ zqi|~aNIeHhl5}Ni%HCklWEQfhRfbN!KbOQh@mu@3JD9!W{MLnnFo-G?q31!#`Vy{s zLzC2BA5VD4M}z!eUYB+_3GVv6^vg|ba!bTsgqrPL{zCTFsb{ChI;wc;XE5)O9xr@X zV`#-ytu?<^1S?QWrZ6=czR_CS(CLutS27IaA%N8UV~3mD*>O1j;I6!D*t&5BA3W}y zo6~A#aOZ!j{Jdj-2uc6@#Po`1?|JicVXrG57jZq&o@Je8kj8AHGZLY-aeq|~v7|75 zEy{iy3{dPOi#yb$k>ej5so-;ZSYYELjV1L}c%XY7-MmcI+HI(2ZzGl?-=r&8&|T96 zO~oUIZ-dV{e5a|*OVOpwyIP86qZG+ZA_4Oi5)j`@RT5hzK0m2RaYm|W7ktNq^!D>C zn+GK>+w-Jo7aBqpD*+e(9=bTydpwECL@Qfg)?YiaDZxB|gOQEQztH{O*ZX=Y^%*WL zu7r`l=_6NIgWO;8Io&5JD=f227d5Kn@vOfrnEi!D%^LL!y`NV6 zYZ?YQ?Z}^LM5?5debnN9@*p;`*Vovl7&^3_r4`PAeLbIwpL#GT&ve`X!!5}_5InrJ zgF(fcH`3v9NAq6fdya_}jnAsDgt9prNs4=#Lw+r4h=RCDww z#oMg7p5DrstcQj~UZ|o4aldwWPvkZ0Okb~yK3l2tVU1WR8DDTtG{dF!XD!wQsnReVuRo3NX%vnt;zol0ERHq`Zbo8X{ z^M$D{!lk9qd?mG5Ew9v<`3CRmME7?lwFeBShuugi10C8aL=j=R2F#3XUYFRIx0)HsdXB ztPI$OrD+Ju8*`c*Qr3x%(B5pKb^V$C7-k;DMXXkLVU?p|7UCkf?App%RaaE%ZzLHW zhUAAK47L5&Z^MgUKWpvUqWro2&MG8J)|ih*=z_9Pubo&j*tn!QIa*3#6R4@C z847kAXvFm*fH`Y|z^e78-|!Nms$|8VWfsYKHSK;5#^y6Dd4TvOPsM;cw;JkB8rW*B z>%wgSb1ggGtIc%PRxAZkoMa&HO@`FKrRJ0@Ftgg-XK>!*B9W5JyH>4bpVYK}#~@VV zy;8(sG6N_MlT?T#e;?c~^==kWA%9)^eNj2*1Q=ctn}Dvb(#dCN+pajD=repiSwYxK zdk=JJRh-M`l{QiI^^mGL z+E|vP7L(LU%Ly#?4i>-ydafAW<{GF0T)3i8zKUKI7UhV__Zs)Hq=05avcT`>mPH+48PV6?Ed2})gwck;IFgmL)jMa43UMxpXCGUd z2yVwNSaP>Uu)DH}mCwHCb0v7K;J=mim6AjuG!A05blAFFCmnsV^$OTSl{qWkutik! z@|eP*v8%Vy3xAJg^gGWQAo>Q*nQC{< zdse#O@Gp}6pf8tAh-aLYpd-DrmRCHI;HzoT5Dkj1f+%(cd#H!3#T_-tV}6347P-dr zRx1pU6+(Na*gs)Iv>u3@>A-SOL$JUq)Igy!Qh+2~RQ@KH3x$x5Zn6{mOrN+Nf8MQ9F8)^v2?VQ^R7IK26)L0pH za`})MeQA2t5lR(M7T7Sev*^F1606A-fJP$h3Z8{_e~N0==wL0sUQ_G!KGoRtzl;Q( zYe5A>q)5-TuR%Oj2J$IyRYo_~`lA{>M`*sb0b_@qY-!iInyO#?LO?3*(H(xeyIww< z4KZt)S}oS@7&NM2g<1UQ0n3DpgUlEKGk7%?7NIreXEr*F%7{2bES~a&(V#qL3AcR% z9jOY~8#h-CTG53{HN<(P+@p9MS^5!e*V|!I|GByugj|Z6aE@yTh>I}&$i!eM)i72T zyjse~i0$40_P8;u19FNAEb-4q#*|kl){}ySk!xI9k{!z^W%YNyYt+Hm&(IRkntCG4 zk!D3M955rB%yaDclSP!W84b*(ikhlay$%10RS>yWqQCjod~mH;*3URAFrfpEViIhH z9lnZ4N>U%?T_6h2;hiPO`E%vhn95k|-@YVR=)_scBlKSUTu2ra zq%`C4H4bN(^OrHsxW7PS1isjhxBjFt_4>yjQ4hz$AqnahE`;g^9>P{D z%z_V0=n5{f`oEegwbYUL(y&v$s-SUA{q(~D4O&fu+6qksK|*g3iz}}cj8WY|0O0+D zXxk_20>y#Xos5h zkyjo0v^fM3w(Qr&WZQ%k2Wjynv@!!<25>}Cv2rz0{T*c8X2+>GR_Kil|JBtyx@0Wf z>sJ!Vl#0Oi)V_n(S((i{@?zs(G{NA4BrIn2ZVFz6DqpiHJCI`*ZKU(53f@|!OQpeA z@z_gr?f9W7zK)3Z?K&zgY$lM+$$6-Sx;@6ZM zB1(MO{lOADX(N$4!Rv?L=e<6Gi}K6vNiK}okukPoNr=Qv0YZYAb!f>B)8oN42;-sd z=#-QyBZ!IzC~9gG#<`qRy(uBJawn~RMAygX87)9K9m#4~?%WC|bat>qjeK5hQqem% zfun*Jl4iK#>-}~8_ct4)-ALTPDkrZm6vATlfPWGMj}HhAuCmM(L*z4k!s72+K|DEp zXOIuu({Lk~pg|KjR^gb18mL)3wPV~N+IvopR8iRY82|oWnj{zIp9-M-RjMttwgFHK z;pnGs6Dr7_e6L|ipL5idro>5mR7lcG(tGmzURPwoVvd~OO*?31*`;{Ok|aEP^qZ=B z*UVp55S$uvRsN|8Qk2T|p6BGQf_=CI!`YKWPe6X+NL`8(yV`D6te(C!Xeo?$t@95J z!k55~Q7)vd^O0?CH{mab8IAv(4S-&4%+HrcnRX(8&dk-%6X_V8k#KH)zmUVNa|Z?4 zm`~LZ43SiP{nA+oZ|>1Ez_;pT_)mw@VZ8{AzD~icv5=-`Q9g0TcNBOuGP}8;Lv` zRLq;DF*C~N;j!5u)1C`b`iF7;V8rA#HEp&*(kL@RRLs?Yf)s?-&3Oijf3TrMu=F3- z3C8RP@^?!lj}+DEy8+|v∈}#9vI_;R)nMb^&4Fv!l!<-JQSr^`RBPxGe^N83_B=fAdYB zetQ80wZk{prHIi2xkuH?o)R~an%VSDwmoGV`Q>6GnwOTg8y*CR!^9WNp#qt z;&@@IiRwzPLNUK2qFhPpVGPVhzYP=ww#K80|5N$D6VTw!*w?iHR2tUR4*=d7&f|~5 znKz|n&>@)$hLUFN3PUEFl+n4Q<(W6fI3y;1Djoun;{xE|41dCOSB|6x^N?K1w%T*t zWAtZKp$7nYFcd!V!W*SRtI^KZ8JUPAI5_LE+(2v&aX)>Klw?x*~svhw{dP7OH)Z z9NICXogb!H*hmQqUL(%tcs|-Buo`ODBszCr_mo-G9AtkN9t1?oJ7A<3{Ms|Tr z*vUeG{Up0E)L%c^z_VNG2TJhuk=rJm8OY)H4TxcwtpA7cKl|r)EC*74Tw`zt1j6A& zbmpZnQ$J+J-H6WPy%e&E{B`ap%WsSoDB#Ev0O0|sejGk~!smLA3I92>rplxLpaD6~ z4+jvkvSY4GI1T&iMkoBYu6x5>KUTKz0{~z2{SH5y8ev(7clXN_9abWe^2EL_H_E+6 zTBUoEsOo1)^7j4NZ;)z#@*y$%;oDfCx%IS`$%+AC_f(`w6wd#F{C5V3fkyfIezk_T zy+I5HC_yOdocE77?svTvP|~kHyArV}O?c;JVQ{c5dnWwHpy<&k%L{vcVg( z_AiGx;m)rdivrAQS`hANK)5+P&Xza=wB)?=A}XiFS@{1SBY>3I6Z~ic5KRJjQy2^03M_{fq|!)L~|C*j3FEH@hiXPuyNO2jDX_<&AQV*P|T| zD9E~I;q*b21Ap!7eDzgp7X6F*2@N4rc%P+I=a!)UNZkyob<+b-kJ0c z?-f{D;$%VS6I4SGG7PsN0f;dRSlEc-HKg12jo-65oiC}b2@4tfLmb2V72)wf6v27) z;+O%}n#&kP%6h904y?}rNIzUNrIEG-UCeKum|zk@SMLeiV9*{iRjm!FJ<~sI|D7N` zzS-aP)#m_xMrXTsoT9><9EYbkV0tzxAe`HCnEZGbO*!+rq0DywP zmB0Jc;cn5{N&pjacYjCa;8%Vrv%fjGVrcSH|kM;shQ^LCh9tBusB^xW|{fFX5-QUx%i8gk32f>$&qh-^W4s*5mHxsd-!?%rEmQW9jy|I^U_l^`KoC?dsTjIzQB%fV5t)cZ5Y_yItlGEQRtDFmZO#LI6T8UWxi)bNHJ zo3Jitpjx|=+ie5=gcDXh_qOhys^@!(uFHVQ9lp7_&UV5AUz4<^G6OWD{I8f&! zJ>~hTWn@|axVu>HkB7d)b%IT6GX+4QAp-zr#sGu?{8omlo{yMOv@fhrlh|Va;Qns{ z9`xg`ri&im6cbBsxEO;Qol%T6FVHBF%e%}NRik+Pjxzc!lERoIy z002h70LUN!w+jwj6#)Rq6nA`@r2AtlJG=+{=z6b54!hlR8)NX*5hyDWyiPNqSScfH zU{u#1;Qqz>pN*o)yr^sLbDh%{ci4V}fz<$-i|~OY?#1JRKsPbkJ8XKABF%L1v*EGXwnMP?>Qbp{>Bs(6g!zG5QCDxZ+l4 z6I!lx)3Z_hKDxgTFhUy|>tkJp_EA}F=d)36LVG3#AsnXVgIVBWqsusmEH7LdLeLch zPD%fR_peMKaRAncRIX#ywT`^Ui}bkG9pq}@sD;SxFsM5esew(9h!Dv}mo7E&&aqy^ zG%3Q|^L@jS5@=eWR2NtXmm_-4e5GIZnRl&ul0v-qeU)$0cA?I)g}Ay}{>Gyz~B*`c#NlHqMm zriAgw38;Yle=+{gCW@DkaGnLN{(}Bj*Q&k~^efibBPjszXEVx1nujbncF4O2fd{tD z;+IL37iqkhcw)I=@!%)A#54`;6X5s%vYD&GiVxJA% zJ|`Z*)uOE4v|clKtRSY#utza(3iP3Y@ zP(A_$7E`Yq5u5z~F#dbbD$)Tm%%yOmx5nNx$`9)Ymy(5v_`xzCu2V$H&7aG3!#IZ4 z!qIO(|E2MgQob^11CKbwvLIbEN(rcqJmgvqvp%aMmodzR$v)68eah;5eq;4vgG|j_ z^juNm3^667j@~DCw1gSkm2T*Qk!9I_m=p^E?qtb0PPm+ylZ$x(U!uzj_#F;_HO+M2 zkG!(-Jj0)MVF@ny--JkLuCvY{&62e+Fg<1Ttsk)6?7b;Ama0epn3$*=F{|v5W-fp4 za;XS#mH_~48?`_t!CJ(4;^AWeVf7EXcF<@4yOYGUNcDp}b6yf<6P`5~r^82MkXr;K zq_q*Bdgyl&eIow=6ETi3rs-!h7zFT3m?2U=0HVzLnqxRgGZFcA>$PBi9RT7n^m_;Z z|5HO=m;|AO9P3mRK>v#g&LKTy_Fx&W8&q>+bUG|j<^y0@i?erZfVH}tH$Cl&_bWhJ zBT|9#gOf+x&~vM-N8XWsWO~#5?}FWC{oQy$pA?GANV`#4U6rGX7h0-3HKI=GYzv!4 zu{C3sMxjs_a|lEO7d*hRil9*W{dgw2XC74*HrdlFqyRu1Es(`dvxmBJ<~*es>A#^M z7m6Z-;egQc{rBgQGX4K9{C|f=_X*x5~h(R{f0p{~*w-A&1u>*hOO(9fv z*KF@%leQl^8P0Xf_FJ?aKJo#y+60#=Eu2Uf#Vmk&+(k%?;!u(%yNf^xT9YzZH9;0& z!wXZl{4mFK%-#}5$Lfz` z+_w>f4Xg(~+=@{+o3)>5`NrVcWL60Di%+cCau{6+g6YJa$;1XxaXFMu0X5z#1#dTP zFI=N-rRZj2r*iVCC!+Y7A5){Xh~*JAs}I1fwBU2^V9@w=1LYUxAfoWWV<>KzX7JQW zKA7?6kq~CgAKC?6;Cu|(zdC_WGIzuOhSR` zs%lXO0HTu5h*8CyGW=`~Shk3!x_U zutNv}VkQ89*w#;T(Ge*YoEhW1vJEl0{QxeGMo82)SPftcw?&n*J?S((-!2C4?|)SR z8Gw;ZNOVegJoM#j{y`R$v&T%v_$sG!I*8|S0V4V?o;cYb&3#>87_TnKc_lS~#ap-U zuof$zVh4X1UeJXjkqjt`kr4oK0)T*J^^f?-pq!>Gc>ixY0K_-5fZ(BqTL;67egJF& zdL~CQCJj*XPB7wi2Jz+;1j?d^_?BqAk_CT!!9o}2tuUa@FD9+@ey|9qcX})XfB^?F z^)i6p1;F|Mqd7lVY`b5ks6U7r)UCq?&48IR4I5<`8J*!gH$kmw_vX=*I6Rx6dVt$# z5F^|YA;*N()s)ib2Ry}ofa1TfoM5~9ZV_f2r1oeX=rR7A6i5=*WGjD1;r}xT+`gUP zn2@Z=lA=i#3(*&GkDi#GHM8>P0o>3Tlj@CI7cmr;NjmTTNMfR??mIo9*C+-6Qd&~7 z{1o$Ue=%N!mil+qaikyO0T?HVRrh*FW~bPOtLp?VtqiZU?fC7l6#33Ds45>geb}c- z+$*xdgc?Ixc>Cs!#9rXB7-*YVnjo6~*|ck-6#&8b52GiEz2}Q&J~Q)cUFf6(=)bWc z{Ly6YcVaZ!MDT(Wrg6R>7-xP!;wv&eVJ0t za{`1R$VeHssT+hrqt7haOD}rhM-`ey7Mqc1qp*Ku>kdC^^gyc+B%~T zv?FpjS;swsTmr5Jz1Z!`3@s=M)J<#wJVnp1EY-&bOAl4A(H3$_<@^7_@-p>e;+xV;XC;1DclD|;5hatev;Znn74$tZ074t@73BW2?j8lM<d52!+VZ$vCXPmL>tx5dE-h!$M5n5+E!G3K9UmSW<|ES%N9xPbI$s z0BaB`xNrb?udehFa_-9?H8ser-OT@u%TLo63tntE4j}a6#Dit|kPUJMAkKL3bZB@Z zwZU(o4|K>9y#`fj1_6Lf9o|CLrCwEVEp&-%n$=LD;Vmxljv@nqgyH}WC3*_9r&ay% z%6T-vBGan)+9{$RF~(`~#Ln%msXPbP4KT6n@46k0q}w+a(pb(F>OC$>_2}G2R3Ou>+n5Z$Cg1NeiGnuB34|I7jYlbC`>t|1-m4{_1} zK*J8^DE4u@pNx;m1g&7?ticTK9AnDSb*B%I%VZYvTPP3VhQ&)?&r z1qNhPlyRyDE(O1;yzLw$qi;QkRIR(wO05Xd3kkJ;{QVBqnZ2UzX!PkZ3!fTLkL z;uSX*T}awLBM}$MKD>P<(-+UL%|x|OXoCW9)0Xu9j^;=*a~@&bble@#?@t_O^ zl}g9X11&;+Re<m|Gi`72@dl!>V~ z>XZ)xjC;wb&|Cunx_*#fun|;^&r6C=lla9}3ZCk1{u{H{$jT&kLDmy!tggp6_E=#^ zfJpm7+31yssL@UH8Xm2iAZX`TgkhF#)9=GX)vSr|%ic3FZb}`vGmE8(UyaC|4@&q8 zq~CC7+6hh?U^`0P3%l=cw%9J1zra5u43%8_#3Cb|sS3*ZhM}~9UKGs}TC@*~#HWNn zp&vgvd|+0*6PfhhyVKT2@8kec5DR`o*XJBS5A-F^@mN z8b*K&BFX(LK?^ugQKTqyR=+++$QO;7vee>A34$ts%iVWjL;3;_4kwUTp|p*VgR{VF z+k;bd%ju7Pv_X3MC;A6H%ey&}Vs{8lz4pMroWy3yC}Fr@B3*=te?hqS9CMj0_vr^L zD=uu(;$*l3QO=y}xlw-lsnYyS)yDBg+!q8u(Fs#3s{X34Wf$y8!Uur=%Nc{5w9hbx zj*eBe>1aC{^gnW%k3&~Wy8eUy>jMV`ik=|z!BA(vUaF|ePZ?l#^0l|D(41^Ev?=8< z(Eb?FLh=j+H0^@N4-e9e!5lIR;C$Qg`1PWgyZOvg5tl+o9Rv+9-I(3@otlBk(GhLm zxgDKGqy<$ibDsxkCalk+Z9<_mffAW3d&oCgNGu+c$~h>k>;S-PHP4**XPUQ5Wj_M} z_=aCtfO^mbCSuLMB*S%(#5o1OzWKL6fKi!HuL**od(%k%XdX4h39f&Kv(XU0fU7TcQ#KXPr5SpNj86{)$dN#mcUOW? z(Vkx`I6D#&GARMbPXOe@0JR+$Vq_*O=q735e*^t`0*ltl(ZF24g-0p8(Z((~_+umW z{VeuQ8X$7pF)V~`qRm$KtKC|D6}UX$saZJN0;q+AzE=H^7X;{Lt;G^fwue_CWQwD1 zep>ef5V3|@chGIR7?vpFU(Q)??oTI+zzQMP+Bh(NfqSdPcN9WrAY_QrvnSWpra!>H zg(BJ+JwGb4m<$P3C&ZBcaLPskTw%>HOy_<9)1q#qkYSw5V)ptkw1BU=;6?z5+_XkK z`I`DB*wz#~bPP|}mjhCV{EUPG?bPDK;xDxg#xm*zgOYR_T4*^}g#);3GZ`XC&leBpuLcroMB% zS^i8kj1LZ4Gi(}ywtw_l(#|Ryv7eTJ=k){tg5LiXqV`muiu6{-Q&{$*hOx~?{x@C# zh*yPZQTKwYwnOE`h1}U~4bYrllLt)vFCfH(D4DxxX)x#jm9BFS9 z$b!~DL@yDeT|-@D2=*i^6ux-`5e|T(lciI6eJ$hwAkNLtWo;LYeTql1)IxIU?rt)TBvm9!61^1c@&@# z*=ILseU1URFi@t+0Qw+^@g*N8lg@f%y9fmq1Cka=xD* z%$+jUbjo2QC!!MB?gK^@n*+MLsEy_|iVK}8WLi~WatQ0A-X*2t1Yf62ki~55++B57 z$OG-HBr5>=A&}uFJX~2vXA8%Ok`@aB#SQ>k_b#B0X^TQyk}|%clp(mJFU2U*lRCXs z1-OC(w3S^ak9Fc8Y<+on~c!$2J?bO=pNZN)D_J4MQb`X#84AC@@gJN3s%~ql zDHIMIxQv77Jp-LOcWjbqg_Gj%%P~H*(cd%!kI*zqQHgfg8cHIj$VGN;SP>WjVByx+ zUeTSZ0N3_C_iG80LUNG$!dr+XZQ398p?4y-LSdlFYOeV6lAxWn6aDhqJKz}r>odVGmXQZI? zZUrDz6_lwmf@1=fxu0jTdTJWt4SFrO8v)8EM;I`%q0JlMcKb@#h%KKWLy(Z7*?Ju#s2-?B3yc&QJ2;9a!qNe^3HW{(>Ec9zHk%AU^PA+gp>|Vror9GO-@55DQ$&A}@w>nv|s* zy34YL?3!-GKBAxb{gpIg+_WTcJ=n71@&O%@6HEM+PF5b$z?-f}6Nu)3V9H9}@%a=f_*7IY-Enzs@*!K=uPx zj^$6R2R5H^okTU6crO&P0wuGnhXDGP%vjA;0D=fH%=EXc(Kg00@lcl_nsl^6>0kLG z(?}WfBC#sFhw}Y&W*RbRP#=B<7>$DR5t2Tf8O_^DY(jI}hRhTIR9Aq7&)Tr*lT_u^ zlk@D{e^3I2p9YMZ`0S}Wzlvdq6_Esup#tQfz8#_eTv<#O35%8$ChPb%*3;}0d9SV% zxIt>pYzY7=!oQtDIb86bxseA96@hN~sO&w=A;6YOX%nMH&Cvc84DRi?gaT8+J+#%u zGpPeJ-(goj8XO%c=42F9xA5&P-j^CbhH6(-J0?6 zBBq3o;6}3iRG5jo!L#OuRveJzP6UIfj4!bQhZTgB^+Pv}FRILg2$c(GWhf%}R^%cO zr(_R|6sVBFvFt*+bBvZWHCa*w0JZU$FW8;{XkL$55JHI!DR5y@Wchftnrv)8e!3;RyC1Bz zu{7Z9fj$#LDoav8h!3hmO_u_JjA7v#C-(On!c~k;K{hns86Xx30L!#*vX=HIqdXa` z&XTONnroB4XQWD{?RX(<8`+wpti6gd4=zE;IY83k3~_E}uzIJc7lsSd$Q^ z9{R-bi&YS{0~4&4u|$#YB}F))-*U2~NrOv0Y-?~-8 zbcV*AvYTP!IQ^_Zg2JPxtId-em;BiVKsBZ|D>o5{ppL={01(<<;;_mu7ckZNR0=`M zmv7*S3)=Iz45p-50iNCRQ)1LZjpS1-1%)1su9wain_W*FQWF6f`CDJO5#8a5BuN*E zo5zm8${`%3f#XbvNl@flFGZcy^UGLBF;eCQ@^LYs zQPJPR1z>U+B?%Lh14h@cYzm|Z!2|@n7YpAvtR`~M9A8CizYUFY?a&qY7ZW7V2pkZG zBS(7u=x@UR)N7o2>{^TC0xqF$ijoL=bfe7yphVG?Ux2^KmfimRUWuc%bmvj_UtAa%MA{r@BmmWt z+z|2ZpvQtTZyFfbwP`tsL3%U#faT3V+POH+F(8iJ8W3OOkSRXIO5)%DzFrc<#`)FY z;ZmLs7889m5cGqcs&5=$tZLm)UZn^$l7TiCJvr8_RHgT|c1oJL7%Sbt^x)GHa?WAq0r2+Dbzl%J48CqTFYNV@pft?hT71X~sRY(|HAZ|Gk4tg(_lqK;xVX86YzWMp}e5KS9R_c>9`O0U76m=rzBdEr25R8fvC z+L5T&R=v+0;fM&~80Id6qQ@n)uC-8xD6YwSVBm;>II;$T&rI$hI0PE@8)I{F2Rb;I z`ayYuX|n1D4%;jnc8xt?vMTUH%fMSR;L8vF@utiLg)jD`mp>5n0mz6(YQK{;Eu*~- z1L%|Rpn1QLyZW=pwW3fq2>o8ci}$5!tr zQA{+5do;$*E{+ApmA#y&^sS>O?i)lalt3{C4H;!~t8r%lRFnFb65w-P33xo~5MbNK zJ$!`!tOv?Lo9VB65U&eGx9I7P#GMfB&{jyd!@{X=Rf!Bs1@dS7nrG_y_5Dl|NpFD_ z39;K21ll(*t-nBJ%_cK_3rf8Kh`l%$ckInV0o_$RzJ-1LeHM@B_;_$F_W#Q+( z{53euZU313swiiIK7Y^Dd1wiOh?3wxn!@yguJ2am?SL8{)Hyy!DJ(btfDx6l32l?) zeufbm<&Bklm%{vWAjfEU@_4^EZ$oIz*=Y#%{jg2d*;z`SHj6Bw^>{-DN?=V6B`SIl zU`4yxtY3M($b{3((rul zJH zo{?{gw%pCbJ9z^MH|hm|oqjO!bMB}MripEB+_N75MDn%<>40193X!NV7&o7(viwJ3 z5aO}fY@sG~?K`)+BFhl#fJAq_<{UpSLxjJd>Puab6rvz`$4Z2Ko>V&Zo01yixS}HC z{Hq4*(p;mdC3;ET&ne{P2IyZsm?emq3pjMb{j~$mroJ`Ewsv<8!wZ|XTQ0$7HA!tt zVR~v74@J`CbIB5IKr*JnZ-;qt$iW_PTuiSbHB+GNEXlGNxKi6FoNI0ZRgu{kL0(&r zSGsN1;-_@XX9SI{r8J$byRwAjFe&k|1j=c-mHA?{Ra`=~Oe)5~Ko5z2>=dBeqs~Fq z_+e99-f(pKekll1ZpJ*9UASLAE#hwAt^be8$Yzu)!)W2iIgX1rQ6A4}A!n|7lxu#Z zY-wlfA}hTj8&BQPnf#i_NX~JCkUz23w_G5Yjv|`~mMpL&d&GS>3p&ZVtWdMLC*esfhKsK}!=OXhqB^#{H!dN#Bj92aYs2tSo)IvjD2jMpc`NW$Sd` zO8;~i2#P&HI?rM-&32dxNOluNS0$xdsd%&aCC_eoqsGlS_C4|@TNmLM-WIYnxjjTD zO)6OD{RGRf`noDKyMENG$tT}V<+xZQrU1%|ut%6j*>Ufvt zChT6WaSiyMsL))QmoJ-*Bm9%|p_AUS%Q&_+0bwFWM==msQv^LD*-+Q2d>(&kpZhm^ zyQldBga-94+I!KUHNu;wGRPCBPi&sVfMNDnpTyv4fOTNv zv*UBj&u%UBw7T}$_^48IEI+hb%r^I1(+>Y1hC@MevhUqx! z%G^d5L{rAQNIt`ed@z9`V%eh0tN5nNn5L&u-K(;1!(r_9-!6K#!Sxbj11Ka^7Rq9Vq?=W6@Ew*lzp^#w5#mgRWR){buKt0EPhm|DbQ z=Sl01;g89R*0^H1hFmn>#XsVVe2SA;qfUR}SUyeTb9OLs#zcj${5)*#LwH;+4@2%ZE34$qVnYyo~YPI3g?H24} zZbp5U9k9ATr5c*GbKD;^K0`MPkfYa^?VO_6U=r)w?OedT?Z&auU_>AS1`LgV72}XO zU^Jmb)krK6{++y1#BX9os2li|0+<#pIK2d%gy%{AC1v`5gMd6_c_NIESISjW?pp9N zJqjShK>2$p4vrauSbLW0?Kg3Ft{X!-M16IR6k#Z>BnK6g4w7QB)9U$b50OrvA!x+_ zry*%zIOUTu%i7Ar#@AH%*eb`n?nkv7tXikvW)}{nPhL!2y7_T3{T>8!x3IdxGn%wT z>4s(ZNjoedINaxwx&4WN&k2g2^;pF)NzAW43Rf6v0W`J&nD;VQjFNW?-NxU=uJYa- z<`p4WdC3<{2?VBKWJ}e{Ui-6B9j);>#BCa>O}2g4gMUY&v6b?_ru8jsrcwSBQ)o#V1-QmVXpAL zUbn_8rW5ZM(64?@N;4I;pDOa-q;9A*$)2_yBB9pR`>A6B4NGlUgw4aKq44PF8|fej z%?CifECTM&F43uMC}{1=pJMd?7BYH7Km8?#|46$ME+moii;?j99~cL%j6!&!|G+hLGJp<27mtkTUa8zXPYf#(*&`zuj+ORl6? zV4Kzbr}dF%ykpTdMEv%zxNK&!o6n;TWB4)X03QT$=DED$69^-3le$Jwx)O%qv=`(i zIjc<$A!#saJ`j=D#jVjyo(EAWwqdFU&vcuOw&*&r#y%Gn6quNr$FDP1G`YWy)_!P24rvL_ zS?xat%VkSlGRw$xBkKS1aT<{$TWnEthj{*Y;^-%)B& zXPwT6KMqF2olU`@SI|}+QHQMKN;z5DfE3s1&qUPNcfG19Zu%`svYS6SLi zC1H60?Izhn^)7-{(c|Y$Jij9J0Pgf>O{4j+Sc&i3XoO4vZW%9Px_TqxBNi^ot2Ft`gF!%D4!sTdG& z6Ie_ryi$sz(KdHi+%8byT~JI7@=H-BDp>CsbUhX|&dqf;YN#=?HNP3}R-rY z%D#UK=pbV|OeNt?Sr_)jF2br5Yhge4gYrQ((K-E}HKVJjUN$B=_f)>-&QmFaD4j$C zHLgzAScj%lG`rakBGVQ%77O8D z2X)URw-QQ|l}itZY`SA8LZ)@BN{T^Udv{NCw34?7z;y$RI;t2IYK8<0FRGVM5XN4f>1$XZbtCPbV| zP4FT;j!J$&N}YN?jOpgDrN@Rmmz-mA!Ej&UC4oE2b`?@?>bz>k2OSJWxm8oi99M3$cpRYEmV%(m$U6MF(4~kL6?KJ=fQNNuFjWRm z1-2s>^ZT7zy5Jh=I`}$gT2&Iy)KSfBv2C%hb_+iil0xZVLW^y;6hVeXE>vSrd;U-x zeE(p$2psUhlx6L1NI^qXfNy{Q`}mC7pkp#ZFEJqE?ksJMNt|yxjj+RP9{Kr>{|$_ z@8GYC8dTnO1)~pE^906z0ml65JvH^q99$oj1w49ipPkoblz0m;d8)ls6;5VozbMJv zr5Z)n7U+Ijy9f6{+X@LW$$lb*@kxn{3TWtkGc4#c+$U!mu!EL&Pn55rcvWEYo!aam z);=OUbmth~*?wj7l4HnQ6-iu%GV{^rjmkjZe+JGUGEz@1BJq}v1=SD?ld_IG8$L6a zyVeDY`!+yVi%j|r_w%zPU1F*vAr@kmR>Fc5g0ad&Z9`=!0{9PrLp|@mO!qPNKj*#{ z0ptP(SrRReY~XaapCBl31PnA>)iWDfPB_Dz@wNvvO9~dQjQZ0k5g3mwlW1JJYo;9r zn0UJomKy73*$v`~YWW*$<0kg}Deevj%nYMkf4(`y(2+WQln%LW4mh&YZ0IxC%WdPT z9uOxE)kB4yH`}^YcHji-cX6#cVw~?X*^M$6e{(=n7< z6wQ&YBlxtO%qkpWNsC1#@bf^%Hk}^FWRg9&fqFBc$uBUX+eb&pkf2yK^%S>ht*=0s zjWM95=*%kxS&GFu%#r1Bj*#cWIWCn@lb!M#0)3>bU(npHeyug}w#p1lgkN?%;Lo%h zw%WKu2Ajxhro35M-?g6apGL!oC{P|ie8<*&wZ(B<2FW1vv#!K*m@ip3a!Z|KDrDo4 zb&tc5aKh>D+$0q-^r}IqTku~jpoaR%@dz^hOBxN%S~<|jNjaH5knb%=yt7d;LU3$zE9 ztt3A1K>|SyQu(4JYTPc(DQ4?*uwcdR@TA`lK}2wo3Nx+h979US>noZ|`rs*?#KL3fu$ioC!W2;JDwuy{PyJ zrAp+*htbEs-Z;%L>3f;f9xo2zcz%yfkf`%JKFNJ@$B!z2ne?txklOeoqC^&D$eA5W zm2dT3_u6$fEXI4nJ64ccsvvw>RUa!Nj!aG@*IU4cb&F?M!0vfC+7M&I)3I5o&2mtI zT`sL9Iw%Ez40>(u3~+<<9HFAPiyc03mN(Su@q$bCBL}{yy?fIUEfVS$193G1)CTxz zudlKu1R4I`N?G+Ubo{P!Y}1^Kf_QlcVZ{ix3^tyS``LN7Klb^ET)_Do;VqY9`zeN+ zcji32nIcs;ukkS=5CA~(YJHRnlCOF@eg_Rq4v``NB$R!CSeq7s7&f2A)FFUhO@dFa z!AJ6WWlw#6cx;Wk&NTWq9OspvQE`Yv|+JolLGI-b>bs(P9pvHWr}l8({s;Ib*) zi5A~hbm2NCkxNtXX{Kh>jJwYv#CnTU$%OUqq>mS3rIvj$mu~9=iyYO{cWc zEM_B4Rs)&b5&POwtNPU3%h?HJJZ_8DVeaWlXwKUkeV8gI$As(yS9}6LhCj|!OoCGQ ze4J1!x2qL>=hdBDlwoZFTvB`YFmW0?72#z0PeALL4S!FVJ^u%l80@MtuDkApR2^n) zQlFJ)@Zlj!9BCAnuTcd;W?+$BR`}ekWv!_+>c-o5l0%5db(rk%ZTGF#8&-?r*TC{j=+k5jE=-Yeodf)&>$nDq>*XqL?I6ZZsoU$$cvn%wJ8A$ zd~7j@*$f>Jef3(ZKLnKAPET^93qC&4ej1BqbmdN|iS`eXCn*8XaD}vrG@f{SFwUvgwO_iC;wK? zwmk*Rc5TbUI!@r zt+GoPBWST?+>C0eak&&l{XV{+h7M7(gbqDcmbudgRnteLIa0;p?S%b;EH9-D2cOFz zyj?tG?Ov0FiM;{GTI!^@9HO|}Q)M3y56(Ba19PTyAuZ^HrW3~tGy(x3eQ28hv?SR8 zy$SCB^1=)Qe)pBShWtJ?N!2qO&rxOdqo%xyErldM8&o5Y1d;X~P+9d>N7<1DdON&O zc?&T5DH#z{Kl~Q_U}+I3>lD!UXox%nsOoSIU02Eb>k7cQw+V)>m;>+TFk zivkz|U8UK6@TK?byJ7`Sc5wNoL{?LSqZ5OXQDaH2W73=geUB4gi;A>@3VI7Um91cnjnty!agML*Kt2z2XQo!J1K(vNxWK^MK-|8M z!UK=@>}EclkRd#@=4OtnR#M$PNuXN27NTeeYJ7}WCYr=I{bShEPY-5VLb?gEWwVLY zc zY9QR)n0wsI%+KD`z9pNR(7d@%JMdPL)v6X_e zF1#l$T_T@o*~hPm!J9PC}^lq9M3+{ zCwSsTfifo=+t9*lq>{VwIi0=R3kC^+IzzfOO+5QVZ=AC+HsT9C5TIcOxgp3iQ+#< zEf%HLV|w3Dy~p(i46s@@p9md7?QxOjH=eCf7emeU#18!YXeJATr^tx-hAHVNNt_Y)J2Uh;;4;*ug5F0A=(z~9t`!(?o&3oTDrxXC2BnkpEXNSi^2*mLK8lIx$-aosg9YMZ9k?4_7`wz!3Ex<7cNa7_$^xXS z9@Yn)6J9M$8w<+KU2kfIo_?(C`j4H6Ki-LO`^oANH!{o5>lsoM0bBW5O(~3v9i7X@ zFUXBMPmF$k&IkMLn2t3V3bZ;ki$ihK@ORVue!y5T(DB2P&^U;T$h*!0mG@1s1ujzO z3H5@9DJASO6Yu=wCDy=;TV>4O-7-^Oy78muZ9%EE81f`z@B*=9bo0t z8jfY)IBm2><@i>G6b3p!#Pn!+A30z4L1riM}1vWHdAF}^xX6w}6Q=Tz&8zUmb zW<#NnFc}B3lvM(&DYn@4h0hfwrvgn@i1#jNlnaBZ=>$=?_BC<{k_BCxDS2z>XNEb} zHK4Uo5;bS*2In#8w#5jV5v}Q`W5|AZWxonw9(V21eOv^ahm8NoHK z%MDKzspK@&4l|oLBQ7w&K{)Ri9ND<{{l3`y9HJopIp$1N*dzIV!y>wNH|$(8oaaWs zh+rTu2RVyGvOFR{&!k;_uc|)47EN|T9!&f2dw+nXONyPmP(UOI)3MliKM&LKl|ROa zjppvuee3OYhI~mAHt&Gfw{@}7tGO*+z-n`4Wb*=E$ILAN)Wc|;35sJVUmdy4iO$4v zs{8NXpsbA_#Hj7m7ERbKk>EIH#+OfKARZaHH`wupC3f=FHv%Bq{EvjVq|qK!Y!S4ZKW7V*LD}{X- zuAJ^hO{fBP?3NNlOiz1EKe(X4kiAT?p-zZY9Wf!{R0(zOOe>281e=V8)nu#Vr`cQ> z2+h-yKZ`04y(0RFoV??3WnHY5>ye7K!TwN57=aXVZ83C*L9AxT(5!e8ji9h;Tx0VR5ZENH$huB ztO*A7X8oPqKJ?o`I|L@jzJNg7&kjk93=&Pw89a)fAF{H6Hr3;uY3~dI+-u~w!lR9e z#OWFQQ^L;(cHN8VPWo_V;$+_ln~=>>U=UHu4HO?jib9Q0OB^=lu+S0(R2hX@U1M{$ zySq2ao;rxBf47=LugaMVTlxktO=K}|G4ha|yynwjc9BH|$D)C3eSd8==rvYTwAYAe z5+e>a<|E&qzuv|RTPoDl>E{`t;M$`OZdcpnEOXUfn@hlPEa>zAo&0u(T_P|>iQ^1*OBJ9g^j zX01Szq|XG6fMtvvl6@XP6QPcAYn;{_howU&-UR=xcc|{&U2`g+arti+MmZlv?EXDz zPG>x$bPI|)(y8yeDIE2;OpO4rB82-nR`n3F_axoU#pZ=MXIRrMo${Sqt)ecUbC&2AQPM(nYFnkgXw`eE%ZansUH3=PyGwVfA(!3u0PzCxf7*RXdIjww*(#jAp{R?Dn5Nz1fw%D}S;^=zNh9YM*fmz3^WhAbO#1 ziJvz{zlXw$-!|rtOR%toZ}ekVf011@Vo3$666LYX=H#0l5jmL)=GGWND_>y2tdd#Z z^NW_6-&72X4WNSd%&i;r!lX9w2EVxJ^E;=O$4JP>CXy13u=KtOnI!Fun4uhHoiW$x zIUo(eSf!?D7~8^%@#`lNU8k~^K>Yr{jM7IAKw~#dmN;b z&YKWdi;sHT@@;WGWQY!-yR-kInPo%~OPuqJ*5$Y^!I43!Cq*H;2|PdKIdVZYK6TQO z={-rMrN{+?Ru)zWrgK>3@^Z_tNDa)%nTs3{tv;GnhQpw=T>KDXQjwe94am~#PDeOs z{?I%Bb`9GCXFbP&1JTwtMYjJgellBJIMYcfKpo8}=Mq&#U*o%Bx};Q`7{8r$*z5jB zuYak#zl5X;4~`RF>72)TxEKRnevC=ESfc`dtg!ewOi6a|-rDMrDWA|LZL~_ngMv+U z=bpPHCO7g9@Ow3(h`$I?F#4tt^iuUIo5p$Wt@9x7d?iA?!A4BJwrrkKPgRy1bJS4V zZODl9MQ1b-95$qnkqF!|GhO}$S7^c^Vh}r>^Y~U#(X5%Y8_t1iQ$n`S793S_GQ7Fr zk4lIhchyR?FqbCLs-K!aSR%)%rs+Zu;eOCixWHrPXM!#}6jD0)VDhOS;F%Mh>#9Dp zljT-x+|ak8*Aha3M>G(C< zF}?#Xa+Zq;$B|B&&sPI0<+YWu6@%Y(7)}C33pu_2WJT(0?%z05+t;vUo#FY@*ErHz`L2Uk*NmCrAP`?vm@baWwu!1+GuEvw+&@p;TM(Koh!#D(!?pr2}GAeV5 zxAeqv{c7S=sp2cbGESl5v*kcc{Nuy@zww~T& zb{O#-k5#7!kpFB}Z1miDoP06IO`b=Ao6Rtt!hC7?2`+nv^q6%zv5Wr+6VGn!f zpH`48NM=%;r)-?c;0(@Sz7v0bO%Edepzmh0*oUmt8d@-RVajJc*c8IU$!=@ zT>{IsZ_Fpt0#D73s#)EPwRtdXIPn}l^#fCOV)_~G6OD~1V-$KDipvC}rZ~)0RzggE zD*+FlOVy(OD3W=5v9k^mmKr)C{w%&iowO+2K%x(rq`dpv-{~ql4X_fxBC^)bI%DV9 zcVDYznoRwMRLkQZ^(X5$`soVBAEi~7l<9q1`^{!i+PtwR8rCRnTYr~*eS5BUV*pJuK6z$O~o3D_IP1NXt1N8a819?XiYgzkgL5~ zEd|CyW$l+%-vQ?NrV@>WyMttMOtX%?V>8fFHErqn;dRcjjT!I! zQ4g`TcCtOQeg^kAC+)w;*U!~IY(v@=6%Cs%haq#zdnJ;Oj}TEDt8=#7dIPFOb-3xf z+Tr%J+^va|Q}AQyqjFr$A))4jWbxw?zJ1`dj#mV=0lN>^VOokWyfQxy&~FSN!3L>U zN$=fbv)?;(@WLTKWZ(#Q1)B=f?(|}goIthW>$vev@x*uRc!YnMms>75zEc85nd#`* z`D`JUjW*HiM5disC{eoLpJ0EgC=s%0vk0ckpcxk*3>P$hbq5|DK%&$*ibpsEhb;p6 zpaUOz+mspXrcV>uNe0DoZnQXK9GhQ)4ZbO5D}>o8Ke599D$*iG4f{36jpEuQ`>{T) za5M->fJ9=VD(PTq`b{Jc8fDKwc&fMh5bz)ReTyA$A`G&DrMQ8in%=r-@9 zyp~`XJFqBxGx$z=<=C(D7p`q9s+8t!wmiDMk_v9j1(_`+_iwP3b3T&Fga_icZgS;j z6qKatRJN;{_Tkv!T^98WtI&nVB`^1&c#ML3ZWQt6DO9T;xBQflLJY$RL1k7D60ZvK zOR3||7{QrEOeUx&F1Lty-{u&M&V&S|=-_rr*zJ}?M*Mlz(MoGy7uMMW_-w+j}&CkFmmV57)1MUT((Rou-e4|u=5rdQ%?##u1 zXGVWa+xo#e8zZD&+Q?Kw1~d6A%VK6d6m$O^(sw6w`sRVKrE5Fj)o!F_QLqXet|{2o zz4XgKFB3hvlMRim^m#h@sJ~}*6I-8xNFkg4voIc+%rx%DKMH2+JZ>mP5{~tR-4KVd zr%*k_XPqEyVx6?@0nugq>pssu;?OG~SZ(a79LpdjM$hR%B@jcL=?V6N+F|l~xmMnB z@EgZ)^Qd6`yM1NN9S2+xN%;_SJ!pgN)B(yL7Zlde32dw8tfaXP7^SmVxQ6vtF*i!n zZIN2(2<9PQjfdgy&wF28y!k6FN!zt`#yuN5 z@rPi%I==~$VjxpmVda5^-1u950%MH6xjgCR4=esz2Tehq7LVIL#Kq0ZqW8P+tlFlB z9EO^~4!60n|tbw zE6+3OU|Y2(qBr(mRc(dbp1AcMegxd_D~Yt381x{Lr3d9JzQnbZ9p( z7c*xgy|$#Iiz@Kf#y70-w1#B}CVBc!Xp9={7$6GtsAR)EP!ED2ZX;MyVlly3U6_9s zgd+c4prd+^JKz-PCTS^$N&a)6lOKbCY(*Ltz@F3x`dYP2kO@1ZsP|Z^5<8n1M;P@N z*{(G`I`k6eS^YMtcbMw45JhWrQDbcK!*KnW_bSSfg83D1M2Uh^13m_pyej0}eCw^` za$f#&+r(EQB_Jz@u0UIc7lBNgFSIB~Zr$NqUn^@6RL|NC(b;@QDkjoAKX>nabo;0u zG#bL8u@L_#9*DC&($J&@XeK5F!Ws4vy$%xI9Wm0?8GUR@4bqAvpyK1Vng0B3!QKO1 z6EsGyzW}f1bO%J@F|XKSO0xE3z}kXM#U}p(Vvo9gL0)TGEBu1Met+f`mc(O?oJDr+ z)tM0tx|~?=(}Q$I;zJL6Q8?jw?@I&9ex*1@@~aV)(~2^hG8}M{k$lx3ohzow88(5R z75QhPh`=Ir|9$uzRB8BNdvBW%1Hz;VzmCZL9_vYYLH|+Y$f2zolIYzmz({(diu|15 zkEWbz{1|u#B9~3Ab%QQ5t8LNYyFx8C_z?VCLz=hhi1Oz=0`%? z3*p|OnU6*3BU5Gkjb^cF`me)sE>F7L-}w+1A(Aw>f35TmP=>}Q?7uoYaIezlZ@||| zq{nrXT)~*X01Pfw7~P?$j!J5`G#=gBG2Msc3q2zo^olW$1k)L7aq=^O^cFI9WWKF? zQ|K0^ctMQdt7O^b6&$Xu4T?X+1WMW3J0_$4(pM_5&|L|Adq{t>g>f(O66%7A>!K_F zJ11FLW27mI%Pp0Fw)($kJ@7h0xCPbx&e^FgR*@CxbFyWzDuy!^tWczrl(xjbLP$Jb z!S7g8?KC2%V-2)8TI`}5R>js;uJL*cl%5b*X3F>r0shBZ{9O1lj9=)D_1mrCqm_FZ z>z!8<7d;9|!C9-=CChAL(&|PZ55)*n$Z)gh+1#MNsWz5+KJX3FK&&umwE2 zeltr9hG25E%UlhmP7Te}U9OkouPj(+Gd36+L9u|wq&F+~@$rs2P3JDM*nATt$}gf| z>mOitiE>6-75KzfL*eX6NJu{w`TPpxV4~J#B$>84un<`b*|q2A^uqoJL_oX0Q$usb zGTDMvapynW#SfTW#Et1&kw{Z(gVuF4BG{kvjt2dL9Lj8rZ2ucG)rbQAN7NS`x97t~nKnQ>oWa|80!YV5rUppA6?bkl9G zZJWyly>*kCjBZX2v{NuTgT&qdT;^@-g#P&iW+owTPQ(vV1Jb&? z81RTSwophaQu&;4yismof2nYn9|0#0Jj5kxl$?>92>G9G>dH6{kQ!+~$a#?G7h#1R z=(&&0ei#o|6HuL0&z7_(g=hmG_C~6%THGgi^>lhO8@I#;tmQ}w5Cy?7u6A#nn68Gy zE#}#W5xn>XOjssv!6dw$d?7VjQhD{V3%!9-;=lYpPpWsKiPHeX}&5a{KH>*9$i8$uaIU}_Q{ z^duaM&dN5&=c@8~O(pbAL)Pcdq~G~)K#iaTqC+D)V`^eE;#a|7z?9G2FiPEUAR9gL zS{P2vOLr9a^Ra9${Mu>r(Rj+VQ3}ll{Gqfds_R2n!@4=HgtENo7*AioI@tn)|?xwX(s$hBD~fx?70FOW59e2sHZiB@#P)H z20T=PzgW1A$H#*XQms-9{-+mrMHDR@GQ0I3zRg?y*{_7Kr9 zns5=Fp&?6r9v1e1?)f;X4Pvk36zF~jXa&=(yb-5~5z{G@U_%!+VojDXeL{Ih%vW~c+JNWeJHivi1K z3k0uj<~h(ciz`|DD$~OlITSGcUx&6#0oF-X8(d?CC=Ge3g$6Q%WLAz@M5sA9BiS;e z9BLjqW!ZCYx=?%Nm&D2SQ*>Ok(neJ^T5P<$wi+i-qq~Ci!E+k``*U08^kaatZ>Wa2wQSJ|n;49edjRL(tY2nW-IL?RY45H6j3ZUt z8KWln{)M28>BW(qZsZyGPj5ouTW6o@H_r_$mqA#UZsA~S?4JbIuyyG=Zm}7+zW{{x z8kc`I^{p1#i&-5<(RDU{Kh{N&@|uv#ntw!w0qfHDL*;`?b1gi2)2OSK~lAxrv6=0XPb!1k`DyGw!78sj--VFZM zHB#rsR*AkFFmTJT9EoiLUi6&(K;^xW;Kq-^4taLi_kfJ~?yZ>Ix&p3g@xIa01HxzL z6HwsGpWM9q1t&Pc2PAU{_>KZ-#-1TXbV=Dt` z@eRfgYJ${=WSRy~9iJXp6FloEu^lfN%MH_NY2`la{j)tSzI?$tZa{NRNIGN_NRkJi z=y#a|RCw76g;!Q>vjIN*6d=k+Wwg<8yN-V=H<e_k7&;YByAWK z^fBHFi6l?1&4O}wsNe-vooadqB3iDv7Qm^v-KV zyAy_N*=R1A@=wwGdt)bC(C zX{QH^@oT(4sgsUP&K_6nQAVh>?_3rTJ8A4dzS4I}k5ZoIv2aIG6 z_>U7&TE2q9c4_#V$B@;kX&CvHv8bvSS4m>se$dDhd%qgiKT8&Xchr>wVrD=AypqYo z?Bfeit$SzPJSsue)+$-ep=T#b*h9V1&zR2C`do+Pzz;w)ob#TFo97n}LJLmnCJ{ql zI3Vk%$R4`omorZI%Qoey=u_kSdPLcHIKTht?A;}8wlK%<@o6HA4vPn0d`?AfI@wJ_ zA3=j^eLMN&<=%3-G#B*{iRoM+A?H+Sw+I_3V;aJE_lE%-!&$w-&AaIY{vHzwXO$lW zAsb?^jhaT!ThCijK6Bg~@~-$l9T#>h=`C1-qjP+TDAwD}{_q2u(hnDjqyqTo7Yp|^{ zi_JJn)g&v#=Jcn}{EY?G;UieM2-&NqN)Z2{Q%?fI`}=(0JNEi-Mm?#TGf2LM6J!1S z2XNy4%o>{@!^BKZ+auEy< zrtE_PyV+A?ZETVJCC>ktL+{bSwGCSlr?P`V?gm?2fWfT<#`K#Omcgb;-2C@e3nRrr zvd|K48h0a1&@CRDp3xYH=i5#PNn4mNh-U+rg?rKXeVg*(Y*DV-5GL;ektLgWzv!x_ z5CY4G!j^5hm)qd7@&w$4gtG05N46N(S?Cvg6p}a=v4(rindZjL64Q+3Ow=j^5ODg9 zDSYgb)gtOKQq`ATH*%xrQ&QoQ@45pwh{bl&S%60>Owv`u3kfE+X)$o%*&c0g#}$ne zMiut9GR56*`Ka{%*^2Z-<0y$~mudclRBde;)LKn8jxzECM+sWx;NUt$%bpmw)DrW( zZdd>S000wL_ztBRX&((!Sh1si;KS4!Sr7Sr*V>R97nVkn%F9+Vv)5A~TdxlWYP5hF zYQ_j0iR)?9ueh`WZck2Vg@GqQ5ki>VMBp=Q%ze=g9r8G2jVsk#H87TqSZoty?SM znqbm>EMNMu{mCucvPM%%@?TFZ>bb3ftQj#2y-U@Kh!wG6_N2su_rtlr5z~Y9*pYH=36Fzlx#=;qZ5=fm!l2NQ4 zUM>ks>`<;zb;xIfPTAKb>(Zw^vbw9v!=FXB^`9M(k)#{@sm2H0FS0rEjSBSM@g)i( zFxzC!{J%wK`9Z(wBOV1=Wp zt`=n*L=r~3sDQN@5VbD~!I)_pE#GO{+gzKCjfG8c&T(BwUhWy;p%P9_DeE}uKhbfs z;Q?Buh3Su{!$yZho${vxv0Q|4TAzJ-@>|L9i9BzW?B`|+Lc2p&iwNET2aD-?j0L$y zFHHIa1^dTABN*9e#vD;JYpQqzH_$nJ`7JK7j zd*C1Dc%`f3*58SR zq@;H%n7Uk*Lwpf=DGOm+49aU`f6RSZC}#^GM7|oxkDm^f_;9b3ABR;gYASKzLuwgW zvQ3k|;d&)PwEKDrt9zE13ipY%zYw5k3LP8upcotfbL`|5DnNfoot{n!6!MFSLOG%!qiKc;4o>?9TGN|ow^Jo7351v3omeWOWB8Rf0-)}(o%VlogA)57x+vZJEAD?GxD z9*8&rzi-z%0vwi7Ui1*Q;v85qEn8Q1^zh?6iTat5Dq(NHU0GeK^|&~to$tQTYMufU z>IZT0)-oV9+iG#%B#tH5*%_irnZ^o!y?$0Lmlksa^nq%?1fw~F%4KcJBR=cRK3hVU ziDZQqg$`^QY3Btq=Sbn(2m8|>al7Z~CvP2WizgANV(!tye$mmC#08&;)cuT&5^i_o zR%V4%c^tWO{``xy`{8pqYm%<6FknAd9k$c&ypY_ha}(3$_oX|=|4qL%sVlw7tYj;^ z7}Z?xa`L{qD6<~8C?hFRL6Tz$sLi< zVnd=tz9P~yCF{m4oeyhI%s;8fY>xFhfc883Sc1yeNHH)9 z&g}aR^N!ouNFQ8^(5cWS2m7EXTG@-a3|gkgwa=au`FEi|Lt{{?5BdfJ3TMkSJlMs~ z@@TF;BZN``#YF{=d^UBs-&e1fEH{r*ypMbuq!N@L_ zQb(d@p~Vsp*I6GH0GN_xj|#B#i{lyQ$n)Hmjkq|SS)Ld0MI>)p>3u``)>8pOI*nZh zkkTnWhZUCDICiEJZjE{woanyLh-{>)StNa;f0P(ZJ%)upJhG&oZw$>Ehb`Gu;e9f1#_qEf&R)?Q76lTPt0 z!iC(H2lyp~XOGfh*oDGvdKmAtA07Hb2iDGVrqY-H&)% z<_Hlc>`~>V#$Gzc9-Z*2`(JaEF8`Ku4fcp;D0Qnrm4S@4#Qj%cffsX^_fHQFvSUy# zX+CVHH$yL;bofA2)Jd!RG(EIYQsKZcMg@FZf*W{;A)cv;VA zI_D76fp$!R+3{h-xS}@gsqcx_sxVWas?Ws@DaB&F=8(d&F;{ze2D!mZd~Hwm8WSqw z!EdeKW#gU6^-N3nI3>+dUUd`OMdW3rhIj;sGl7I8H8KBAxyn|uj>KfZTlEE9bdcqZ z$uedTj0?(0*)UXp|tQeMWZXbwhgHS2ih4B@Y7t-;hv z8lgWO7KC01?h4{FBpL)BHysWhsh9v7)C90jccG7j z`GSXUI<$gL+w3$d$FSZyhYp_g2;h#DFO)JwNY~eDGEevU0$Jilqp2@pX`}7vvz1XB zOeWQ$v+^f!5?0!f>I-{HAKG4 zWKfqyzGS*!6Pcmn*EgGBU;fJ35WRuV zu)^~`6?ijRFjQim2PU_5|*CGW^FOv=fal9-^;5+IZm^7zM$NZT5GXCU41ev`2 z+^~!m?%?Uo@B2}Pu}DpMJM78*b*HmlnA+Tk@~}x8xIvVmRdKxT*V#EyuFe7@J`-Wt zf05f-!0?}}@nGNPex9q$%@dN_xhzqN5ZR%mr~GHB4yxW;9KE75&HY7t3F+29f2TpP zMP{M~*k$!LF}wZ;)2G>CM)Rj^2-TQd|X5WV8 z!;6EqqFIUJD=((50IMXT%ylnh^cW7;{K(Mru$~Q%!tLV19ub%}8;S2;>OTAbCJS2t z96P%L7b@bTz`s0U$Ojo<{*Jc&x`3L{UFc8=EKLd(r!{H$EF*VHfbA1*K3^8U1M$6D zKsQnj%;2)w$*2GT33NFc)Acm^{rL?sB~k4~lzd2WB&L=zSy=kf;KFL)NGq=~gps(l zF3?!JW+sdmnKvfJHW0U|XJhcl2xFh_7GW}bc6`ju!e^~mV7~WywuZxFr}9jke!FP< zSGvQrEW7^oJ^?x+iSF^3RPX2(&bYphhgX|jPsr%&{EUYuyVFK2%4C*nd}Q=S{cyDE zz_%+A`Lkx)gB=WNl7A_-^Qr-+iR>ujv~u>$o191^?DB|_H}{`RedoDqmv;X@YSKznK^%GXf6z{v`mT|>wYn&i(^)_7+HhM*zmU)LNEKFv?l#V8BR?@_9y_m z`)9uGA8t!*qja-vc+23uMP)#bpTAwXgFy6@S%m*<%-o0rvc1T%IvHexDShW`FQ||f zdis3%Erum9{sXx^1XQtnE&0_{y4AH?mklRegaJu1p2g_eC_M}<#J&eC(TXHsXy~|A zwdmR_(yfmZ8zeGKZ+=f10D52i+~#qj^S)X*ie^E#_p&)Rm4EfKvcG?B>xYK>wEhk; zSIg6ytO+(Du2*0~j!Jv{36qc3uWiEKfT294b8hmC3}BfbVVb^w+!Y7K(lTd>GA^Ib z1$7BFlV|z1=)CnEV|PD*fOVNi45?@Qc|V&TK%oEMYg9a(JYKf9wc{$MQDNE>3zVY zlMw?JzAf^b1L6F+fUk!v$F$FV_9G4)a+rsw-H$`@OY%M3kuhCl!GT~O!r*0zI4~U# z1qT1XDF&IY-O{hayoYDULBWmRqnDTI{Ml^Flk+)a1N&P#qX5GE@08jS*6=gumiGF2 zo$0`_!fyPg=cDu3U*#vMqPm$$P+Wl<1T%VhrFEd!U_R=_SX@5>y!Rs|L5P>2s#Rg& z^g-r+>bU&#<|;BbK3T%5@Lzv5Ae*`_#Ml0KDddO@+fm!~-2Xp3whm_s*A{ddSfJ*C zD93jGcQ60ipQ>M4IlOikJq-2O5~#%;ai zkTg{Y8Y_u3q}Ut~m?~mqXQvW)1IS6PT8a&+x)_*gRtb16EBB!RFT$)oKePbHC`vT0 zlAt~Cg$^gObB9Ww< z_I}+QyE25aC=54O)ROWY5%LZ$J__DH<%7cv^5Ty)e7}#LcVHytKJuUijm7 zE-Awa2KZW#HFDgKM;=MyPJ@&AfsO6v*@-3=ut#$)>>Ay317b##?crgb2)c}zi)&Ro z7=wlECrGqp=PUmH{}3#z z1Y7VGD}*GM_SL@|Q_s*(!0>Hs+>C$}!hO3k94m?%cmBhHJnqk_^ca`dOr$YN*+`?~ z_H5UfJxr2knL|sb(R!9wU5Qi_l1ID*c=AH;HDeu^ws}pnEJS4Ny(!rplxDwphfpqa zQ0qGIBdND^SNvVA>p0JT30{nF4ca(72Xy1ZbP@voRb!7zJjX@I2{)g8jzab3px#uH zNRf$@_C%Y|)DWb?ubDS7K^EGXbiPAI1|~Z}8BqZmkM8S8S)k>jaA)1*k7dDdG5~w_ zF&R9{;7+g<2!p?lXf&hLO)Vta42(j&G1H`F9lN|$^cnaA=9$5#M2HWzA8vVqKdj030ZX8Hm~vG&)`KEIgHgHZxTxMuH_#qc>t2316A%XLXe z(n1q%`B(`QOPEH*xICG4m^mz!k6BS_f10^yPvKZINqljFC2kFTh%&Y!_%ETe3^nCa zY?tag0`AFI^0uSO6gj@PcP~nh_P!a7orl!xuzH=TODKy6zz%N*r+IgH?9^hhqtiPb zhIIkV_$j}^4=%>ZOEnyBu8C*Oq2dDK#RIVGfVtl%P{SPx%aV$hO)B7#dDAMr9-Bd6 zr~+VW1zLI$Ya?4dHNCFScbxM7cvyD?unQaa5Axhuw;U<3+S!LlR|Hm18A2{e#|Vk| ztRQR}M@olJD;ezV7IZbq#c<(ViudiEud}6$==F)soUl$3AC~hca8Ju^nr=Zv(W=U& z#uet2dVx5-C^wm|2{U_p;*< z^`CeTVr>K@_=4)I2C|Wi*n{a-fMvO4HpT>1HHmM$8HC|%G^wN8uBKx>GrShvxUrEw z_0IF5DFmz^s2$z}O}>>#+O1>Y=r<@-O9ZE%i*<;OG+KYw9!Q!0-Ui2hVC$a0h0M!6 zt-P?>a?2W%u_s?q{OIc?p7Ru5C%6B1g34!=v51&ReAQBaIWr+$_(8OpycT7#51LP? zA)SQUxVaFwVT1@Y_|lF#82{t$jO7Bh*c$nEBNpg{ljHH^Rp6ETO8cIy(4LVW82tT8 zdioyD?z2|u=mTnbh&FCOOsR4>2(&3J-c)@mWm^z~DVtj5$83k+D3_@P)qq${;6KJ( zAK>eQ2M@p&;%`pG<4q=QF!9eS(j=x+WNH7cf=A1M#Gy0b4EGYq(1p*|dA?q&yG^~W-T2x;%= z?|=er2OBpxLFg=E<4$43MPDUOHv-mbnuT&dJuyA^t#cR~SJSP)bnbplaq_`;*^q57 zPYz@EvqnvYYdP?cHwRuUg6y@{68vcTJ@o>uz7L;P^CK4pKgV-L{?zF{8z6~guGEsW zMn(@Y`gAPFLfcmLIs}~=ELQWs?H3a)6fPq4VwrfUCgY%P4l0kpk3rpeKMA*YZ9##3 zA*ASPx9vNM#6i#P=xd9+PqoNafW^;Hsr;Ig?0s^9uDPiufw!a*WJN?sZ* zT!G|Lo=9*%Cz-FVi2Ui#PmUP$dw-Uv)ax)Gso??JA&`0vYdfe^PEyxRTo*%Kt=%n^ z$LrAR5dHuRHv*nji_E65dwU^#kylG19B0`~H+r_sc?`7(zEz;+3IP&E#m_VCIVPUIUe40E8=Tp9JCoT*J&%Qgz1t`*pK z`7YNS=B%aJWuJ9hH11joFEfBzjFzUgPvxYjAz|wDW%fbZ)enTPoye%qePm*0OeH)$(Hf`~*kB zLeNTa+P}R<3H(jFwy?pC^V>(3xzg=__|d~|v`q5H&H-DC{}>n4>Lt?S1P+VhH>HYv z*C<*o+?C0@b0hl5H45omtm&R$_O`+J*3L>=XSqAW#Zw3$L@v0oha<`QSRfYBfzKP{yUwLxZ; zW2R8Fj`SA*K!9b;I0~r7K>Xzu9cdT|)QD8{ycf$ZY!2!jjzF$>s^vim?>X(V*#g@oqtkccAG zCUApYS}Ziy^a+^T_DhYgk32}gcWFTa38z2=7fvRSiddP=B#06=$Q$||J0zI&i8JD( z0VlEOqj?&e_{VLL@*k2eX2*^|<4+mknxD9VB}?N$EdAa{<6DdM%gVuK=F8OU%8wZR z8}+pS_P8CM`HE@2XS7uw$22G!Iu?wdYcf_G>sWs!A3KZIv5$*5#_4oEkpQrW9vsLP zxL&--MsGrej2qsBf~~~_YHWv^Gh`FUwK~8H-9tz-+oxUmyLhe*(0t}4ZDI48 zZ41Q?ybo}}HuZ;d-3n;Ai(Zd~JZuuThDcxA$k~;G=AIB{q9}+pX0u>nMET$x=yvBn z(qWdVUaRO#VOM^avN+CP0nwP4-f6A=Ph^^^@D5S|fA>xmY#DdsuzI-{Zov>Is1U^^ z<=EK&xu%!PTdih`Q8jIv0rTD2z_$Vf;q+1&HW7w2_;+>RtvWhBiD%?5yQ$|o z9u4aUExG*#8Cu(xBvncuF`0pSXZkMUo_}?$zR6juD4wXivAIX8PN9Ku+BrM=-tPkS zFIK+Xo@WKNWam#v)C61sUAV5H$^XOqNf9?!rK-4HGm3m1hPU%Lo)@@;$Jp?y)rSXk zJY>M=x6Qi%Ex`2!i-+Bh%i#GnpW}&AK$AsFqy;8!qV5Y(4+1&l__={6{~(`yr=9^G zmk&LZ@QiB5mHh#~`KMQD_d8=UyLPA0c+x_V_j-YudeLf2C=avBv0i*YLwRmxHYz4vPYjbb0gQb??N&lfvxwG z`J!>T`1Uw@vvE67erSPuPazSmFWLXxS{w;cmX~($@?WvdAlw8Vs-?dzqMh1E3)2VW zBMib)vo;E$mw8PZ%qs2K++dN}{MO*1DvhDE(*VOHoR%+N*me~ z9hQ42zNloBD@UOCq)V1z!>%z-ZMK`Gjd5X0e7G=pRoFae0;T-2T7SI-v-rtpyioft zVSOv7b?wz~eZ*X4$Q;5`r@DQBI02cyO(0B0Q-u`DJ6`Mm%7{)kcI(6xJ4MZ2sv6nV zf8Hdi=kw>O;z4$w9F1E61=quoo%0{es}j@mkMYr|MC8Y`1ZPA&L)S^-zi^yQIyUFn z;av^dJi}<2=rNqttp--*dVQ>lyhKqCB`HvbF8-z=lI-mqj;UYG(o+O;$bwgIL3_g+ zNllUXX2!A=iy53`?O-t!6%k*@eqCmqU+UT$Um*^)aOy+*qo+rY9#*ze&N!8)lM*tF zCMAPq4vM0RiqBRM_RbYf@{HjsY;m^Gv~mf|pY}LFX6JvOnSD3ZW|AR#(%`;4{0GZc zjW0Fm`U#$P3dVny=gWpRE9PY(oK7J;YpSkM6IXLoNbC95nd{H%8YcMXuf|D;gfHIW zq-~{zkO&V@_-&)(Zahn|;QEG*>au9|oNe@qW`!2 z8{K0;wEy5HfH5e@5ST868D}1H6hSOxxaW);)^66P@i4^tuM-<^b+Xo_Z5tfe)fMnC zXI6FbvO*xB{_5TJ;FKNe0nyMBE;io5)7hmWq&-QB1dj?~QHpqwj48bAcMcbV@+O3G zu0*w`RUA`|1W0*B#xuGALX&9>Yyy9D+wsfsF!K@a1lY+rxOoupgwd{w!5F1t_k20# zGAAFmZ@A_HiTyKK@$2LI$})hxNWB&$_hDIbrF{=oL$Z)aV0oeMnt1!KvRZ)8oJOW2 z+pfp?J`1YqUZ7}aogV!OU@owh4WGKmJ8ACD!;DbKJiiP+^}a1uFyoiA9U?MeGovLm zH>(XvYOq98kSpG{&h!-2dYyokY8O=25Qy-a6O= z&*F%(r>)(qWmJkxL7jw{6ck5^Q6OX*JV1S$Q4oNs0CeU>V_Km>#CPsyJUBL3K;v5z z@oQtzO{uY2#(Q#k9ST~gu_;Nm-44ceeo`+)HO$wc)OlwkhsBZ33Ces*8*gFAmMXv# zfT*Qq{2}orSqZaE-$L^e%uMiZ6}(>QL;nj7287ut};v=a+jZ6^L=k3h3YU{k1R&XTt7DjjbS>jqFcJkN=|?x{oq*Lc?#Ky&&4yDD?>`}>s-rkol5zv2Eq@@I1T|a9Yu}H;P@W}sbAFW z@l|7xX)^j}TeKw++!%6a*rGd$(3tV(+qw8O|MD&bX%hZ#AMSw%aZo5Z#PKkIwErZ&=c@hP zbNbTE8&QRpHcHxUZX)NMvHTIp=RBF>e_vOfq(-1R)&9@im(N2^j^uvpdv9D?Eb8)y zuFYq$!#%j?(W4>t;nLGg@Z;r3Zj@R#*sbf_4pP?KFByaYt9(YhHh*R)(E(ELjM-igps9ZZNOVv&l*py`$8_R7oiv33B}rf&;p`yk}Fn`HMj4 zY}G2`8t?`ON3;aV9+F$;EB#{SI+v zN!Ano)1E`A-n@m!Xr%9A0#{c*&+P^wnXx#0_{h_jDUOeW<9M7T1Oar_C+2LXl9#CQ z(SIyJ0*5Kt4iBZNXys)4ZpYib#x47hU~6>kkOLF9l^x}E`x)}L#|T#+`ef%QWOYf| zDO&Ns)*%mMRjXTCo}Nqy^1?gkz>h&F)72S*p!SE z(K61FW9{?Y!Vi9Zs`oAlx7*RHfOm0|$Wm@7Tbw%tdL0;dgRgjR(R9O?Ug=zNNSNr* zt>5y3-_8-6ot6s-^R~v)v7>kbJPLXjFsKXJV7Gfp_mp-Q16oaBVI8Z!!2aY<{^eMT zwdTq!IJgzw+`YD>fop~PY)LXj$_I>NaPcP*EyfVa%o)^RggvB%D+rVXaeRsG%~{ua z-gh+MdLF`$*s1@60FJ5Zne5Z}7_#-x#~LBFjA=c9QWUkbf;4(o@X1$sF+#FDBS$<* zFzWd$!N4SYuyKC^yk;+;E8nbv(89!*Km8pSi?FV!^e&fm`B;e&vr+$fjLr#1IW?tV z+*T)$9$R!2^TlTM8s@A@gGj7`a?{!oC&FkxzxgS;eYqNDt;BwMXa1Yt;p3*H1Mx}> zaKrk+_9hrN=qS$e!Vp~0OCr~s9%&rPaUTFJeGhX^mU^5#a&6IpU<0n+Kju+`1=qbX6toa2 zPPUOd0+0lV76E$Br8(MPbj_JB5Y6-Z(*GWKwi3%joD~A%Vuj@vi zWehoPb2=2)55OWOd}T^O#;yTtYkzYVLm{KD@bTATBI6|PbzZb@=~p>b7$Jj}(6`{A z@_)RK7UB||*cR3g3RYbutt{iG5vtTqX@u!3WLL(QsLIbLZOQnB?NEW2%~ zB$tDA67&l0x^sb!ZsC$bprUC80_S;Ir74Z@YM{jjypD}&IXlXzu;SG?;R1^lLY}&2 zoWmN&ml^&5Ag9qs`gU3)w7TPt2OYWxYVFdk9h|OZW9kk!_Vv_Mv60E9annvi$}ZO@ z!R9?fJFTgzJfBIq0CoZ_$Pb-)ak;`BSAu*P^m1kaxy{)FA;(+_7!MaBR_9&gVirXC zLh>mAU@fI3WVDF2z6dZ*Q1LvrA(DDlm(zrP7~7#kiW$ zPZxi20GG0&(?hAb@@q>5K0c(-5X1OSbFy|vi2rWyazDJD_u4q~!Du{M>O+nAln(S# z0QCoaACg^ejfHYVeiTP4RdPcf@8+KAK@V_nQYJ!aUI#Iu#+443y}%?4gOedXc^jr@ zs9x79_b938z)?f}1{d_kg4Ut=5TJ^~pg%7F9R zJH$>lTTUIAB_?vv`en|s4)&M1y<=##5(I7&c#I8HS<$`+jlbdeonO?3ux+p^`^6(_ z@;?c9++&x19qq-;+l=~D2t>5JMv`h;Gk*^tg2p`7g(QOESsx)p=1RE*EA4M{c8(D* zkGmCLol&cv!ZKI=LI|H#2>wzb$t>88thzidBos<{n3_E5-)SXXxW^4jka(49vBm($ zYZ31<7fvizz(XW;`5pWXsEwkV3l?D2veZnEyz^oF23_;(yf-)-zBwe&ZeBV|25_y*6XZuasH&9YgzAf{*=7)(?5yF z)^8*-&7+oG0Drs3n3aWwJR}+wR6$>NWFQnZ6Fx530sQx5JdKY?Vaq8D*vq{X98;QV3l=_Mv2rpk zA~N3?(AT){riDyBYU%EAte;}KyH)~%oyWm9BI_BI zPAp{fOvusN9$g~I_(rb$B!O=Mp^fw<)|}O`UJ;*m!<>?I!hvFiZzD8opXl-NoFe=o z;0CcHlnoTP9UYr1qzK&xn|wEO(YfK#NUU;0${R^QE)}*~Kv}&{X>}ilUcKC(wyg!J zSk9&6Btp^y}PZNTyS4#R`$ zE4%qfU{{RR8;Se%nYGi#d$z=Z(|6v9#gPO9?(l$8EE zuqTZWm`)t>mFqrRI`wZzKVN-@T;1+yq_A2;jVZe5l18(#2pAj&8mTRc|vhy+SOf&p!7zf}V2 z&O)0&FH$b|32dk>ra~&*)GdjY)9ljBHX*^U&CDB*bjhH3@^)lRKs_2=f6HZ8S|szY z@eOMH6GWF#BKqo0o|7eX2WnuQrO@=D^+FV`t%sB;-brFg>n9MX!31UkbSZj-!^REO@UbNn5rSeInhQ{aWeJ))5M-gioHoZW{<>U|- z6A-RDa;&YN8s*JIUd%S3|3frq>I`l)7FGF;3oqh$%jM|FWcUEC-2Cbn5;I1lLHFct zq6;53--Zsa5+XYca5ahi@}+P$)m_a7G=L5epuVkXj1&vgCAfUpV%0Dy`;$wm*m?DLZ-`UjGbd*YIwsQ>qmfPSuN^Z>T<0lXl%9Cxy_Ua>5Bm5od5kM)&iD3%ATNXKsG$s5wVKpS%P7W zlTvLo7|DZ8CgikUE_-wpfSF%c8w#7rO~;vUyca+Q;bIVH+{3F9OrL4jhLM$$=}jLP zBaq-j`1JtAM7$<=n+d!FE{VEg8J;#;_(&F_vfR1UB#6^@=j`8bB$wUm2V5!&+jnvp z9aBtCuUXZpGZT1y?l*w-ZbR>Ka_HIAHj8@?32fcB{<`hrcqn4)w?x{S@9w| zGgWD5-1|8DEgYYkJ)tG^VMjnY$(PGTGdiF*6$xBkex-gyv!z7dK-TbFPQ2`OUU_gB zN(XLA>raRZ5{1kpY0$|)Q5(Wgjm^Wp&186t^@wu#lT>FjKPUM+Br{9ggn6q{Q4CY;B) z#)+}6F$^^-Rw*uIEgTmhEXVGPk5_aj;Y~ z5aZ-WzgYAg_6Fb$*A4%^G0=bEi5LR1oGz$iJvVk?x%0dUxrq0?D^WDa({62Y4VAUQ z&_TGP6zK}MX-*DSSkfsYmdHiFTfgO5gb?+draMtL8A?QL!MtZTvhk8S?X`v6*MRb( zF%!y@T%IRbxeKE6EV@*|F2~?u?*aW7Ur!$kel^MPV?5T809qcMg>txlgSYc|23;@s zohNL-iRdsm?R|A#M0x9+q{U3g*9grSB{6|pL4g23(C6CoGY;S}UV-T)zq-eFa@Z_4 zznQ|h35|DWds$B@Xj)6Ny@6c>BONWiRk|h|m@HDwx4~$OS|aV7${KHZ)*E&gBzR)I z7n&^XKd(D1U-PAdM-q-?qAtIS#a8 zaFvp!{rEogp;f9AwpT6Q5$Qinn_mDD`-%R1b<1;Q5kxba<%N+xZw8IXe=MnB5erD3 zM=U>P<4wTFf7TN@cd1AXRXN0x;O~wWl=Uso%Y;Hni%tvbLxfa zudM-v(x`eEVpiD(RD$dKkYh0D1c_C9g>UTJ(1XsQM*b8T0g`UIZD9z=-cR?3!4 z^Kxv)b|5~NT)w!&zbW3t-x^+HP3)hXatQNg$IS?;X$TzV#KI-7S672qb~w@?dZaaD z%M!tPDvrzzO2`boW$JEXyw;jO1i{P{T81_Ot3Z_Z@6mJMLUtX;Ch&p0xcfuL(|bo@ zk4f`G5CcH^dh7La1HVRzvNdj{gVmAXqCmd*b|}{uJmAEPxJwKGbV!27w{S~`CJz+J zfZOtb=nfY1FWqL!UcrZ1Pqo1|DgA`J%r0>X)bp!>6tQ-s5XuiBf2bw@8%=vX5z)X( z4;uVmMeGid=O8+NR%Qth=L8qWE{o36cb@Pn14ks_I5>^hW~LtUx(1em=C#pS_cK#! z4$mzdT{CzJSE}d|=JS+OMA%E>(5)nQ^BVZ@;+zYSV223!+#R1PFj8u~LmbJRFNV+q zIjuStHdHeEE?`qrdxj)a;#mC~H#6b$mN5f)i1lJHg@%F^#te&+<}8-+ePP(Q#6y2G zRXP51;Tnh?Z(3Dc0vn7LYctwhNTf}V1e?mDgenilWjBw1|04qS$zj(LfnO1L;8iZ}&5g5_7>%PO#qOjLb^w`O0!_^(7 z7IR{;za&BEegBTx=3_=`<8%#a#kFo}LhJ0kD1L3(4>EbKg)s-a)J$m;`71R{$I z*NsQtP^{3ga5unqG2Xw;W3?4L0|MX3S0@wh;%)CPNM*^2kG!%)yeHRNk)qPQ_G3g* z{|2dVBaY=Ws(SkaY%S+ZRi)UzR?EIT$!cF9w_6G7Ke+%AR%7ejspjH;xgPwA1c9uh z*e))$&G6Ei=bm#0>8US^1pQCT`>8Z|bW|ydR#A=yYGrxR@*p-5VA{RKxCI8S-RmM= z@SeR4;MR(;{z}1(mPh?)f?hJoz3c%1li)Aqh(Zd$Jt>NnbFUEtp|OR?B(_u|sh5m8 z#Ht2w+--oB&uY$Ht_9VbEYNoYWYI8+>-q+*Dd4mr7LZpVvfk_>>3K1|zR(e|A%+SG zBHQpAVszLX(T@nJ985x3*|1i-Kqx*Zs_23OyiRWe5Ex#vK2)!~`QakDJ_XJi!p@{7 zRpetN9%OpD+s#|pS?<1Xu(-W_;QKOUvPy416O%q`QHTL=_AoqR2ibMp+Ok=?>dqa7 zq!}q0lh@{LgZEi84OYkaiknJVzJ#e#q*lL8v8C9 zp>(P&iVCofeV+WpMRu8pyW2Rio^o%2{#YilPH8Ix2EX;2<6ILka*g`RI7>M03>cyO z7b$4f>qgbxUsGI;XMX;m6D|%upq%kM#d z(=*wRnz7dsJEXZxwS0(4wC@SIik^*3e9J`%+a&)lCaz?&h_l*^ph+cYt4uW_)p3L{ z(97VQzLdI_{&qPz8d@b<-s&~l3iEX(R~CPcsSK&Pt*pZ#Q;48#+y~HykfhjJFzGRBcggx*^1E#ziOqquWfD zs23$+w}G8?LF$}K)t9KQkMB!ah6~Hzg@38-2ygF(k1bP9Ed<_;7B=Q#fJlD*Pz8qi zq!~A!@xK!mvKIBSSeE!gXglvQ899bHrO7`ygURGT{EPwv;@8?NUm;@?(v1!^bE zG!DjkS05WEN(fY6b?72HXkB!}0U)o}fVa_B79}BXQz#LyLq+ivWzFiWnYiWuT?{CX znx^{olia?xM9gq@i7i@pZ8s!`D;~(98p5mc3_LM|wQPN`c97KUjB6Y<`nj)P+i+EQ z<6FkSIj=corOEQjFdUAiO3Gts{Mi1esC@>eZTo)N5#(s&OTe8}KHK~=UI_?kUuq6s zZu=U9nN7`{Q-tD-ycZ@r_>uqsD!n+r%Fy9YiG^8CS5E284fW%-Z{|P`$*TSu!M%zW zaW?F>4@{C}HBIPS_htnIZ;``?yX|?~(Z^d%R!;~eUMDXb){M6^meslrKyEY9tU&O($QgcQQ?WjRJgTE9Y)g7 z1BDFoZ<*kh(61II9tmFmPzr$*(@X}%6-)x&=mPv4{6^XG%{kLXX73NTB&=L%Nx$@> z4M^M1JcF7>{TFbCD$9A*Pfa5v8jwh+-B0lFQ!nugsuy+ccrP5f+!h&+Wn{fU^o|+9KW~Z2_VFu5kCw$# zKm8RqJ>*(u#QOrwmLg=WWlp~*B*=1&sD^`_lPd&ibT?p4fVFa+y> z)%D~a@lfLDDMlAbRAjDdJm;#DjXIv=38jCeiZs|!AuJX}DJm6yirL_uW%x;H-Oh$J z=IRsBVjs&(Jb3i+d5U%hgBT6-haYr|h~0)AHVx0}2h>gQ`oiIhWW2glIk*8hCh{w@ zH0%-WT*#aEZ&pa}@1TBY<`d-tK2eZdg*6H5a3|ASE-EqTg@j1*sQd&GFoTj^=~g?) zC{~bOBjKJSEJfv;&iVD>r z4aL2tZb!6}vr0*r==dJ2#p>W*`1;SV)`l!n?HoX7(+`odOr|rTnki|=H9QE>;sD~; zS$K0U(mez?P9*VTNJyxwFar%z&V@7k^fL&i;H}4;PEOwoQsnG<1#7`u!b9w%W2U$e zlT?W&8zCiVI8zH59d)cPiO`+esQ<*N-rqo^V_n(;m1iGPdd0Z8ZTOs;&mF?;gnrK$ zx`KaCPDcB&X{}4wpyfo4&r?y`z-YAivI8YGoq`uaV^XBNx(ghLu!5iX_G_$9_3dcs z@)z{4d=*8*)YgsYiZml>YmK_q+Zv~v|Fi<(1Vk)~VnD|Q(xItKG_Ds>v1kH2ond}| zCcZA&&&6y69Prgimj;m)W?Jjz5U#QAI&TLP)G9{MKTpU3@4wo%Sh6uT-m9-tsRjtR zecLunknX_qrD8Qnu!I1>{V zbb#QS6j=uoTlYV@m&u@({f)8|p{w+a zSp?ETRhhQZIyI)3s%*Iqjo35GusEc~3Q%aLNK1-q+Xx|mR9R>SIg|`i$)-j`;Gr^K zYnZLy{2p=xfCw4pYnUb~eyrI=k?a%&4#>966wSXB_SzjCjHG{V@OuhQl)0bTl5~sD znT?`ZZm^?Aw|)$!S5R4VD>BHw1CfwwA2mVABtn>`01O*$xZ~KvoxTin>IaKO==ND} zyH>lrXMuO_-hdwv*0`q2B@BS76Zqotfo8O*ZzHwbMx@0}&S6=6xG>?8X!x^x*m))v zaIo{~>r}tvO&7ek0=^c>?;aqrj=}WNi{NB^W9PH=SvSK}+4`hdFa$Q6W+fVr8wA^aoz!Ipb^kD=DR z5^INXr)gL-c#DC|P1|jV_OcL-s;q?Wn1m$HKJ2U2NxfI$RNyZ9IE5rdZLKAmx@1L8 z^RASjIhh=Yd*C-e$+}rJ;kxf7rScrdc*15CFnahDnL22u9xAI)`(-oNeI-u)DcuS) zMl1uuXi9QTat9HcsH(?NuxUsDld~YJH&pZyL}+U2j~L8`0?7CuzJO)urn1CDQ-j~# zuLhpa75eTb{imheo9YOoxUf<(9Lr>UFokn|qsn)%(iaQ;?0u|4U@~GzvrS0Zfz9K&p0N{! z%?1pe=Y2SPHzaaSvhVJm_dtFOW1R?-NEb=3(-MWw#8w@Yf+owyP&U+OQmo%nklun1 z8*#hWW|jf^kH2IRn!9QM4(8&ek&(z}q_USsSkRL;x{xFoD{mi%)*mKehXJ@G(I zZNi3sjl`BG2*hd~h}ttK?X*DWH(wd0CqadJVwU7ste(qzXC}C~A1x=hV7@R>eD=4b zPt00VbW?PU>HlXK1k=~Mearz-aC~cm3z~{g+1m?OVv{*D1Q0PV{yN9^{!^j`_bb@G z6W(!3=UPpZN@4(z_CTSzpB4yzI#9hT#yfOQ=^KT*t_XvJ_OuL72a406sO$%N|E`XE zS`ulCjB~Z`NT{SdPQez05IwVK!Q~UwH+Xs4%ztyb^?j(=p^u&oUkkzH=eU?dLm_Hw z^45Z`z4nk;o^p|vOF5U5HgMDdcMgNOzG<3w{^nRMqg;4Bbr1dbuNBtKKxcH+9@YPH zIa~6kQzPfJ8sJncW-hEwri1Tkuko54L5)b~`;`Uc@ z%R38z2VGo4!?8So^hZ<_>_`*m^_Wpok*t>PR&`M-VEZ3km+3($Ot(>*GJX~6Z;DX!nm2^JHMCgkX%vI6WUiH*-8zFKtwN|L&C$e5+|(8A)k)Piv?tCk;&DuV(IPB)Cqxg_|=v z`lp)KpV?2#Rh@Q69u zfXdX$%Y-pQnl6xo#Ew2=!<6+N=gnq+SgT!LbWnVz6Ep#_w9YMUgfa32x)bErEYW>k zy_As8Q@AE&-Xc$gBTw77+W#9dBdJLRnGLI{WD6UbZ2*)&d?UiW2IBonth#T#e?(1! zPTIa54r6l+#}mafy+Bm2qCljatgbAIbZ1gf;!9A_^mEh%7`gUtp&{kvIq_F6>q&Yc zY|}38nV#mp0t$goULSfqyQnl(9O(atD?79^U5%gnsFn>TbUIP<*(0=O<;%ajPO*N@ zFhiPushLo*bH0WN9oz;ZL;0jf)b4qLL1(_b{Nsjo1`9>)=CD3mgrXSWIfP|FR@#=X zy<}9O4wChuxp!nJ^}qTz(BM4O3hKaHtc;E+ln(@FBQJcAW+&&iMl6yVr=y^kliltJ zP@~RUv{~9?oaK_00=w@6s>71h7&?XO(~&u^H720hsXL2RqgWBe6nXOArUsnUgea7T zwv+JgOYM?{Hj6eR{W^+`*ej67QcF<$@Cyk!@`1v-dVF3wKdXReSaMg1c9lNMVS4Y> zw0yez=Xq}@2(sy4W^Vo+`J@AA0x%jHrq>p@gZp*^F2oA9(u14Tt^sJqc|r6o>o}V9 zE({SnxxLAzeS>xO-|lXr%1c3aUamA<}(N}IJI+CAN5kT7|X-yuBPXAuKF-%IcY9x9}2MnxjH$I(h4Gd zlp=Q|)!T~MK^|fb)2N$1Mf9iW1caJ>N;Di9E3(|d(4HN4DyTMGR;| zIJ(^ZRq)2-uW;XLAb1^)1DVo`ZU(#@Fmxku7HY<=Q}^?;nXLGmqh?mE!25p=Z6F@@ zE8Hv(idWfermV@#gNWJx1|`88=jd`}c$Xr%x$Conho4fYAMH>9rZA@Wy>Yohgzcoc zu0I({90(;86GU=$SY(ec5pFPTH0Q;eiZ(=?sevuksU1`exI%d> zttY*k>3%y}$f_CkC)IvDN=|Fa+W~$@CcBXz>vs)5TORuKUrZPm)!zyXf12;gbF*mT zi`v&s+^lrqNY^qfG_rwB_Jau_lW*?}Ewqn%W~w&!cF>5cO&6#)OrlqIw{t3J?%93F6Edr?`R|4gfoVn?l5tT-G{+Y2}jnRRD+qjvvjL$ZezsC@UAh$c+ z$TM>=!KGW@Ygg$I)PxZ_ZO?L(eR_=nD>TN4b@j#WW$glCM<@m><{jL|P=se`Wzy{5 zXBHbs%p6wXBe1MGQiYYd8E72Tc8<;k|6$WsKmQ0f15c`a7^~2!zLc1Opm03i) ze6lbn#WichYsWk85etP5oS;pP`8INlsM~yr};3h^YmlPR0u(BfXvBI|(17qK^ z9wfq4WR@GJ?@M3n$KQf7JsqV~oMpiQ(Vx8idOs48ZKiRzMZFQ) zIXN+tzbjCH^j8ex2o(-#A&dKC%Xn&^rv8sD05CEcdn0Ns@Ewu|LG9+(G97u$K8 za7mUj7RMlM#||?7v~z!!Gt(1!;~tjJ9p*|42Hv2q3-PEh7r$(!%d8E>t|K1nK>)j0 z68A*Vvs9{sCQ%sPr?+jq3sRyAbQ^V6J4_W%qHw_9h_3L4ZaCb{GIv;D+M@q7e1|}n zxyRO?Yj&lU2h?_fj|bHRFM)~g#2TWqWRk{>3a)2xFX7}qk7yFmEIjgesPkvP=`;_#Ek2E@17ErrmNlc>(NE61kA$AM zFVs2G9UDu`GLOr%UE(l8oWkQ8M}T-Q;8CtssfuRt$CGWMUFEIlP{Lur%d=~hJiO_P z36w2);9M!nNI)vAf01YgQcTxmSxxV{U!I7;YYuJ`O-LObGR=uKjkT4>^BM{;#ggAI z{m~lQUAk{Yz;hIX1Nt`1CWEyLLsAmpMBUSdsNl(7{64lhVk0D+droUUh^4x+o#ikI zR1x8&TCz8Hr9-6WkoPWCQ|^X)258e+g&R|OLQJVb9>s3vdd*JPC3DN=xO&||nQs%N z+PXFyrxjeEbNcTdDYX!27&{dW`cJtxF#jv)vn-{8eaoubK+(A`$eTXP4wte;;lC?w=v9eqn{eG!am zpe>`m%|GfDo!J`Fog&P~2{9vN`(19{BuD!ZX)`7Mp2{*=vAMst2*OV1F^>R`n*Ez( zt5aS}+#sl7$0s3W$-sb*_3l>8`9foyRMnor&DAgA9+LB6 z!K$>q3-P!h%<}DKiB<-lh9{R2st06J+~XJZHxiL@ zAxEJTmEXZVTtcbMz3hMh!z`690o7PpnIqXsGRU2eZTuD3@|hE5w6tW; zx#COy-z8nU5`j=1ckDiJq9@U%f4@R2@%+{~MH>3Ty((Oe7@So^UMAzxe~H1XT=cMu zCOVdKnFhJ+lu1shYQ2P8-xfJQ{5YNLZr3U#eu&eDZCSrCT6x;_V43NeuVX1hjS!DE z>fw@*sc@@+&+<#~?1Iz0Yf0~+9D+@6KADKErmV3F1w}Db^i10UN$$;xy?=I@S&La% zt+))R@0JNw7RG*#*P$;n?s+z>m9Nn(zegSlA$r+v+|7vN$rfwh<-h|Wc$0{zI)bz) zT2kFDUcmCDb33Kk^1AlG;kpcPa!W@$S+D7)0ZAr@QrmA=`3RT{fB{iyU*zwtY)(lA z^WR(PBueZ~z77$nG^AtHR4J$51dfpJeKL8{a!g34Umnr%{+U6rI`uSy_|Ov{UA$$4%E|?J~nhG-AQ0Ssz@BMAbRm_uy5DXJO{g1}Oq5-Q%+E3H_O^Yt zEG;+i%p|prFm5P7DG^briaQ3v_7&q~0jdF&`+XDoP_2~bV-;erXRIb+@feO*b%~hQ zI&xb;Yw&7$vnEl!0Jvk|MvLEXE8MoWWga7S(nfoUV%q}7pPnZj;e6lBNQ6HXlSHrX zKetJ!=NKUA`Tk-eFVW+Lpj>=Ya_1K%r}1?%4^?75Rb{Bb)$Gn-0#wQ_F}uTnLyKPe z!BOJi<;6i521MdCAy*sI{!jdecaLXER^7gdYk9k{V&9tB6|R&w>(wl@g_^quwt!JZ z^>x%A`Gf=s_s+Jq$vjxDL!H4qd#isbw#DtE`h2-vN4*wO5pV1fjJ$DfKr8E~} z$}FicOMeq(GJ~gn8)Djx<0P$fJ&UbCGrBY0`9>t;N*w#5sbiBjL4 zOtYb4AsmrIMC0%}sf;WN`*sVoO+5^l0Xc$eCfQS~L~wPvw)!s4j?n+ALi`GMY%o+f z?YtdsPB>WDNh}#%nCz;jA2Bl?v<>{Cv)( zdamo>|Iah7gkWT@d4lvf50IC#E-{GL!+J5n?rfP%FFKO8buh=p3k~1VHna5`3xiXb zHnks_sTk@B(pn$wGK-j{{Hu&vV|08;LP?{*~7JYWO&vVxsQ~T)r@6t^t0_7j@xGw%4ZDPsFi)y7~t2zbWuHT6t%mq}I(eGu? z+wtFOAu&(^j4cF^jC>@ydqbuSU#7)vDI;Z*m0+`T5FCMxBBxBxglok~;3J>7&bHo< zk%|qRNx^o;RHKiFIly??f6{LSb8Cy}_wo$TRmWJ&-^KxGb6O|QQ{dlZ*@oF89gqo9 zr+noVwa*p8B8k9` zgat$vv7!7T&;r=GI_6jk&Tuyg*8H7COIM@6;q#8fgaKrsxChrP+T z%-M4SIEBD>AJZ$%McT(5*tCsBtMoMVGrt^I10cWK7Vz7EhaxFvpcxxaRECpOzKpV4 zT^c<)PL};zz@&V?oi4W#-FBnB5{eX(I4aM6HN{Q=LY+@{+~YCUWHSk+ZJpTeK@fPZ z)3G*yT#YHRB-MJEW`EG+l`6Gz-v5|$_JNEQ8>P4=4l~$yw5%PT{^Kp@aTJ7mj0&SE<%VRBrVwAkUt+2o!M`i0zlEX87Y&0-rinBI7jZ5w;~K@f zLvL9t-r#K9xvv%HliQ$0jxMki3MjRiL*av3Jnve{A+sMba&^Y|s%ly#y7r|G8+!KU z&S=JKA!>?s$c}S-es&9#1yT^O$|=J8&8w(U)hD`(Fs@T=2VixLnA777tf;ii>N>Jw zA+J=c$CKR#L*q5mtRk0vU@Csu>`^M1ug0UvR)KVCbVz;F@-}bX`_E1JCxV205V6Ds z^dKl+RY*8~B@rL(u>x=|oo;d#zOxmu%axLqkyH&X8VRH1ttz!i$Ps)0Nr{O6J!=2$ z|5*`|Czj!aY~b?L6xiR)`*3h?mcpuAebnwPOKxrBPV#th%(>8wg+I0+g!zRC&|=<& za$N>K>u6U~%8jx$oV9b`ku2tyr7@gF84s#}hHE<sZvPY)P7lD4&vb(mIgzZ@6R({<$SI!^U_QLm2I{81K~549p0OY zB({H+TBId2ExQgZXj?5nmfLXV#ldTWkiVyx`Z8}%@2^jRdVUxNKd9cjRPHnnpGz;W z;5YWovIP4o)(rL75MJXjwYF5M9wz!)g>D=6ej$|;w|AQHE5c@J^MXB&h(uSoJ>%b- zsr?6q=!`tX!}oaSz0vsn8$LMtR?pHOSUZ1>y9M)B`gKM0i$0}br6U|Z6$NabXkP%K z8A2C)v=RI%P(Pd0hI)jkY5fzHa;KmZOV1Ub>0X|g0$%SC zjBPC>ZR*S{x9@e z5^DklFB?AQ&i%kvr249D+?TGAH_ZL|cb5+05ab(%!-g+ZE`b)AyHx zL9BoOi-q!Q?$R>cxL|-8bVwYlK8w*)?hcURK|N?^;mI~r@%mZuCUEqlGF$==XTS-V z--*0CW5Rrh)vH93(@o!dZ4)F?u|Dseeu*i>+Nq=SJ(Ed0gyG~-L!pFnF)ykW(UDtWak}*i ze$OJpc4M&RKpYiO4-hUR4EL*)EjQhhvw|)Q2+Q=WNBIt<7mbwE)uOHE(jsTTjp!w67W3P)J_-#`id zS>yRl_4|+Jq6wwn^ek$&!?J2o!h(V$bw>eb7!)RwvVRtP@6Icm^+h(|4~=C`7_{XCqL35Q&XOwLn7YWdR7J&D!PBcn;~ zpRb$-Y=Y)_$s{G~7fy^SJQsFOZOo+-gIPh*xNgpEU1A`%qinAouz47fo)-gkj|Ok} zLl=0gdbs;Z)j7|hy^;S}`3*UEZ`QnVz0+2Y3Uzm^7{cDMIU;QGth$I-jO*Il{@)^2 znDGJCzLB=m^=~=mgNuO7g>*ataU@ zyI0H+SSVuv8zL8RMdM7XCnBwax;GHe2^%WLT?~m4wgPQ$u<+W1&(Dc541!QqANCZZ zW@kY{qEv}kUdDEPzw1L?j)l5+T=TlKR*!G_hYf_aNWh9Oj=b4Kf>cSWDk%Gd(-0-X z5~%g^+ElV^sY-qjp!&_@evtn(l$k{N33=jw59~nhd-s3n$~K=za#m!cNtzRFr9FMb zInyGYOg5~mf|?0_wWzaT_j@58c`3*^+Y=dJHJjaGF5|*8>VO(mV#$&NCD5NSVy5Z*pA3Htu8F z=qoLBI%cZ0>;Y$nmu_-{?TghYXZy+`0h0UpE<=t zd{9qJUH3jb>I)(XtH91**f?ol?&beq<(fiuDD)?@;v>6@?w~8`?Xr~BI9j8?S}xeC zr&m<0J%j?AcO@TxVJihq=%0(`Eykb;j+BSn!{)&d^~W=(t4(Gq9#;oz>J-Ig+wTRb zU2|-q3}CYL87v(N`Z75pE^yw_jqw@ib7fx5o4?T|r0|WMFTg_NhQ~W!cF1 zD7zqi$u586evG`in$7csEN!&KN$8F!Dv?G-z#K=VOpx_tY(A)lEZtDuGP}xAW5zI z?>!bA6~A9I5_5Ouyn>A%Mq$pNfw$csQ#Jv9z>{e8!s8Z7UQI>Wi^s1$%BgTrN@b|j zW4?hXir?tn1J>t;{cAEO!!y~v!N}!^f2&Cs8Jq>G_4}{A0cin-_?S%u%Yi~Sdv0UL z?-lSsf$n2?TZvq!%?+JT2Yf6cShtuc5Cx4ORG;2^-v&GkG!S4>NBp{w`?hK*JIqpF z<}K(P+@J!Q_sc|}W$A0IGL~qQEv8(Jqvo67G4H=4A(+>Ml6R-QdK8(xvSD79M%Z`Rje0yEQp*5B=$nz zxN8&>2TmajV>4gu`$ee`4cW-UkxUTqbCe@W+31=EWQ-V z@JXFv0YAtoHvyp0vvtQZT6jP z!`)A02=|Ndv#MJ#$mGTfmZP}H)N%^wRt>F6+U%w;lgg2mBCSpDZ*D(-k_1O8_98bl zomX%M3n>9_3^4ub@KEjC3_!>E=!`VE#{Zc6F;jYH7**i??7BFgRAC!7n1A`cc6X?R zum-eo&X45DWfna=NH@}Y#}gVb9&oTCG!P3mtaBV|P;+^`>Y}Q|8gHvTB0* zOpjM+jL4UouggT>X5?dGHPM#ZjCea}Hpnk#mg7X~oU|(DvZy$P9j|M@60*)^=_$!D zlg^EXecx|+V2Z#QpjNIFJCAbrVSQc& z;o=Dw`wzFr1v#YIGR8YzWyE(YQN&+Mo$Tio5$Qc$CE7*>SGgmJ61OH)gw@pxRIsV@ zr^k2De7=w8Gb@VqR4of^>*)QChLw*hs;4GII>uk6@Aw-ZXFUI?tF+4wjZ#vR;**$i zTgN7Y4W?VgxmqWW8eFw`b3HSau+O6LL>S>M848!Ls?a*qP=V1L#rSgA1r`RVO&6bL zV_2&cw@*F)fEHL`@FT z`_pKPe}p8~^|`7*y`E)N@i}w}G^T%TQC}tp*@fAJ)3)Wihb9$#%Nf`;VaIB@Mre07 z9)4;}kx^EbS%3@}$}I+Y_Zr!RNKf{z6MnYmu`YdUh`9%XE%{f~lKb`YmE~-|S%WL@ zvK>9ssvsJO@iGwX9%>-pPOg4pm|tege4|pKamzDYzML|1C2B}5K2^RK zj@!!J5sOX84g!IwV2Wm0DKw=YHeB7-Lg}5yQ>yH6>`KJ$E5WjkWWBs7dkwb*Tlqr2 zVFi}veylY-633Y1dVf2&NXTc8!`>zW;!6cp3491@;^RccMOTB9C0=#kZi6)MZWN(I zesOJygS`>xgjv7M+o*_sOLqzDOLIsk0^}u~t=bo>;!A-d%d%dTj^$1UcrC0H2!8ax zj^o**QEn;@iShCj8T;>7H-a=xgqw|H+e`{cAjTt`lab9ZYc-qADxn)j8V4Bxuu(_Y ztC`P7zp8wsx3nNRuk#M&`sb)=tVl1eR-$ikbZem^83o06(R7jj@DUyX2 zTB1E*gRKG9e96bCYFh^o4XX7yjAELtk0lKBqoF44@>xR-L+JV~aQjRhJJ8g10^e&E z-&_rlke5`fdK;vCS;&^N{E7z&s_|Z9>?(3-8z`=-1SdD~AVX zZ_^fzW>N{;SB-s{H2W7To25C<0xGx!=|0w2yn$D+7Rt(D-X_2?bW$-y!1ZW+VIPfI z*Ewu%1o~R%m^-#1k^lt2_8D-e#6)I z-|hkclB*>Q7RLBXyh7j00c5++Cdw01n`6Z6S&Gsf(fQDMaz!?vMr0^dU&?$vwKUP8~i^mwhKtO)q&#oS?)Mx*k+0E4z{6w#N8p_hd zH|OVokF~8w#Qd!=sQ#m;v#Mtn??C(=n>YWK?-5VG=ASmWIMZumUFtHdVPiRTv)arr z?a7vl#uR5hv6dCyYY9sKJlyvhu+Xq(Git||cO1=6 z!hZ8bv8;S-yQUM-iD3Qoi>&sr>T>%(i->#QoLRh88B{O%ynbNV%-17@Wx+7|E1i$M zDKBOo$^qUp=*B$S8A>+4^x^yVzgFGI>GTU{ooCMDASMR4VF$kj5ABV z#5TMR+JS>P^QOT_;)$OatO=&VDUr>@kg&uI(MI?+k|~<$=(}M0T?Ko#{R8xdPcw={dNif){qPi%u}?LuQ?G`OIwLX8_(ftIQT z8K^hk8PIWGWuq$@_@Mws{TM2TJT$TT8ia{NhC{{BbcC$R?P@3Y=B-(V3b&@Y#25#L zzIbHUH@47OExia>AoMlC0xs0B))Fy%Jip@$w7GS)inceF@+n&i=0$xC)HjF>i^(#@ zuLsZiBHjl97r-dK?Q3GXADXy?UN5Ssx%HN#2WW-w+5Yop5hC(+0i5Ok@0c%VG^XD! z#PYmwXFBrxAJ-Oi3Wh&bTkd`(=1hmZyHeb?sI;;o@c(bk@Zh#|wMcDIZ~!<_`Lc_% zX=%o1Auji(5>$o+c>>MvIX_nt$q4d*o^gvDQ6{EoC92shA8oxHMgv5?loVdScvZit*`mFsP{0fe7?t$(dPBLU|8e1;UEvD@0yG3kJtU!JMF7#mM zQX#qkfeS4TCBQL#`K?P-yyE34<#1}W>Wq`J#1N|ZK>MMN^>Yf?*pb(9`G+M-aO@F848G$ceD-dB->Hl*I2?MJ2bMDyW)CW)$80 zv}R2U5h^;bgl_z3MQSpHl(QAsVI)wg+G&%FP|>`05q*#52BH{3yYy?B+-!JrvZw&N?U86zy~c5)K};@r|>zx%5q%Qg^xGUrj>*TvZZ{!+s3kQaLyEQbW`HqV5|h&(}AujKsqg zFw7jR_f@_XF2;8VmO&lo3`S39kr6L^(p}hS^O;g3a-jTm#>OP+5Zg)24wilQ7jR$>OL8sH6t zn38 zS$3(Du>IFzV$a^!S5!kNRUy2AIMAw+KvPbf+zb_=S#C&X*5qP~o=B_rGZrWu-~G|i zq7vRMj4|q3!~bilsGn!Bu}GbD6$Xc=I6zuP?s2|}Q?su)$PpX5T#Zmbuazl=PS)y!hf#-Il3~CPr}E$zV`tBxNXU8d1Ba2L3TA_?vOXN%aXF=B>O8ezj@x1T#o@s}KJ3UpCnY#y8Y z{Jw&~G~DjgRA=+nA;(|jj~6a1R=IrXvwrINc*;lT1r;zqAn3g8(y$MJ4kq2ERZ~)1zeAEN z@CW|?1VpIoPzp6;y*z+vJKn>Gk4p>ll-7uq8C)}@%$iZ_#${TUk;_%lB4D5`Tb?}1 zSiJr16Qg2b#5xwEdw-vB`Mpk5bCM3nKn+SKjb+=TavfM&I4vFuyF};B_dN+7;>5VaQUDNdX7-&BvTVePNyGEG;qdHTvL?#RD z`mOlaYac8-cAHv4-1HcH=Hi3{KITkn_+?~zv0F8~jk{gJjFW@p$?*D2g&)Bq@j%{)xQrC#CV zZ};lq4G!_Nza`<5EG&qLV=c1oohh^2(Ld)|a0~`tJhLei&m1FJ$X{=)0s*d3^9GU+ z2I`{@N(Bw#TyeaHkf4Q%OHAA$Xs_H|EPI1ig$|(FGbu{6v{3pJF;#HX;k$TE%Q+*B z&Eq}*QQW|h~WFZRXTv#aC5q)Nl54q_ZvK_7zp<89FCLb78kj;S?@TB%~EwR<7&bi}p&_4pN zAt3=YHk!Fv8oFgAbthv9R|lTRA^%_^KBVKII`;(wO>4Tu&U!n2!cO!=OR75ViJ?9v zkE<$Tn-xl0^atKU$C6n^%PaZ-{cz6c$Q!OTd}I0}J-+nsX7ef0-PzvR=_~HO)G?z& zh|q7q#bX_(B5zO(V1TVI`dS*9{7`&k*!rBU-(gL0O0Y&T9s)gk=*f#cij|Yo9@PAu zG)aHKmz9L!FyxpQn7_=&aq-@j6^HKtE?nY$cyV z+(uW@1eG%UU@^z#@M?;x)PZ!?PV#`76S=}7xjGhXf|589X9CQy>O8cxdHho|t^K_42+CF>!ic-nl)AdGzYep`J5uv0MhD zik+(gfZ_R387!za^}xOpv59Kx65|8rmr&p7IA1ft7Y6;&Dv(K39Js^htun!#1G?0+ zY?#??!**-2XCy?ot1>EC|4cNJdN?;%^aHH^^J5-(*O4@MH#&s#pS2#ux1~pc#`#cH zV?%~#3ef)2C-J4x&=JAPUA>)-lZEvkA6_%}A`9W9aU14K?XDMN+cYi?tHOlPOx)-# zMoP=y9^V8Ac3&(>H6C5JAMk!vhk26*m{Odh;mUe*(@{WPir*e#nSlEUHA26Bu|VHQ zMsU!wGhuBuQ~}q=_?t}{0ctdr%U3mK7xH?grD)-)t4~W)-PH}Q`L~YzQY*hCz#SZm zh_@QUzp5xIvgVJ_I>r1(N^(cqw=cbzUXVqsl135qC2?gZ*IGh;C#+q9NqULkAZ&;2 z{_*wLx-$JRmKtlm9L9NBU`|`H!G2B0fOry##xQpK#md}*J!Dr9v_WxAt|m3{Zspe? zip+tF2D8bJwH@3rE$#<(Zf0ErW-?r}qpoTdYW=o)@-ps}1O%@9n;qI6`l@6t@TMzZ z3mLgY4bS_t#o!cE}#Ym1$k-jK%5H5K`p)03B?D?fkXWm zcBfFJO*GF3x`${3I$&!f@-hPdIvAYQ2&?_3F)Os6E#a7IyesiV1G2EOLO=>=n7 zxBLf!%QM?@JeJZ8nozk>0vQ~8!m-rAJ)qXKhWt5jsCf(St?oW5oSR&@fpD%vkb19J{r2K-JnfxLSv`X~}aQuF!i~E(m5Z&P3o~ z!&1Y|7d$?t{20IMpN?COW};Zd3ToRlU}~5>-+Cg1`-SDA&*2-b*s-W2-Q>GE9-N4r5p-V5aV$?%{AEN6Fh;jd13DZdc#<;!X+5D;WWf>%@vvDaGRVPP zcwKY&-a=jkz`48&NnsqE1s2o*{a%tt({+!-@XJ4cUK57~$R>ln($_N}_Hy0cebW9k z`Zp*b@?UMe=>^*6efXAxj6M<}`s0!}U{klaBp=WWYh}bIXb?^HxnTtTGaGT^EU8w8 z$otO>w7aqkT|F6ztok>?Y9%<1(JR&s<{KXNFthK8wQxJb91?=oD!gnUK(oq9^DD@R zyv_ei?;zrG{Zrv8y}X587;AE0)dGEf=#iDvhH~*F;@l%phmFS%mt&ko6umg5_0(ks zD^|m-HP%j3xh`cm!=ZXZ++2tw@RCi7)on+~W@m!{mT8ZyoC8QcVqQIjP$(ooxhWq; zV?|Po__&zC`(}*Xg-XAgO$veiHVSFomw4FS9P6lL^3pZv@Ofy6Q_kpZaA`!OVO*XH zw#HDW$li$~(W*GhQ;1PR)lUta7n1xIoEL!@x8UC32&^0l?J zgS=SDnS{5V3;bocp=Z+qvrgK;0?D3RT0@!em2~U+03i+RT1|>rxzfjXj zmpMmfFF@&lJ$JYHo<(4rAAHo1S0d+!;G_I>Nbkf#D|s(TT^ehdDM_02>eME|^_sd$ z$KU2GC+eu632D+F6@tAuBwNHE8Ij^XS6o~*EAADPiaLVOLbbwd3;@av(5$?%pd}0L z{5pb;X;{p{4zcN%KEtF}_hl=`XjOM3@;pqGO=YyzrYjA0cMz+KBmjWrlX+^8OA{8N@ zUPA^}wcgGg2)OpKV``x1q)WI(!omeOW3Ps6mR}wv{rxP}X~G%kpc%*~TY^q2{C~r@4>lmFET;<){X(L;Cr`|HjlW1~GRwmbEsY?0} zDDJFY6z~!g1iRUC7-i9;McR1FdJRrUHZ*IN0}V)s2>%_ic3y~7;7>N5Ni44gvZYOX zAHhuNjf#Oir&t|8QEc}e4`urxq6DVR4+GqI8!>Z9*tOob8=kF7Ob&N}=4HpDzXij0 z+h+ec27Bvle-t}r0*!GbqPR`<$KV^9t*d)#+mJ|TUwl$`Yy%YOD^}JKfR~)ubZRa@b`?axeDWPJCneu>HfX63H z+sKpMwxjqim4j|bfu?D%(f|G*2GkN!lT^OF&}25bt9jR`Tp&QCru&KVI43c`qG|O{ zx!_fae~CYOlZF}5YH1vjieG*p{xI!>Z-Yvjabkbo-Jn#7NxGZq^QtpsaWs;D5<{vr zrhq8eGq@15ahWyfuIF347_BtV(5zeGY0q;Ks+}&U>w`Ws;U_x{eC+FXm)e2aO@N1y zcCGtkC~gTN0{AOKfHYK=QyRzd6vDc!-4*wEMZ6M?SSJ8T7&uh{4hv{MvSX|+in!%o zqD(YDr7zj+_$yXXlNZ`Au{0Vvp1x9g*5@!@o@_68)b+$4`Ffz&lvx(Y`X^3N#Mpk= zZ@U-<=?@raX$$tqV#$fS+or!LfF0uI&N4uGHn=JvA!aKOV7B*1|jn1C(;e_KXLLFHre43k)6HYftSalMqWx5 z0Z+TE9-I3fT~%)~%K5!}rZv*jH83+7Q|9I$Dmg5bTu%H1klw+76pv)4t3D0dnQH?V zeZLwU9fKb&Y3W!#z6(J^x}M=*tKW~C|NnuE%WNRzUP(lP1#}7Wga(;{)e(-4NsD6* zhDHYqwfe2C?wC-6zx@lBkryntekPGC?Z{dz!HlvsEE@8;f2n{*#jI>{iwHwM^`#!4*~S{CY_HXMdF`?nbe}q`7vuKG&-RKy$YM4xJAeGRway%)r^MvH2|EV)9 zo3X`QjoPNT?(tMT$I6_-AFe`pf%?o$M?n^HexMc7%`D47EtQnjEk30x%V7T6$5Gn3 z4Tp5z^8_!9=52wRgKu}d_JYdZiREY6tLPTlyOK>~n+8g7&CDMAFRG;8uad9%o0_;L zCAHz1$N2YT{lWcFGgBGWJr=mfQ3rMyKWqWLGsvveXNaGKZw{F*3vo_c-n?qjsW)h*6o!>EZ>Z2iDl{^3CnCSRVaZ=_v0P?M(cno5StHblA z;-Q;>KM=FFq6g6>tTjtbh9q^|Koe!f@aBxKo&~4^WJQ2;qfK6{o*APra z1Ss^)wZmC7sD-Yz+a24yo9gsgYm!g`RPwZ;J30#pkML~cU;;GJ{?Wp33s^RxvWx7w z&qgR7Dme{KLW~fg)OtBusNW7VZ@U1Kr29jJ2>vvs$k<6#wQ5bA`E(;jdb7^kJk{>7 z^tV$Fot}wL(lVr}wuGt(AuzJQcA{amM0T)9Mz3VOE-c3PYaUx^J&2v$bAhKbL<%ow!Debe!d!Q<$8K~N;eSdM+~Ycn^{0iN^Z(P0{swOv>U|;AvtcV zK6wQM5bn(tKw)h~qk3G+ckaUFO_&{yI+zgYCeU=jC8jgMzLF6xU+gG#5Pf2li@rpq z0aDqK<(x#Yzj|uLoE;rd+#u*m8g21J4PRR1Pdf)%`lj`hjJ6^r77bjBYHTI_i9NVP zH};k1WrVhHeV<5;VqhI}*hbB1sw6^rS&5^eoo%gPoB|AhGHxMt)Up9W)uGmr0O&VM zRW_Q?(=f>IXQVt$^SqW3=y~RG6mA5D=b7PFA7x7Q;M9GC#T4autO5iF0ApBOW9C{R zK-Tp=OddJA~8AqW5R5eX}Z+}R9U;S*Ya-h^l1SFC#vJ{J(syXw?M)(9Q zU#x9N-^O{CygKFpy_wJES6~TU^SH{Dgo;-QpFP{ST85>F4#sG{h&S}T$pyY=omRlO z5h{?@_oZjk)k2(h(t(od6&is_cd)w*&=L732<8L zXFsHi83&si{RX~+Et2A#UaG)Gmgfem?ocW%Y2lYt3O~CzBhhP$xF{sWw0lWJaaXqy zP+Q91E+f&qFNgTH}^4}4H8v-R6~q9fI~FBqGu??R2T?H?icabCgBg|@-G0md3e zw}C00sb+TG(6H?(nahAbNHmJU{C8Ux8f;og2dhd-CP9Qyw$uewj8I!@8pdim)l!09 zno#*`A~xa@r^X3{J6tDXyE4Q#ISy4quPq;>==d9X2b90!nN10XV%83rAZI$OfJ$b5|3}M^hKA_+>U`>cZCk-lB zzo*%Yy<}-ReG-nU_(&Wk4DMvvDRtjKbQ0m!Quz;C&sIb;P>PArV6%zPP^le&04HZS z^_-9NjZ|Mpzj55p%|a(){3da1mW=i87`~=3xf~b9#%t5vD?=|-QNhu?QYJiYAi|Zp zR(t^)QmjLzom*Vw)a3~NBaju&BQeuR=MFomElVahq8VI_hlqkt4ec`a(stvdz`g-m z>MOSOni}V>i6_a$_;8Ohc3)M9@fvF`J856mCIsZnhLS*=ZHl!>Du(gFMyuXpIf0D% zPgs4Txfdzx(z4zHhdj(gOUk0gxR|d~^vhZXA_h4vCy$eL7;L>KU%s+Cb}i{V$0=8I zB#Xte_CrNtlLw(Z#0J38WwM#`>EOE{W7hyM`_fPFN4AlGtp)&sE^fFT_(+_Q3~!h` z_Lb;kk+uv|C>T!Inlnnjl{>c|B5dpnXfScXtg9#31rPzl>`IdD@lF$sL-%ZUjByuX z=X_%+VmJS0dmy4I2a56DQ^8Zp1wJiB@{?m#Kr7M$w^1))KVxyNZnltr&H0H*o>Jw1 zC@_rM&}O*2A6$y%a7r_%%M4?)rfwu~M5-1*Kvl4h#~cux-D;*z%2P;Sc3 zy4|+9DNj2KGU;gfoXoFRQ-|x))$S{`m}J+7qQW_2I4l%qH}opTD@+bTP{9;KHeGH+OHYyuWW8 zBu(Pepz-t+14;QEZl1?_)eg(<6=MZKun*A8ur0DQBCnS(HTyRUI z@vL6!B_eV7>+Jar)b!{a7>fP@O+;$>Taf!nf4%s?TEf8~65d@#v^UM@ABSIpy#czy zI#RzvHh5E@Ngk^o$g%c}&?P-3KUs?3?nNtms{Oc}=Q3oruT-`M5jzVC;N+h$Fs|)D zBo3PDuK}e6zU1XigD4Z2Blc3$u!K5OS)=$xC3ZjMl<~SdUq|0@L_j2 z4dY&5e(RUM(hNJP=}IW5?@!erX+B@CyFJrzoJK5eK>-AN0ui$iB=fN-5X5b0!gT~w zHy{N09F4Y8Kg*%-ho_7al<{u{8#r>BD?k)$YL3g7Tl!(`*LJWB`T&uv5;3NJ>##}u zGXpkV>){8e_9mZ57Rn_&J@cIw#tcadeQA4#q!+t>)I)Y?3LQDg|LrXJg6XU|01j}) zfr3o*_~J?G$j-V&FB_%t-K?`GUHuS}$!dNTL{W8S>Ozgqh`hE%v{)O%yiJSbEfN4I zI$3rsFJg4@4xwr`?-X@M3{`CM2O(*GQDaJ7h;LRPKyUN{N?Xs17+Oc(?#0_PTVdp{ zHkrf$37gE88=DV&Xv?eL7iJb2Q_Wy)~6HeGnP^Lk%5=s-ICUqbIy8CD~4ZN(2 zu-J96{sMbzyWW@>#iG}E!|JqP&dJ1FeHRD0wBwZ^Hz*tRczs0H$$-o6lI?k);E0s$ z!CfKL%t{?u27p?cFp+H50W7Q-8`h{NyZt_&7Ruv>z}fmAMY)UXsQ9en?+W{2$<_c#uQx0Q@Sg^9q`VuYimGXfk zzYJk@mS5;tb{&5xxTr;p1(>HcFRC(dO58a)qXPuUO-;9Z*v?s7N+3tZd#nbBFVic5 zGO{O$B2v-B0UmQo4mERSjW^MWp0~GWnT>#c0<+PaNT|d9W)$7-PyUXEE-5z1>FTYkXVhl^;W6 zRjzYNN^L^gY(C3X7Fne67Qyql_tPqZ!T8>Ngxdi{)w^9 zD7+UM$rj7q1GP00kX*!(zm35TBr@eS7$cpN+PlJ?vnH=CGkB%AHi#|PQq`p9+QR&& zr`?4gwKW}GAWG*FW)P3wi9`G2q7c;2%8DH@AWyw@tk0a-hM)e2_9H3i|8La)8YoO+ z?urcg$4=^LU(3e9`QVJ6dZ~ex(t?RtemJBMzNqp~)X&`by{?i0dqY+)cU60DiE;)| zE9dtx$B=baQj_I(JdnP|Sp$QM)YzhuXFsOUNynS~fB+?hiuS@5hhIb#i!>gcf>^T$UdrCa44Z5b zuw7uU5R+RO_`*m7RXG{3wCkj=!YFOC*QXG%t}!QyO1YkKNca%VG9z|*otu~ET8lc& z;AX?|dvYy3o=B6Cm*IJS%Ol!(%I5<)lUVqfjN-Rou-;6-dFckXQ`AMv*!Vloi*hf+ zv`g8K$R9O@2V}z$xGXGLSm!(KdJntI?Tw^>4(B#R8U-}uuBY)q!`-^SM)Bdl#0rs? z7f9?}MdRz}bFksr&=#F6^(iQd_xt|n3ozK4Jj~Lg{E^ix#XHFhB5@z{B!69fmgdI_ zM)zmjzBEKI7F2^x+n6pJ6|Wiw?JYLwjrMy^_YR+r1LE5qNNq(%oc%)?z%@Y>vJXL@m1*N7{76$&A&`Cl|D}%4)~VZ9RS=c z&X#V67B3y8`c|LIy)aS7Y7ZllgqZ2+3Sn@}`+90t+BI(IiixRcUFwghNFIQhSo9y+ zfV6o2^pc@AO;-nmLz4&wu1iefeRIFG$W$r&UaFwuYXwGoRM zkt*797rRGgIw5bNz~9*6nU*f%DND^Ycpabe=F(-d6A;jocK(Ez=Gckk&AM(dRY&fj zHML&z3GkmFY-;6VKK54aNmwBH<5WNXQmO7H;Oh|)0~<9&Cb&}aI5C<}YI@v7xkh?bd~suV5Q!dCvkMx#*)Su*No0BAzBc zGW1`Xhogj8A~U+qJpOM`8orLB9STm<7`dFb++C=*FR~+p1H})*ai^nDlXQJS(~&K1 ze-@vBnngW@>kv|1;L%98+jUGOA~D9|WcxQ}#+18A2mW!3tReTJMp(8FRH{?!X&E$$ zv24o~1|(tkhIv2n(Z|g&^LzmB7dWGBgVF}5g0EJA= z6|$NsPiggY2Q+WPC#L2+{u=9$Mi`if=5esUzPHg=`uvY@ZewG$$t7&5nPzbBV1c8* zxmXA?3-$nFx|EA0&lAf=+5xyj$B&FjnD#+85Q2u7Wiir^)hEltp}z8ZItm3-RaC&B zCAmlXGQAJR@%LwRl`?sd5yvmgM-RP9z9T^51%@ZNn2CDG``-_zPJ-PpauZ`iwj9Hc z%krz9P?d*t?mfp9L?T($mdRK;M@y_8YV+toXRV55)ZSI^VRT8Y-JQnMB0vhBVZOES zQlAFw1f1}YfcpIITx~{n0Hr3$(EtLli{I#eA@9#kuh0+k<|F`1cP67_e~V+P1@%eJ zv9=JDDM`h4Q&6n>81$qO0He9;!91&0KdbEZ43rnqJLK2hqHS&xQ*I(9)~AXnj6C9E_BB~peskLFW{m8H z816V2(APg`XhD;3+k=1vNKm(9G%!bH7ivMq9@45Cy6L%bd7mPNvp`S*OlB)>qg72X z4a8pGcob4ufwK#}*xknz&Z9<$ZEXhIxx0HUoWQoO0`d7;B%w6gB+ySt`n4K>Th z2r2&z^)SNDt!qiRiV&}rxGhzQvUNx;H~@p((m$(rWt;uYJ9Z-2&9M`l+EA5~tZ!DIZcs1e4HwQSMQ9PuV{zbo3|CvARZE^-gpeAB@$AoYS{?YKOjRC^G%-Qm)gfCJKQhg3IEBQQXmxuHo~)YE5#N6$0KcdrN9Cx zCi{!FeJQA99-w!U(E%mgS0fXO35RfqNtL@ri=~MHNaGT>)L1uB{j%}-sHm>O0SsZl zy=TdYm8@+{1oBuzUSn!(18t}1)9RzT5rbh&p^1vgZ<5IiPTTl&lq>ieNJN6z^%?@< zsABxbuWYhD(B#V@3C@e!n^LzHSK*V1iD!pE)kw9LPQh=(G_zOB5asC>9NQ`p_hpVZ zOo|#=%~t-0`+kML_wr)k#?i8t_)uyEM)rVWDkEbFWaWC5__ohHaYcmc(bc!EbUhe7 zkR_GB%u#>X1(7!-C=7GtoVN-K33Y*EA>EppB%*xacWFyOQ9W^qPw_MyhzUg6!Y3b- zk)U?75APNWT#<5dj0FwgBvUP%)Pb9S1>Nwd!_#vk9sJl_3Ju|B@trsN@FJeLFEf~5 zl~5iVC(-rKeX*Pte(I2~zR}j_awm(pnga-Dc*5ogMRNzuIaq_ffpvvo6g|d=%k>H30AEdVvc&h&h1X zI+U|~J&Zv16k)88N4NJM=LH{cOpt(ZLufD6^@1b{GPQzOAa?}rt>v@vj1te-+1jY+ zYtmVqvDNz(F0YOL%$0VM20F3Yz~(kp=pe-v@BTHOu@bWl15}>rH>_yPO#;_~Lvl`^ zV*b1L>3SEoI&1K{5%yDU$cp2QAh<>I*&0jZ{4y|Us69j|s$D~&MB*E%l&``sr>*qz z)_+E1EZ3(NkWH3(N}cG2z<&m`1RXxS43t9lO9N7;{2Ww!o_eY==2efUAFuT7tW6ds zQ3w@tH39c* z2ZGLPZYFB;9*AD1RB+3{G%BehqtTtlmK6S?3{e(jMRjqFXc%C*J^ku}v%;`I z#6ZDxQcQk9Bw~!=M$TgQ7LOGiz+YH;Fasp$&@+>D&&R4Om5b|)+XDynPIoS*m1?&q zl{W1prAIUf&~Sh4owzHptv=J7qrZDj@dz{N=BH2CpvNO&Ma`#>0rfH`+?_=>yew|K zv4R_Cz1P?AO3WEC)ANF}2|$Pp#zc^&08h!`2f6@)?zpCS$Fo^P144}LytN7SNL(V9 z6cZ01fZ72-rG8?>3TaZmOSj;BFbChnCuH06!%8?sBoT^HGg8IU%?*G*33vjtG6Sk- zW6n;G2omyQ%*up391E2gBVmP5Y|COjd6*|?BYHsBjC%Cg&E5onXuMTVDaN zu!anb7b>#g<+q>?LrQ^wvF?0Z_V)3M_Tk5UqH;rUXRHd)+pHEoPQTV3PO#a4VYg`U z-MRT^6!+X?V%2>is42a>T;SNOq@;-I}ohZqp0LFC)IUul`fQEx7 zo=i(N04kLmq#8+t!SBbRN8o0deEHG?KA?JVNkmv&i(yACQv1Vp5a@AaC)n(MEd zDSdR@QWY^esQ&>_5=%z#)!iD&pw}E>$sw5`=`)5^uTVR-aCe-Y$71n9$tIAC(mOa{2%G=Z$EZ1S$vXeZ1}~fMDeI{5f8Pn`u-JpBi(g%m5doG%$pf zVw_{)w=7pq0bJ8clO74$*|c>#l&k`qbAQtoZS-H=q>vL&r3ps&Ys) zGU3kmj>2A<3tc06+KX+oYS(n`uc+y3i358P9~~daNsr_5JPJLniB}j!fhE)H+nGpr z5>ZXy?PNh@n{nYfL(MV}t!Xa)8Q6a?B+++#Y z6)-(e0Y?_mq~C!s)s#EQaPyYo2CbPX+5~fhq*OocFe<0)@{4dI8SYX>j3>l*5{_B z5m8o${>z~lMS+)q8`Gnzdj{uJ(rAG93Q-;+Z%RAFXedW%QJNXP$;d3zHqfZw>3zjU zP?an*P)g$2Gd|@p>mjkS$mDiq(3Al*?c03AeC4e)urTg{eREoD^NgH#!TSI#&xDDo zd7qD#cu)XIn%`RGTZB@gna8Q`#U-%)8O7ILvc&SN*&Hd?rF|Tg&Jvf;<2s#NCktv4 z!_a@6UFV8Z%#AjImH?)G8W}A-CJkWv4fw1=EQ`a*n{`I;wH+?Xtuj|dN5Gu zWfyO;U*x;dnO2ZPcxD<#=OlNmQ#8|lR;`PQ<}^`nwJ|O4cBmRteI6RIA(gvfqPK@#>hPdj4-$C77xEF|1@iW0JHx^G^>;|*E5uiYdi&IQ?XkWF( zvV8-A-3C8c_t+O;fFb@^I8L2vaw4#~Xn3btr14+IuB^t@@i_iE*F_J$z&p76 zsQZh0fEg|zu~*p;5XkO%;Nc=FDup;Zz$r-BCE1jqW@lL{bp5)Pr`&qC{@Ikc2J2Oo zmg5#1*+2Z$ZU@AMx=#Z4Mk6lo zG8jeISYxR3OH%_u@Q;P?CqJL_d!mMu?GZa_rZb2Ew$29a!%Hp+kk+M^AoQ+@m+QExqyn;X~H$of*rdd5QU!3<$wp*W>diS zJCeQeU1ce&z;*2^YR>9nC2==Kwnie3RESx3w1HF!ssVvqq$a|9+iit1^WG8$%9i1Y zXQ+dd%OKrE!xr;>7NCF-JD_@KZX|Ae;3d}9B%~GQsN+>48tzB-oc&MS*n+mt-Xhar zz)=1jAPb%CEU*fqE*j|!(f}P$xO)%|e`*w>NkBpn2AMCy1pFTKbW-ITxi^I0Z#Dfb zWhh*pI0&-I*#Dq7?~Hi z`89sbxY>m?z+&T+v~HESR7RW_%2Z-C)ethHwH^2 z2+=L@I<}4`!OKAnjZeUl@fa*GlmcNVko29~lLUsAeDLeup!v~Dy3}SHJW#jHT(und z-qXLgi`}h58^m)q?=3{=;Be z**#xio_zW&uXnd*m8yF*kkAkH^W;z15gzv#C(lzrjN?0-v@3LZ$O!M5j>`x9n{NoY zt5*4U`88i9DmFL;rUb~F#WJ?*mWb$>WG+HgTLW0ipo9Wq1C7Y!jF3ox-BTqPJO58G z*odY2`nNggE!NAK1LB0tLLx0+{nfTC8+`>DUMs%aBaqX!Gr~!l`|Yxrm1<$Y3ukZ* z7?fz%?3xwb3BIC!4hNGAvuhq`6`f@uv^b0d=({W&5*~l*)zR#QFKZA(sU&%M{-vBc zoQaLVI%nm*maX;UAWut=P~- z_lJbaJ7g}G#-Iq(5GlOD$>Y4xpKnT0J zs_ey~G|&n`$R;5^lMg`luF*~6m4%>n>VygBUG|+Be^@WfMapZ^-q=Wg0llY7l0-?G zSaf2##?BD>vmW{=F)q|%si``%g}z;Z&=*Lv=S47~CO<5-#%)jm@2)W(HQRVtaUF6* z;3U}$QLswtxT_;J2A&4;HeJVh53l>iTWOa;TuFy-C}Pgv;1H~^1VvP9fkNf>(#9b^ z4B{A4gXhnkzyTu3H(zZKrBSPJi%wVo!Bt5M2wy<}0#>|TbzbQ7J5oQ;H9|l$EE~L! zHAw+$&3{Y)rCoi~NKMBmJH?U(u&b3M;6XN9vtn2JL$UTw2fXdBTA%=B`-|cHBRuAM z4zkpoAYp)^)dU&OW>2pe%SZFNmE}$&_an*+Fy_+c%OVTh@9*Q(wADI&67XusEmIO# zB_gs1zaxQhP=TbyJ}SAYU>p^kK=jBIe#Z-pYa!Lc_4p2p9+XpQN0Z;ZQ?FK50|R<3 z1Z<|f6#Hzp)MZ{)BM_40({0>kCd#n4L9s@c&s%h_vQD>Rck^U(JU$SJb@rCewN5#i zu4A0)N;;R?ssI6gp4U&JC$+9dOcb2qU@vOwlJqlfpZd`aH<(EYXF+T#b9pF-^`_3u z&o}@B^6z3m=OiYr`u;ymrZmh&i<0HiQU+LmO&EA!13*wqY~?TW@G}C_j-pe-#K%PG zr{^9`1)t_dmmjCVm&wBuJTjVIA^Q!rEV*S_kzErL5|$}VlDubjO^ z#eMt;sYUBdx(Lrq_L62f!1X(BX7^!lHQWaaM~9>p&=v>xA_GhKi0jImbByt1$5V|` zi8CI1S~~IykXk$c)eP1^1J7wnC@+S>a?Zv)jj#gzxSl5ML2IitT`32k)iceSV-@SMe9gX% zJgJTOp5|q9Cuz>2+vXULU!LTqg->?r-O6TOyDQ8S?V>yq1G7UA>p7BxVXXI6?`b7* zBYHGOU^4?!`Lz&8@5=l3p=FV082=-RW>yYI*C#<Cj*iJ5|tY&cRpssL(!?E1NHo3qr#b aU>wc464E2Azrp~~5~Kc_6azQt0000Q;}$6Z diff --git a/php/public/img/jo-myoung-hee-fluid-dark.webp b/php/public/img/jo-myoung-hee-fluid-dark.webp new file mode 100644 index 0000000000000000000000000000000000000000..314048f984f4b5f95cecfa162ad07ff26e1e3d52 GIT binary patch literal 97010 zcmZ^Kb9AKH7H@2$V|VNhI<{@wwr!(hJL%ZAlkV8IZL419&di;;>%I41tyQ&7o$q}6 z?7e^33gRLnCmz5+s=@+tDspUu8=s$%l;N^~selmepm-QDqlAcw3V(=m!HI!_H8lHh zH-FvXa2SM~-~0gd`97Q%MSDX6cz1bko#dNGUf(A_)<%;6OM)&>-M5dEiYwi(uhQ2N zmyZqAub2Fn?=O{;mNVUVzJPZH-uL@@cfY#@kOYW)-~Id^Fh+33y9)4ojD79>$XKGkpFGpO>+b(}^zD5~0GI-D z-pSi^uXN9SF92BpMgZUl@|FI{_6@(&XCS9d7x3QO{nNJuuzGe6zyVah@;-mAc91_0$N`&lHQ`Nj5uCyS>FaQxA~#rX_)^nJ^2 zBlzg-^EvQ6ew2Ps1)M;@A$O=Qw*JC0(7w~!gG*x@0lp}HVa+e!_wy|Mh%PC6*26#X zEwG^KQiE*EIa-ORPX51sU}qbeX$Lp5eAB}{2N0Q4_Nqa2=ACXt*QEhnm%XzV zRviU;^x`>4_K^IxxfM!tmu%eKi=e&;6Jq%1r(>F4L}DZPfy-p&yOh4R@c-XJqT-4F zEcn0w*q_wjh3Njxw#jmB53WAm0y^gec(E0RpHK_*Nw`%oL!2w(0X0s9B-*F_=<|WU z*{AM@d130Ik#6|V_$QF#I+I)09d7+*!hmB(!FHgKEI2f#_}NZj4~#O_ z=TVusRY+>bg(AfZ#kCX8p4&_72!mXPW|}sVpRNI&h1!hZMxb2Las2Q3f5-mwJtQ!T z{`Y;nZ1MW^B8Uht(@AT2MRv zryVM_XnMZPx8UD2Ao%apbqzG(yfT6EYW~(c_Y}o{91Dvo&AX#xcj%@8XoltmYP9-6 zZs)S2$jM9i!qdg^%P?MnG8PYevehiN4CjXHL}SorJoq-{V)JI(|0^~%9tydRTB5Z7 z41Q4Gb`|WZcAC%YL`0CgX0{`{8*9bM8~>a9c;iR>1UDgxTMeaK2DL(9CC&GpRmh(? zQhUOczI5ahLEf_D4K?hY0h5l0SmRnUl#;EP-1rjbrR06kj4RMf1a-$vu8oURIdy97 zoJz`G1r4>0fvVGDYZiY;OpV&@>OU7VXY7Md1piJm3M~3gFz!b+ z{x;sZ3E3D|XVa)K6>da%Q?UXM(&wh4$7#Ml5#`a$YqWo#em%Q?^7qKuk`*nvQ{@mH ztBOb%7fcA9W;qM+If8P^v7l6WJB4^Dmr2H^YEL^%!;s1%m>h)ue_UvAP09c!phsz$ zo!tPgGZJ^V@S9C>sE_9<*z)G#+E$23ikM^zctwD8@DJ<$`Rag3{EY?tID8Q?>aeh4NjN1Jj=j8W zamT`XDz&DdEMJ-%uw~xEP4$880-b&w zWg@@EiNrVM(=Y?5wgzb?f7dI}va>(#>^7%SCC1O%|J{iakQejA9LvfTX3qA$la^|g zjvdXAtGB16v3Jga>DN)wYJ{Z9InjKNI29`wJ`=eyoUvCD=+)Y-tEY8u&rt zLoB}kN!&z=R5@lnBnB(|5!GcNl02nqf~!y#4X4q{busbw!CfV|1e_O&jks3)1E&r1 zF|C+tz!kwVWj zi}^yFl(SBlmi?uS>eL`xBsOO5$>E8%r49c{s@2Kgt9zm-Kgz1rRh&RBD9mWHf-Wc1 z?_~u~@dB=|p1$tbA-dnd6WuM~hAFNf?|8W`B1qA!=nO*#k&v-!M(@%IKMzM`py?Qj-eo>wCM-4j`C&H^v*fL3U$nZOv6@@ARw*pJSqM%oG z^j}iHw%sasA+)OK*&$x>y_f`#g6GUK5o_onUCLnxjBI^_Co!s3_~o?5!WBm&36C&6 z3S0IjK=T4r`~ETKnV9YPZgH}jUGbUWuYR1YD2+kF-TzZkZ8|hwa&3|#MkN4#B!;>C z<;);_m(N*usEF`^zYCbr?752h%Gbd62y1mLgHWsE^W9Zqon2MEv`xtnS#c8MpfsTb zAGmpji)lvh(B!VJ5ymi6sL5x_u8_)G%KVT7X$zT4hkSYXC@3&$wN$n`1rgtFdU#OK zf$o@|pN_x%(;Xa_GCK1vTK-uMe3+^0{@5g1>r9=%$&~Tl08{A>CVnBy$YIhfn408B z^S!wyiTGC$KY^AUFXiNg6JI~u2Xtp77oVwau^?f6@DJqaN)zYbNc1=$;K;{V0=lE0 zZ>HCf$Yy}HstS!*350is-AgA3g7AOqO?A@x$ie7r_Z%Qdb0%TJw_fSPJ=9=-tgJW$ zmv(a%^4?{|l$aeW4dJK%%Z8@a77@#b9860jk6tSA%lI&yU@Lgy)1ERwb_$1gixv;7 z2NuI0wVD2YUJYjSR>%7`Rztj(svDGt)F_N~;o-iL~`+Y#M;G(zmca8_TBmO*< z%I$Ib=ss(TI=Xr8Oxbz4cvjkx=h)HoF4SAIIM@0n?c;xvi@;}3mA*kBc^I_okC6*poPP*XVapPw0;a>8d`vg0H?%Zq zuB^V+8F=T0ZnBz2w%_BCCl)UzcH~a3jZqEwP#Mo)LgAXM0r>lL(Q+~Ko%Dmy82 zg_pUwg%CAR>iQNr_&`l3>Y^`0!Ke$HKM@h_N`=E*fH}^_mvRz(I{lem+5_-UYz%`k zQU2<3!*2|KNKOGgVoi&FcCPfs?3|GqXjA5s4_5c5U!1ayHEb;MTYG)G&-I5#!S@zJ zkmv-<f9?W*jpFj}@DT3$m9(S&^6gE=wtwA+MDJmsxV!`Lf*`l*C{GTLj!({F zlV>5(2SU^E2H@7rQ@Z{pLp7jtWL}IPNqp$693tp^po7Umt@yEvUPj;%8F;AKLPJTG zj{JFS@7B*Z;e2ee2A{X=uYOvN)0vO^i1Uzlxqc3iB1LkWi(ET&Ury^j(;F?0yI!Pt zr)wz(hM4fX*DFj;euLPq$oHMW3h)tQaTFsHF}oE{bz<3~IQzD#YpGN5kbfRhXKQ`= z0<9o4p-=3@m+h+Vr3IBO1HFE1T~tna;)fu>BUG@~VW@K$aWC^Nx%;~lZp$dd)A1ES zV;alR`>`@1nv!6n;&JNsdNd2)S0Dr6i!tE8+kgJGU2?ZP)OQ@WDqmE{G_f=AjNzmD zY>k{+9^sYmCiv^yfn{%AJRAolzQ8dcVRl1L2fN1j37*Qm=P+MgXRmeJb+PX$29)kr zh_ro2eVmh~rJ2jKaRZ9jjD*z&-2rZBr1j2jQYbm#y(yL%#)SS`-;cNZY3V)NsdDm5 zH>)8(i()F)ueZ)2niET19%Ey%NHU7v9IYmVNwCbT_P1>WtP}4&pP{nn>>J-dv;E_Q zpXesN;@kV)^NRZq)ZHN;g#ridYZ_FSdo%znW!Yvl4s~EtG33Ft5JCiG5Gyr``3N$*1f9bc#icHT)gLVuYA>} z;LO=hm9?oreLrFYob}TqZnd`#CWQAc;f&kQ;mOl0Y z9vU@8k{NSH93CkHE6S?wY^xMR%*N4#y|{zmwkC!)e%*Xvj7bVaC(6~(;m0O7!+*sLxjVOwOn zLTBj2uVuCG%L^RWN|#W>yrBC;tqIy;4_!e`B6Tuasz$S?DNxy3u&w zHxff30FX#f?0u&-jiJDGtow|6>H4xVc%9**2Scq7Q+d0M`wLF@Q&-&7tGq*(c+ccX z9qY#!NJv%P&h3jwXurR)-h!L+PU@Lc=!GSMbM0G4?O2rIxVOC!uW-AF=yFJ~t-YTM zt3*L@uVrYLH#$>>=3;-GapU|Q%>AgIZHB`>uv*y=&|mTSADH;!KXY;1WI5VeKkc$T;mM#x47BbqO(s zfw0A)Zb=qeb~Mk0+2aEYMPPf~<4?aQKPrxa>^#ZoVPiSRU%qXJ{uCP|$=Ng~q`?O$ zUlGPnE=BUtpCm}MZ&AoBE( zVJN0I7A`L2ac8u;;B~s(z+J{hCn?0xF(D?5k)%|OLKp&oEA}EWe`RUKRd4u3wNafv zADhN?uI!slHOD24ZgGC3@OiQMPIdjA!OyeXas_&um3&#CquLg+2@^cmBSC?cb~vZJ zjP;ntPWH%!0H*IvQQ#LMd2&`$NC+-JXWi|@G7~`&YK}1>pB{=2#~)(($GmBWp0#ay zG}V!;9(1F&P)PrvVg6!GL?^)kpT&+FR8PL{%?J?K=xDbsXUuDG#T|^Fw|roFWyC3Y zXu;;DT?qk^uS;xH#VgG2d5#Xdlh-$=*68r#xn4Sd2SGgmZ^<=@p&cip%r$mWAf>Gi z`PW>0*qs0BY>mOL6w;4w{Zy_MX(72otV%}Run^8hgKt1G*#=N=z4Cn_RU}DcGIK0? zv^0zfe8n>^Bsk|*Nww|)TfiuzoobaeUxLFF^MJD>f4L&ZKJTYcA_wFm|3gaIm%H!q zb~%AmTP%R_x-mommq2`7mU0?)bmM)GVV-_c6*t1?m%0} zZjCLmDYD4k0b6k6< zxR!`xG&R5o9JvjMvN-i|Lud97$U4=%fz{Jh#eMBDj+CJKLH5DRAlaKoLxSl#VQni$ zXe{B*nvDF`DePnZqRr4Lemf-;J+$AJC&w>g@oyfj?hTxaRPiCdj|y{>28PXmF`stH zAUr#jcVbY(%=H_pwCtb^Tj{3b7O5nD?-i4qkKixQwbzUm8tWCXMHa&($cSiw3t?B= zZ(~X-KN2NedwU}|MJNv1WF94_CR572M({fcA@7Uu;Wr47Rhu$hlyB7_rB~VzS11@9 ziK)moBVY)%HZ(Ib>|5!$j^m3JV%|qCj4*zx7Lgq* zllVu0jeJE7lipXm(oFpa3Vh}ybetYf*fJSteRL4Nu&ALgj;bJ0O7Vl&MW!dcWEEw> zqjfXR?ODspGW!+@i*{9S1V|YnJ>tT@2C-#i)M$Kp1N!ChbcE}iega*EciG6NU$N#R ziuvp}mLV+2_J1=Vs^^iWv{oTtPjS~b852_h`T{HU^Gbt=BST>TZ?t-LTpXCelfzXx3V>t8s>FIn9v2erAaY2>cB31W*22%u>a8Zxj@L zDs?L_p6S*$-?&{@o<)EtrbN8pZ+k{j=Wo$s%@Q$G%r}L0ed8pePU1s@eHV8`` zzSlH%B1bOkfK@2R^}Qpy#bL`3@-wCTI43{L50)HL1f03C3g6R{lRAHCQO-Ax!%--c z0euyL^7KMr@UMkK_n^wX7@?jm-Kx_s3w7hp^yDg)q21<>uqSy81OM8x5yUm&0I?R? zM;6hX-2}zzDa*af_&?mW->KS-2@EeR$*ttGjUVVcrm{1n@iO>%h)1&P zE=!V~Xeh1zEgLX=b*n)UL)#MJ@~Lj5U|;&sf4OTs8i^Q=^jXGjnaH|%Z-7bp>${M2 zk57546rPRuN{{G~sH?FCyUo!djy(TizZ$SwVSD&*y>XE%WE*P2keEYs^z^p9Mk%L$ zrGp;B5@~8nC(O8R*UNs3CBLvGHP#4l+2LteI#gJ*2DsxoL^73;O)I!@@fML{VXRy* z$Zo*eSkHWc2D{g0vfX^P6QRG-YX)p9=r6dhR3Ob_lelaXQ$=Zg!~f#yk6EJ+fGeo; zJPrGPk5)>L>`Bn&SY$3Z!&tsT0+yp(Sw zxmZV}r%0!S2FxiS*`8_&oh4Z(q;OuZv)~Km04k4G08lGEkR?_;62eKy8K*zmvK^|p zUvWF80zOdAXy9=`xXCuTRK^b^SHB(sZGQ!(6SH7YhY1$oz00F7NQRKyzNqmcZV`t5 z&x?B(Bp82{AntjPbC3P%v*i;j#|g-JpgDSJ7HFOEnOBoTq{us4e@KF|^LnZB_@31P z{v69S%e@o0VmL!S3jAf><2T50*?U>A{Y{XC#KLe6vTX%Ai`gGmIYjS6Kl8&xItZAn z9XfAI+^!J)qfh7DyR=ABAeU9PBt+lCBeyBqDD_Np`G8!-Tq;;6e#rszT4;x3AoY93 zy9HT!5{BBVJH)|G(`i-)Mk-a@WOoI#{G)_$9)8_Qii@yhQXw0hBr8!hyB2Z>q<1K& zblkc6XJrPD?{j1zN1$L-9R}lh(nVUKamo%1*W?xx$aGs2SmU=_`R&QfTw4 z>%sc1X$ofN%-wTxePEcW=&TGWcfB4r#plQcqYCMZ#|jB09J8@2=8OUwl(aPi1-7Zz z?ysG@gqc^#jio4AWd!1m*!h6$FyaiaU?ViM+}7uR1@7S|RFs+&h0F!@IHh zVB;2+Q6eCA*nw~_S4g4N1?sPSf6qteXs`HDlSk~7Y1TqkJiwF z2lZO9-_C#JLit@m(nP~gJ+g6ckMVR-vIlYE6(xLzGh!ZCf+&C|g@#g|$bDw_DyQMg zAbgRAPd+ueEX)9mFLT`*QeBdyLsWhF_IUq;!isW$F+FoVE6Cq?_Os`b^gdccxpBg8 z*Qi0U3*TPf@8ANdAruL0)$MwzF8wGQXH@YskWmUdLQ_mT>mwoF`J`tJscJu>lrG0n zZ^qPu-f3N+n{TtAd~fp$JYH>(;^|sN&p8i=ex=_72o!#>XvtkA=HmgcpjUkV8r}CR z)Q3gb5whAXB94lA4>@Jv+-$l|Zz|!yk-JuX3X#u(?b#H{9HR6;NUG;Q#Hfz6O=I1g zSi-5U$An9Ma!Jb;(bKq|Yk?OOYfj-U%@ckf2tA#@bp%)Oiu{+Q=UC@mNgYoJVK1ug zwJ5DG>3LQ2Xo~YHNlXLI@t$CrFP4?SZ+czP+o2F>#2Rvv+wVW=fatWaB)WyKo=YpD ziAw-sLvZC8E-Jl7}>@uZP34xq54Zs}x%5NGGK8wI# zBAenn-l=%Yf^|3|=zBY178la&4owRH|e(cx%espv0r5OyI5Qbuj{y zL}-@At($?OR9+wgqH z)EWrI4ZrrJOm~TCLaNH}0cW}p^%@FZv2R)tD!0Yc-FE#@7C0SoZBE{*!vbs3qsF4r z>OdmzKM-a9VK)`NQipit9IaVwd@VzMwh}C>A!w($r7AygQueKgbyjSzdu5|ixrAWy zpg6XfIdt@a!T%J2J_~~~uLV`k1OhUSz4J%;S=o@|T~XAg96rX&>7?TC2Td^e^bFvz zjDTI122DZtiiS!oh@{~K|KEdgfo`p)W^5_rcGw;nd_!cDsP^MtZy386jHuzrSXTfr z$gkrW{c_?F+ca3l%97I?&1~iWh_V%ELKAmon51e~#sa2jLZ%eQ6A|O0?J#<~-KNRW zOUwd39Xs9h^B`IC@AlE@O$+Cmeh%LbFIkoa#AJ1Xk>RJRruR_KZ zP|ol96Az0oomVt=8rLkcHDP+yXJ4;JS{Hop40JFYc-mn7zEp^s3W?KlD#b9H8?(ZE zy~I6}8^wkDPs*g~%J3i;PZYnKi)=Y_9d*h!pTFhlP=)nj)=%(fMkIFtdLuKJ0d|C;f>J9^j#6(VTDkS>_|fP?)pw^b$R>`#IppJr3o^!&DWd7?BA0dH1*1fWgJ)ijVn2|-pXN^XvoW>5I0A` z1{}ZyM}smKqtYn%hw~7{cvn%gDk;S;aa8<)^!KRlx61H|Aq_tlg|B!5flyrwP|kC| zBegMR?ua8j?R_DFqPo<3y4}HAylg7CdX)@Oj$mSx=-hO{BcDIk)CU(=m|bAE-ZKg)X>e$Lz%<9W z`0{*e8u|<60kzEoJ7jx9wzw^FJ8KdX*X^63w%XoLy|eKbyBjFpN^r0~ib>}Y6u@}z zy%;aS|))U`W zGrld4ryOc(ljxg7xnHUxeh0gSSBfsx`|c>q1Qto)x->|3P&Ko2+CMbDDydeGz3Y)1 zJH0o#*-BhS4SDaP=J8Guz2M?MnjHb*!u_tq3S^`qE*i0u_#6E8IvXaz-%>F*QFcdd z1)QsGLMKjF+>2-e)3-{_zz^!;rBQKN>TQLSg>~zp?mMAcE4J_DK3vI#69x8q8PT&k znwoU$mLg$eQg^d%(x^z1T1oS;t%4i;r?a5tZ}70s&c9FSn5;()nWyMH4Y*EXx!7MV zyV_JA-~|6v+Ix2Wd4CE{^`ZX|WU26;wuDqENXPEy+R2g~b#sC;X?xQ#;WB7}Ea;?( z8KU*5`>!pgTp*b>zXEkNY;GH@7L*8@0VT0?g+)%t%Dja#+5)Ps5P|b)O98)>JfFFm zc>98ANalTBcK^2Plp~L|)UI6Wz9y{9G&Z1=i#muId$gg#W2JM^jeAJ*a9^=&-&+pR z+3K=gCly^g`D7U`;9OS^wgG-ls~4C8okUj@;O=7yVxH~wYK)8^?l;@Uidh}&bs4tP z4~$CpnlM7Q%$P>l9e0l9p{@#%5+`Cl(f2~g<3)x+gRMaLzErNsmX zQVQP{zADZsbsku`Z@3>3%r@y_tXp7hCGOTKg!Qub7Ap0lv6>Uj&2~L9-RYi; z{p!GD>p&VG`iK23365lR*=JT<(J616s&%_xZy43JGG@0PFi|KWyMKpMgo`4dHO$2Z z`!N%m%_X@I3FiTF*i2-K5ZIm#LP#Pc&)xA3e{FB%%80xfY`EXB758nmttazTM;q41XHlMZraJp$bkl73*sN3T4fyk~L zRdmIl{wBqD+8Uxli_vYTBHuxMm!^tYA#UwiO}Bw9< z!64WIgRur$Yeh_ik+MLW^h6`(yA&W99DfUIK3lb_Wl@gynl?uvIo3q&1LmQ~?NrZa zv4z=TNU2nfkL;6#nEQt8)&${-$LP`=RqI(~323~~7(!v@y0EY}MpKVtHk$oxLk#e8 z`gsrC4Qwbw;4!d+c}ah-8Vb2pjKBRL%=DCktuv&wG+;py6>JnBs* z-4q_5bm~T}QgnMDv`Ux+gA)-AWi-Hl|D{APGT7#LMbeAzy;xlFR?jn$z+XI5<$rr) z(u?^^?R)O}>P??|QvGDRLi1i8DMzZDlhJ7`-JB`|Ds~e%sl{G5=Q@-w-9zgyiQah+! zzt1VA7loe}c=V7X!$Rvdk~aLhn@WHh3ql{3VGV!sJIj+lBjR|O^JqPBE2ZO`U8_T< zH+&^6WW1OblO!~+Pjnl|o|7an0T*$O{>rD{Loa*40!#CWRCN}^bw>THQ??5u-#G}; z3e1~H29zI*QKUl&$*E7LoT~A z4AVk04D%NXTdVgiH>si{K_$D?iU!;``6_KXpjop-`{ZU;R&l;caA-Well|+7J$+n? zCCn@}-3MYrrH)+gKO7N_7aebaK+nspxFq^ylFg45GEcX-k7tYXdTE)LjVAZfr%#^9 z)rCy}N6A>2uA@ntOb&M_83MGfbSI0h11EOpVTD)!$D#NW6Stig zd_We_upwK^(`bELHkyWj>7wSBk<6w0gZ3BkE?Y$AHMEPTPsrl`U|^kIbyimF25nJ= zuHwsYy~YlW*!0Ae$l*mF;TJp|jpP=pX?qgE3|(}Z5j0FzfEoK$si04%?ppE@-Sn{l z!RHl9dqMM}z9Ma2xFS@*kC+_Z<3aZDrpzl!LXwjaDz&X}>$cGI1(JIo_!^1iPbZ~v zr;f8mXUQ?0Q&A@J2yRNwj$x@%Y7HE6qPfiL4b!TsMr!gx^mphQkWf#Q`J#Tc3=(xV~$Nf>ghW4rjYp% zLpPIA=%(|n%Zu!RU{AfgNpiRwNHsq+Tgv zmjz|ohad6;NwD#UvSeYz$raT9^6CbI2=bh4AY1khF_fi*!qKt&r_dMDD!d0^()&s! zQR-Dg7>sSl$8K%_y8j+i5H!!e3rc#LM$4i3LJ>8+R2FCssQF|BUbpXDx_+DQunE-^ zO3{N|Ch#j6mKN@Jj0hBn-aF~(Jd@6cKsEi0aLRky$Y;uzj&pgg^n^DKJSDUD)3G!M zhrh%+YF%v%g*4`*nqKm90h9fa$ca3g+P=$F|^K28?0yHHmehzCYU7pUJmsrZfYw9^LOwh>*95CbQ2 zE4|xQ%@3}dw#ai~C+j3mxl7oz$}}fCW?OM?uxXiluAG?b*mp2Aivf+$E2}5YpB1uYbENI%T0e4 zSL(j-^Nq^_J~|#kw}koNyp^yZeJ9qw7ZKHqcd|_C3O(jWyHB%m{ZK}ee_lZ1pYwna z(Q5hVul8x*=>H7@bPDZ0MdA?CK`*38*t~;wRc>y`V<)Hb(5no;KlVG@F2D(ga<~)i zQt|hF+fl-e8}iDEZb~>PO+U3>;NP}a0;T5YS`LaN;351a^eR=(jC$Hj*zUd7U~y6> zGB)x1RxP02bV;B>vBB7FVr5?JyGd8}SgMOL!cKcwP49dr+!-9^LRRBmu7yQ04?$_= zS0SDd;vJR=b|+8sdKA#xY69@EjtW<5bvw^^RE};+^m<1tZJcwOuq_SrH`vr@|5Vk6 z5HDQZnSCQhbm5KMN$8eRJ> zG9eAh)r|k30Wc zZRi+1B`YB^v3bEtOD`l?q$o~}=i0pn**eYQW^zu9_^y@OOl$G>loqFrfS``zSVv4V zP=;OV1aNeDExG_#{&CgR*^LO-l1C0QL~@zEB#_5dAE3L@u1p`AE7vawO5yZ{Hu9T~ zH8rVa|6qYnAY64s1w6$kJn?Nidkhp=YKuGby?S0?&yZ1fp3WPevb_>j`icvh4=E4$ zRhPz>KA7=9^@sSQt2TmX&E(`S(Az5@7hSeI`ZqUmt5r~*iT!mvt|+i5FOwfq79~`d zcmr?x7L=)suR&Lb4Sj7Ob!PmqAHqSAtDK0(9WH|lbz9nvcJtB>mYDli-uBwy0$-8K z2hZNOFSho=RFzz3T?R_Gve!9{{}S8JqO^;%2GSpY2t^N9EV|OCs|9>VwWHF6^57C? zH6C39?ex;daNlC0og50T*vdR?%UDRFW!N{$t$bocrkNWAW&<6ulJz>M{)!Ie>McC| zIvu7SEnV`viUokD0bEp1l9*xnwh`lUwIa2< zE*^B}Bdm;)e7BDoNyzj_Tv+tXXQX+GPr0uAN{wj6cvEH4`020NkILOukWLsw-o@Wa zP@rfWl}9=n#@CA{UL(@~ipznA(j}=Jy5jW^UnZ9z$sdlVT%imtI~$^5K4s zRMQR9KUaU#!n^k#mVlGDS4V*J`}+v;ePAzY!6!d8stB+|By*$sz#?T=D>RbmHwg2q z^l=va;9l9_g5U`hFMib5?)2BjKOb+I;yQgMe~<+J7Ql5l2E~qwT@{$s^igHc=8J08LH$2nr4Yjp99(*Ppib@XIN^3sXR!0~D&PC+{F&Y5G6 zpG;m8-ite1g7Q&EvNJAIjc47_B5?YTO6rS7-isQ zL$6}L>>|3p%OUqzo5ap36GQs+ahuKgmINPn@mkUc&(!%Mev1}5>G{`yj#UgUKB@^K zK^8`yY6EVCoR%6VLC^i!I@gGxE6;^Qfu!Fok>{w89|*zzheefaFg*;Fp{(l-4%+5z zBM1=wbboBjllyL+d`l=I(@uQSjV-x>(;a%5KowmTt+}1u1+=d3dz7;g!8vL?+8q)` z;kb|~TLpHBdZ{(5?R+%!D>wl)yf&6LJP4$~4qHy_oNI=|+1H}mWXA)bmGW`D^3!j2 zX5r<3*L3_7@0%x27*v(=iCK(jT9cI@7B!YFhT^a$Sj}G18ZRWYv*r==vQmW}x=!84 zSgp0XNDxC5De9+4- z5|g*x;_ORNhqqN(GcYo>fxf!*$Wi7z<@R%6vnn3HJ%~{8V!K1p5ZNu%;YVqCyF+&3 z7pv-RzMfP|uIB4{DsPRHfob11#nR7ma*Np3>!8fsdSaJ={WGBjbzDl%2dajcyv3AA z00^??rJvO=3{{!WDr<`?fq^6LXPcb5xEC1Zblz_psq1pfRT`=oA8#niQm;buSIDLj zD4=WpemSZL>f6Z+B9q)QTrHgLP?c1DJ^#+0p>#pZgA~qa9s{XyMzyAb>Y3L4eXA!H z!#(W4PhrqFvJmbGO?QE`L2wKqw*;5oIgG{$VB1qTiClQa)XR#;|7E{HU<`H$x?Dx_pK-fG3gS0@(-l;*C;|YqBlpXgq98piC$s9aYv-+r}=Jf z*F^2L?j?T+^dv+OLES11Pati&BAm7FJL?xk(Pw6KUbqa0ULQzcnYZt}K!~yo37t~H zkIpu7yKJ?Hx5bQ$9Aq)dA4wx-x@ot@{%{+D2p|IQqFe9gvDp=rpfB+C+;gRgi%2Y* z3>Y8H^kbR1!Ej)7&Y@ofubH(Bd{BR`>PbIq!m|~oIZ)~bAaql4C2a#~@_arzv8sm{R=!(B13J@B?@jL~D=xft&H0N1X zmt1R?$T4yU!+1;>GPo+ov9AzjllM9*ANHG!lxN}^ImdJHD*qk;Jl0zhox6f-{0PSFiJ zrezIqRLmWtoh6KkvLPhoWF=4?Z-#bxHhhb3BSr;794{z(xz8wa_dSj`>_kdLbxH!Y z&VOwi=(;QkY@}-BH7Snmst%=9yK}G*pG@eK3PmoNr=Dj$Lu@tU2WVJ>l zqOVle%zM2FtG4A5nO<+w>-fDvhzGE2QLbWzWB4B;qzPdu^SS;0lBbz;4QsUnvOq&? zX{(xge*NnIo)H>EsEP24LF*V~0Y8hhDQ~NwV7y|MH^1Ee^ied#rh~z)Klk{F+cn!U*H7usH+Lggo0PgFoB1x zS(WC3vUcF9hrdtT!5p3bqFwP~ZD~*NikPoq@Egy#pJnAM_Dcj$D@r9OBRQ+)V3b^f0@P%sA&_tkw0eZLsgq$B%VvR*W_##1dn6c$I#MlgfD%$OJUCvc#F%K+(;Ux0a!w^ zY^{0gt%W3@)nN{)3pH%IK#*h}H0H5VjMqbgCW-#lmzKL!RA*`VJy*8G*?||Y=JKs$ z;VwZ3W=!i`12S6f6@yFk*`bxp%z^_cZH3j}m-lQNDK{p9_+-0qaCf8Jb+OAy&Pw;K z@b7FSeg16#aN4;-Zu*oAtzu9;AQK7X+Kzfj6Emeq}WzV!v0t|h)Tk1wZ!C*mOre@l>a1esPW4mR0HKRD3mJ(ihu)e+f|;p%%u zda9gwD8YvC4bQnA&DJ&uY#)J8%+7p^7((APu6;Uxm>?z3ZQir&m3@mb_e<~Lw%=i zRoMCnQ*Bo?rMr6Bw;qf>YLpLjd@uZEYb^}j^%t%Rg>53$hGQc8$uF9$HTvmxdl30W zu$yGZIIop^f%Tym^1FvN2B(BG+gvE#kDoox62iPBz^}?Y%+;s`f~Q>JKsWs|U+lcX znfebu;FGN_pzl=VhPIa}X1^J>O$J;KMqud&&Z$^rvl^L^Vw@#`e8E8;0l`JzPfRVB z{NQ&`iY}F+Ytp;Tr1__`twbi@<0N9-mHEu)HrSv#c3K@rEx5aZ#93eq%3>K^oG}nO zDG|RBxp7fTHf;x7Mdl%N2j^weEvJut)sb6s;_;e1fHMt4G0ar-NQ$B!o#S%f)iLcMHc{PfiRYMAFFgBRAC|4h4 zdmN&QfL6j%4SiF=fc2qu!*ZZs5$e_AO|He7L~CdzsV%bqU#IP7HBH!0XgI$ONpVu zQORYJ5X91MR>VMAkr-{l`g|F?qs0QPu`)}bkjAoop$I#3*Fz1`o*{YplkXSZbrmww zhYVISB_5F66?VLAV$N3ojGNs)l6_9pa?Vu$Y_ucb4EOGGoX?_){3fh@ZFjJuURp+o z>Vx2<#|+wjRY|uR0^3Iy#PNX^Fl<>i6((?Sr)EN_N+uHDDvFhsgFnLE?iCd2dvnmh z$-j#cr$)K=O6z~rJ^KK%1Cj_jUA`#b%SzYg9TRWG$eG(9T-k=oeEb0H=m>)=Tfw!e z+nKU4k4VkN$&hVU|B)ET1#a^;WFf#L*PZ@43ssV+M)n;);Z^3ZQI7wZFJj9BIlbfu$#y_Zv5qtN?7Q({ zl4?uCAP>zuHK*iprO-NHd=Fa7{rzRnwfjxLTox!?Oh}spd%JR4^@spX{SKU`%F-ln zw6!?k2Om3Sbg1)DjetjB(N1(Olq-vxwlj)1xDCEEj1wV10~Az0>Ot_aPat0eGz=`E zlmt`EIYjASn*SGMIf{88k(b(3i0~6kv6ip9iaRVO>6pL=t=dmkH<=Qp1yRgMKG37> z6UV41Eqa|YKWa&WVK57fReRouQL%61SV!ohy>MdWgm`+;SvdygSOcZ zyo>_!kVI;2xid9P#~y_g;2q0(@J^Bq5q}Qm|G*m*`K|=Zn^h}qWFHgrIS==@HvJjla?ezsj$i;6b_-(Gz>ttB z=sEcsUBxRB6t%oe@Gnw524UNV>XW&dF?TP=`QM}~{=rD4#(}iY)^h$D#xknHaUB&c zB00`40pZrAHJ48CYjsqe4Ayf*yS-X#2Pq(>3G7Xzo!etZk zFc7g>k84-@VslxY|7|qc-mLVVEzDVbRKY&=mf1Je=;kKMW!*wL$w!s(_9p|*g93{> z-Tq<8mIY|NcPDDVtO6mu;oyCoL%fEd-3ONawZI*HN#0xHkFMLWn|utt@p_r zWph=hM$des{D{1fRs28O@vczBvcaB(DbPwFV&yo%(Z*NyRLmg<Q4MBPGBl|WDg7U|zA?J8rt9{^wrwXJ z+eXKB(y?vZ>Dab9HaoU$8y#CW{k*u}H}0)JRcD_u&fc}EcCA{q=9~vc3g5ob>Rza@ zx&eszf2u>Afng}92g}{3CW5%@6DSyqkeK2lSFP3*^@h^ci2(cH;$16!Ubj%ihL7c* z28Id8&VK;>ILda^89v{@^3wPevoR0<1kx0H=SLwTPBRhO%9kt+7P1f~TAMHT5lwU! zL!|?!5~M<+`H1ed@f$-U7VQcgCKtL@3^hu6$0=VkBZicM3`Gv}A6!@r8qvIzbUOef za<-K1)pysPb_$Db{~$C%!{@GuD4jFl>T$(055Y5qheeoz{^$JfudD6EiBq|`F;;XY z&xAYl992k%?8$aTNPbphXcyo*K?U5DASFVnKYDaa>@I*I_#4r!rWTaC#u|#cZsOD3 zlyVUkV(eiP(2lstRUxDS957p_Mq<0U+ilMa@fj@m0l^lk^#gqHVS|&NM+AIj26xjB zG0+F5IXcUBx$UNbVM1$#$sLF!l?P+aM2&_#w~}g`!p0}@{aho%6&MNg)1oL8_E-q+ z%1r+=xT--~DB%yywSpGx^~AR0pSEQQzPXzHg$|Q0JJj3*|B8QSfRv&TrAvA87y_x& zSD3Yfpr1!%h7o-It7?o-+Yc7`^7;27gqHj+IF(6u=nc->BlGHlfl5?6MP(47Lqhd4 z4tjPB{kO+(S}4bI%q658zxvqW$dVSxVuuxsW?`BTo)J`#yf@T$S#bOrQJk5ypXu0} zDEq%@mMHPfs898SX$c{F6l*9AG%`uG+lpGlApbvI$kzeHJJ6D;B2!47>(4t&r8u#E zH`v{bT;md^&dNfA_@K$l6&%G%C9e$zpBHsRDSB;(wDCt+2eQd&emL6hB~#is#Hd4& zCb*Cu%MU$VrQAq7Rm5FF0!wIm-oP^4Bl$M-DVc+Y~21H3{Vg8O0m;H&ELOOx&x0FYxoupi;OH zckq8scK*J*sysm(mD!Dtm8=#ImAV0JcTz{A)lWPk*$uadJni=FF>*hweX)jvpjnO) z-x{!V!9?(sk*OVBGN3+lfF2{6QAXRcj(Rt}1#-IUZIR(XH5Br+AR11Q2G- z8Sx;v@7NydBaJ*NzCLJt@}HNs^qm_N=xu59H0ReEemTg&E6Te1i+k<=GB7yx9ec0XsY4L@oWW6;!_ z7N5LxK^G&m&3e>s3_kD49u97_8Jmd$sb9u9tHHRDCj|ElzyFrNOKa>cI^2wZ)^C?-Ja+x-ok#I8%x`E;1EiI)dm_Vu2u&+9NlJCq0p{EG;q zGB>|*gapZ!&>>DZU<5(d53vBnrlDJ|vJN`5qFQZD1v-Ug(-K~CbUP1EjVIf?s8H(e zh$+VuBkSB@PMg&xEhGIwGqcV*OqrLU;kJ-QMDV?Q?#@R@9f|!^TT*}1l6DCB{IABq zwAYl>e`HMlV#dliNRki=>}w)DN9Aw*-&JoXS;6mm0%wGxaM75_V+ZV2|JZ9ru@kRN zTZxCoU;Hp(glP&b8^Z`}G++B}<1@nHNkfNilEO;G1w82k(4DF8xS@FS+6;5vNK!3I zlWmB0YxgqG2ARvO@W3_em!_(r7{VmZpjf%SLu5NM5}nd$A7AO^`Iwru`BrOZ1EL@r zglSGyim*UI&L!jdle)OcK>0F#jIqBxL;Md3(U$z8^-z%Wze8Yn;`J@gnlILFrAch( zK~Ua8TpX5d*q?(#d{2EH={Lz%2*jHOJ1-suqS9yhsrnox@9OiaO8FH1Lhfj}ZM)3T zvZ+g0d4l!!vnZS|f9VEvxN>lh_}vn6b-wmV6f`%*ScSXY{zh*tRg=6g9b?XT`S)P~ z-zV|gL{J@PL)Lofyaq{YK6{nyEeZZ_-=_;5I)BB?-tQkW-7LE9bcX`)}NhCVqkIqrotXC zxbDao$|cbco9uC-44f~)^QY(&5<%ZE=F$a}V31W2h=|Cy2i$Fg-7U~T-6XVl0~A!` zevm_JWRY8j`OrYKZvzLgsB5Wr);p)sOaFtm0F_M)W$h&a5ZmJ>dHH?k^&4!+mpY|D zz+Vxu-UF8lePj(*irR(W#M&n#XNu zd19Le)e|<3ujGY$`l9~k?Mvq>k4B-_qUU{512-iAqDAn*vffq2B2yjLyvb#)Ab7X? z8x}l7amz{e35h=vi`A0SlviKkoARHSR`o_}L2I9pEsafRuD0rR2(W>B*XjHB)<^38 ziT1iLj;_nHFUy!`s7<1S`lX?>!a(yOor0j2vB<_~5UzkHJ8XRQv7F$iEJ?kPH7&Br z1o{lpyu2ITw`{}j$2jX44tbG^vq{bN;5Pg~g^8)qy9o#E=LPKvLMEYmdjv?oM|MVx zdCM&RITa5eBiEL9ES zW#)#yE|DiQTWBpHxVBPwi!Q=EBt4iZiX4a%(3%L!AH?gDOK%wlM=V9Kr|8O0w8wKr*C*>24#`6M ze4xBn?=)00(TlHI+ods$me{%Tg~u==$m~zAT`lwlvlkObUnlfmkTW6XEjUA=&c`@PXgH{6xo4L)CxA>Ui}0m*`e_*N9~bdgwu%soDzYnJUT*%7>Uh=-icq z$lBuHCuVlzrrwNLjkk9fKy+);0die}RIAoC&aiM3$T~azHN(QP^le_o5?n3Xff|l2_td@v zvG{qfXu2NUoR^J0yEy&XaGs$@U~PzMhOCz6{$kOus6Y z8Q&d!<^Vg*=0jsCe9<67)4l2wDJl9eGZUo+epmXia_w14PMfbdv^d^FQ ztH-u*Vzz-yg`H?2)@No{Us(r{zM51Bej0w_t;;5)EQ!O_m~%9N@##8U;xYx$=B28A zZ8^~)$jdJ(v^bN~4va_kbxyal&rLid^VfeW}m*1hc zV)N|DpuI>e(Tt?P($bYmxCvf{8)9l*{lS<(T6G$T1JgM0v8^{0o%gN;b{hr9_f$M7AX$JX@6&DKJtZ*cKLM&336e~Sbt7=g<2A<07nk*Czugy-MhUO{5!S^ zp0SFoL+F~^$6Fm8=i=?&TYBM32BLxq8b&OS8S=89%=999ACv?UgiBSEhh{rj5_vQ* ze_FawHK>dglK_@Hy6QlvfMB)5*5PxrnP+su9i}v;dcaK`;)VvsJoq68N49PN@-L@n zY_M`Q=>LkqA(AsUnT4h7?O#C!Mj3P?wcw-Mp^@#P}GEN)3I0trkeGY?;nDb(3u2*#}KQhqcIg3$W}?UAklvBEewhx=laj9d{4OBpZQs$5I)5(@vN z$Pxj`>QRYuSJ&!cMC5~C9fNVDN-~ENkVFwl-rfhA+?g+BUW%w~Aj6*r+zn03mEHI+ z4acc^2l6-m>B(MALSkHfZ4jB+V>nmrMO+-&!)QK`qo_MSYV!AITI#>Rn*|p5Pw6&a z)YmV*&|k0(FdN?K)j(oT&3AUhnd6uh;xMa^^&!s)m%ji?Tmr%4{wXIaz0W1`=Dj6`uM_AeAWVJC!6Ssy3BrMV62!88F}43I6e5q{Urc~g%;b3#vDvakZ{wA}Rd z-N>7L=$j!T{(*pHj;914E(ry-U}Df$447l&(q<0!zXU1jFXMZd8U>;P1DWsET z-VOD?u&Qmlwym&29{R3y z%v~8|Xt+zt(IM+T2YJq0PpvPHKgr=~@F-nCepS(8y;1G}<{13WBItBL8)rjHDGeb$ zMa+ijn`)8Wt(5eEZc%-m#0J<^h@Yl~(K{-FJTlaqx_dX(*W%|S1J47pGjzuz4|mz? zQ!X6ywPGo5mFvpw8vUEbs(NZxo#^rx0p4eed-)CF)A}Ot#B2c#^e~&XeH`l-*HrD1 zuKFOn$kZ_GcU`Z(Z}qun7nquz=U_-feE0Uh^mDDIW68e_=KdZG{eOi1SXbeVGh-MH#f&M*;=!Q z;a!(%xq=A4x5tQ!tUjdoY;azGQn`2)Ffj>EN~$;qG!+5fz0aL1e&7; z!X(Gm+y;cYNZyP<`-H9l?vgTUZ0p5RUq!JU#_BjjDGTEJPhTcZLlbWhh<%3Ojc0`j z!nIv&O|Pt%Z>p*%q|kW{l%M=?Nqw4~$@6ON#!IT- z1A(O&4X0ZOuIEAFcqE2j??Po*eLhP$RS|g^>^Nx&5B2LYrtF;*6 zO_1d`zBoLQp2gz%9SEJ?xo6pK(&k3|9c939)`+;WqOmg}8&T_{J`t6lj&kTmk}mDR z-vjxB|KvFvdL>q)ISma^a_CbLvs2OO#TtC%!4IZJ&?GBI=*MnFM-EhRUWX$m&CvRc z>QUWOpsk+L%O^`fPRUFPDPwR4*5^4|4ijbuY0 zr0lbG8U%WnV@{ZlRN**FH*<~_owQXrJ~s2lf9FLK)+#s}wSB{_@fMEn z<=I!waVdh|l>)EnbHE|*O-T52`8)xiuL-%?`UHZ6ezR5KHCvpIFZ*Z94Y!0&5G1J6 zH_vyH3P(XM|L#AEo#kL(AoDQ~oq~#`hOcp2qwMEIW(KRl?W)#0jF@lmK?aJIRYRqy zS>i=6{l<{Ef+Dn{QHh?-t}l>enQ*+960J8LXH_>)!*Rj2-~BLzzw5W18x3QD1IOj zM?)#fpQR3xrRo2;x8f#`oRc0)CWbU?icAmym@j;GTOv3F4(78S3h<2IrW!>;zRErg zvEpY+7E+~K#AO)=X?cd7;mu0pud@J|_*QNUrX=lVpWg=w@8Sg?8aRy{C@2E(Wqe@Y zz42_6*QD}h_g7B6>n#2I3aH#a?T*dM$X5bjP_ZK!cqHz0)IYD!^Lp`h4mL1Ma~%-0 z7IYEod%j7P1+iVq-|O=7;g(B5zQxgk)N^r>eF+rYJM`huv51-_L**T!?`&@Sg^4tp zYpzw3+L^7-?d(>*piUC@NV|2MN9@SMQOxfj{R=L8|6P4G60+oD>iA$`A&l)~NYel* z+`ckq>bA-AX_a(`1JD2WpUK~d39@xknXi`tE{Wx)8b2tO`R@1;of)iw1lk>4Ia-m( z-N&qPodaLKix&NqFkUr`+6N6KRFR&B_Np>0glLHRv#&kEg?=H*Z0DJ#mBqim)s(1dqz&aeKkn7bUAQR)< zWFY*HLr-j~QghAYHV87x#DO{IYf-!AY2>Zrr#ZsetQ(0T!2_ULZuh})y&A1u6$KF8 z)UlK;$`&;n{BS4KJX#8ctYTuz(Bv-zpOpB04 zfG3OXZDE+08DjXVcbj)}uXzX={MA2wNJr4{h1EY7Cz_bWzK8EsUjN`+T zs{!H`NwjjwEr^hc5xdLQYG{ms4gGF26)ci?wVaK7kX=OUd+T$qC3+AED^^uO;g+;tlHmt+efE8+z-k@C|m zCJvk;+xVc>12$~N2WaJqX_Zwgevl;rAr@Hufr0?O6g7p=oVv_EB7_bP_$y9*#unhY z>sBUJ)pSnPfPl>Cx@}bU=<|Ml3naTb z=^0vf{>o#c<(RywHDW}wXuqR7Tlt3C`5b`cWv2DmqyrD*rUMy3WVm*G15WeM9}hyJxgRjX!w(s?mwv z|C?f4p!iDo=$-h1MsdEnpv*8^Dx|-mR;oOc<1jwUEy&U%k)j66sRt~zmZML6S2_(W z-TnExoE1G&)@`m=Ln7=VkLRn@7ba_v#|-@){&eu6t>)W{A)x`BE&fsa8I+8YUyCa- zj|VZaLAoTAYWuTh64I_F)t5GQAd;-Yu*2XdDCd{wrRp3JPRH3!>$WiEJV#sqGO-0* z!CWo@IuUH9xXRCqIW!?K$7ExrF!iSZ6WLGbm3*_?Po&Tk=xZ$i^y?scq2B2m%a9k(oph?#M#IsFovo8z^9!nfipOe zPswjJuRnAJ??$Ed7BIohxnYv211_6xQuzJ;$@q8Wi(3|M1@~tkTvZsG5*x?5I)>EW6JtC@#{grd*kiU{%(lYxte5Ko*u%OVFV7iKz%26WJH>Z6m z-}A1cJyX3nqCevARN$1jsO7Y2H^?Xo8QD&MnJu;lU!?w9hdWnnrInP*#Uhm$?PqDH zMb?m%$7nnQPmvDBt;dvTO*f`-B8FT)=^WK~Z-Q}f@$!7xcTh%UGjlBCjS2*vzmQ{r z!{9Z~4p?7Pi##k`p4C!+k3Sd@RpFV7qOn>pVGV62-B|w-@%YNEhh~C-46Lg_o-U!? zpgSJ6)JHQr-O=rS^yH1J%JW98mQB(lu-B0F3)h17!Uu5x;9YHkGCY{O&7hl_H|hna zIgN}L>8#}cL`oE#DdrOgbngVV{tC0U6e?E@C>Vd$Q6%ecCn%Y)Ub&gKKNzrW`$91HSaAhi6%e(!w6FhT4Pd2aQ|Nkl@tY)D}S5b6A9RWnLnj`mH7Ri%BmhRI>4=#9Y&eA|Kpj0eRIau6PbDr; z_GZHB4iXfALE`i&=q4E1LLIys)|XzH(;?hc z`#y;dG$ru&X#tf20HAPvm*cM{P@Y9>bh$lnwYYkk#FMQEQOT^W+uOQAA^T1}5Aes4 zJ{av5DEUu}Mi6~yf6YD@O3|q`w$VZY`N8jb!z0X;IcCZio{Q|~WIt#)Kz!7RG^<%T zu^ZyQihm3~!?IuKXX-;3BXMn6f75k_svD3YH}(Z`+2~uxEX4}*8hz835>%RjG2LBd zS5tN9K#0+c)z&oj&C|~PERKmJ^!u6uWbhqph-`>73#x| z^&|JeNrA&L87nxv>@Z(4!UB7|rezN~R?5Bd04vHub^>?HE;lmB?+G>^H22*}!y0(B zI~HxK&pI$i9wyWX1EcA$+MK?8+^gelie}Y0pcjrg~syZ~JhmXdY zuMt?90JQqvj7UZg*yZUFZ8gPY&OECw8U|qg?G|t&0Ey>~@an5sR=U9FYds~Md`u0K zGI_K!xpfITpl5H!tV0fJr{e*97gXQbNihci(yMvU6DDtWSH>D;--E_ptExUc1_zhN z_HZ%BmqUL-5zU0R>Ko;K#N(~I^9W~7odid-kM`XM#BR&w?#lKdH0R%$2(|p^o8kvT z#VrS*kNdhepbo1DywRMb5}}siCjd91D2 zfDP6dU(iwUxSjT8q?HAKwf#xWuz z*l#0|JGJM~t6hO*A~@UqWmgb*nJ1H*Tbbl~5usV->TNG2z^06ZBY71F8hXeZ%dv1G z*sC=s++u&MX4u3?N+qw?CisiZ#zq9hTh^iCgmXHuBcC%EUm_!RV@xy!fg`J9L2Rl& zil5)n!Cp>Ox}1*uq4!QXgp8F;wDGAN$N)ZSWuLh^l-OhgxpriV9o1a9N(y;r+p24Pcj!?9V`+`1>BsrysOANT=_zFr@VAsRoFshUIF-( znGVUk1@NT!m)I-}aWH|NllX*+Mrh(Zq8csdbQ$S8nRD6|2urp1aV)nK6VzeQ!Ip~W zYO18$7%z&-Nm_o4P9&#BHgP7=3hi8*zU=J7k%U7ePbx5+!%R((tPa?@XgjwUYFR@N z8gc&OlA;t(R45u(X}L;ZW6(N=U-F)Y2NKM{c4DC6T#L6ka~!wCLi|SEsb4(?YB#Ct z{;D9FcYqmg7aWW^V)HP0*i8VoZ2COJ)Gs0N)c1%Ef(Nf-J6c^+j$cy zw@)1vO~Tr=k2DNLdXhIjdv29t8Tbf8pmg+IXoL8rvupxv4%Xd}ZjdwyLUF5c^{Ak} z-)imNblN})<-!t;OFkFUO8iKVHLws$A4lORs2&S&&Y4XI6W3kR-hM8RZ^gYAKPSfi z^<|8IN+jDc^gxY%B8UJ`wYbgf6Fgvuof~snh3Mtao54P)L@hdG4vJ76P~G8FJR0!-S|cnn4Y)LVX7{&*s&9W2nCSL&eUD|NU>$2RJRG$*v*?Abavz5u3$#X zIqKb5O@m?s+la^C_ozc{;wwRZz*hSXW=j6dcm2(Alle`{l=63qSKGBSd7icy;?|_v zmmGeHz3ASq$BVWpKXR0yC`ZWvlF+hdDf;joX~aoax|^B(-}vzZc``{@aJFoAfNu~K z_Sy0M9QS~wu4Dp5e$h;XRohHCKt0Uk_#X~aPz9E${LEsN9rV;Oxt{#tX3_nx?qer= z=F&jw$<$Q%^DYVP&}HC3E6wZAyD^t9GJ>(jkA%h~RFEk`krxSK-@+5Ut537!O4Oxc zlD?$ZwzGD3+T)xuB^dZPA3^VrXotbtU8V)30SpofuCZ=fUQ&tqlJFh|)$VGH5>d7( z1%g4)3sz1|GY_w|L2q~{iB;KtqS1%mAbhcF0uueagY^zzumEh>b5qowBV3BhhZ;K4SlJn>*d3U8Rce^Egg6 z-Z&@=;6P$0{KqJ)Y%U`3%Hs)fWrQGx=weq0b4Vx(IDum6?J1mRL#f3dz>?^p=*}6E zH!xRIL8JoPKmiq`%I^hK%4We2ov?JzP(K!sJ4GU0THw$NxIe#FhMr%%kS{#*IG%YM zc;0-AaH1iSyJw6XJF#2%0qqqJpK_DI$Y=>dh(Ae8Y-DnN{={8=2c`QsXgCu*P(iVL z*?Uo)-m(+p(6nrgJMK~%t*Hgk3nbJZIV=9Sd$Fzs7n9f`aS84bO9nx*RkV#-C67N1 z8rAH&63=cS)`W+2?0u#E**S4LidjWhHv&L5O-5qivu!Y8>NpQD(q!(Urd%byNa zMK@H|5^p6^Od!FH&o0UE?kVh%11@jE_Kb;ofO~BivMW3~>22fh)9+RL*FONj{#^HL zXg7o(iYEp00DzQriELLoEUdy+m-cpTGdDg5*73s9Pz>!G5^ykP!=bX!$koBR074lj zepo~-6x4%gz(;&g8YZh!wNI@lyZ56VjgwX-3$A5cZ>D}HQvl6Py|Brzpk2SA980WJ zK597=-lkjxQS>MzvTj_Hp+{A2N~%bA(E|ff$@FFOr?j+LBD+K~KI~_ePRDE4;ninO z`R&{(1kB+qd-dAy>1~1yOOn#%PBYML=lNe$iXtMdG8#^V!9jfV;#RJ??ife$?;%b! zzOkL~;m{dm#^MGJ zOn7K$EyD4w7jqyAu)h0m!<|Y`N^LLNO2OoXVO9c@9%v&2BhU$}*NXU7-HXFox&RSx zsk~me0Qa2EMFFPE&P%K9V|~Cg!zwuoC?{Oto*!6}r!>&}Oqqg%bj-zymjE82LaaZA zZ#d2~w{~YjuKzA=)J}$A82J3%woNPqF}J^{6bMdMA<$!!sWG-rY07pO;(qWBOME3S z_>-m#w)5?ZbgIzgb#mH1Tb@;iBw|D2*FU^8xMb^JN7;+Zg~_T0TGlc(jn8=@{!%sT zp*7ruLCJES>IUObpBMPYOiBSj!DjGW@wQcjN_DVm&xx7(PHg;lIgr}2$7hAwaT0%2 zo`qFKU*~}4$%n=4O=L!ZB%LBYOP%oHH4Oa>PgAcJW=NIN6L!9{)j6>X@wkF8&8i$Y z<`wDyld8mC#{f?GRBM#>^Biw#`q{tUI2yd+Go`2io|_RyoYW|j@3~4 zCWsfAk^3Y3?Fs(`NgwMR?UdEOBg4m3zH8T!5e;Fbu#Iw?#NDGVqVr;H3 zYwKxhdB7xo0`Iy*q^1wvYE~%w+3a+n-O|m;_4P6QBRe2~-_T7wHazhh5-zKq|)e40n`;v3BR6(Pjdp@0k0ROh*2TIlbQjEifMOf zn65+|dp|mBNA8QU5c8S-9&a@?2J=aTYqpaDG&YcWUt1hXf{G>g7(cajx4@h{UY3(z zu5VT4R{z7Lnl?&V?P~Utya*xdD5Hhnmz|(&ifzi@6iGGIE+CLof2TJK%08X~Pfh27 z*%C0U=ELZ+!a~wNj}I8SeQl$Vwqov6&z&6^tiRycVXfi;qBzy*aU#c6b$$}w@Xr`^N#jK>*_+U64Di9A z27!CdoEAWVF7A|T7~xit_GJgO3fX(#C*3@?A#WoMeS|T)Ic~{IlF7h)a#p_qmpYfI z>K6n6)7G0k0O^$3OLZTYo1baf;o)rk*gKH156-oEWOjBQ$hFE~^f+ccS%atT1uapM z{A958GeqdxHN3aU)sQ+>joo4gt)9Ai@Pt8_nq7gYIE zDelm`Saw@gT3mh+T#uVUBM`e*J( zTdCyAlg?{=V&XG2!nRhO3C9+b;@aEulZx&I7k^Wq2gL;X>oUa|DBFen5n}vo8`iymkFm8z8?T@C2u@VsQb%o zMI>k;+0)@;ns)V#K|JQ-gp>{J!-@Q*Lfw*B8S)D%WkIIqwdvJGq`lpW`~;7BqscyR zD=vQfIW>|B=$zPpl*{UBzbp9ZU+)YYA4fLO24c$;0)p%ADB#Eata(s0>mpo)fteC| zZNC2^xn+@O@$&3jOR=yaKP-SSQG}M;-62i_U?w3dEs^xj$3skc1n(OXgKVmoWnU@P ztjnXkmpwlW->Ip@L%dPeM;+bA^7=hIFcI9bm(l6}OmI?Yh_APgfK*q30|DNH5#0%-QJhxY$`p9cV`eFDBYC*(i^xKMh23w)FR zibVx^={UT07-eJ4gOuB(!PXiR(Ipzu7t)O+O_A)hm9F`R2&RK&ksp$Tq=PUHF(D^(RX?TsNoCwC_LHR+ zp!H6hM&aCUSfF3KIXYw>S0(hBd^R_?iy+gy;(hMR9D?jIStmRd?(&#;FNN0_fLCVv z)Yc-7hkLWcMP&kmYYY)QTN~JoNT>pw==rwZ-3d7_bV|xW4Yy@E&#anuTs>H$Ni1TM zkW0R4cR^_`8b(nS^NPw9j7=9VO@tS_zxyIH3mkp^u8Ff9+E->1B6m45**T&w9u0pb zHvQ9T_r^Pb0AMcl4A7p`SDn$svI5)4Z{ zlO}))iOpCqzY~a2YP`lzNdKk=$~A*gp<=}k0KiSV*R=Ku;M5Cosfjeb>O||BQqE|* zI3>_m99EgoA+&xsXMvUE7Z&hAkzO|36~oQtu}Bbj?bi}OBUKSI+k4$tOvRLL@OqB; z{hOXDMB@iIDvIYUCCm&`{k(B%#j?2M^onoPby+351ByrM%W|+9YKlrKOku%A|8RW#N zah?$hSyo)ZNx`A8g-Ys)g7P!-Ho| zmx>fuvc{%AJQI>A5)-=mmo#Y^c{LC5cP$A@KGM&ofnr^ZmKv!mb@s(TvW2A}h%f7^ zME`k-%CGXrCp$i#hD;A(7x;=M*yrm8MO;u%ARMFim(%s50C1G#GPEa0ESvap+*3sz zFcCANzQt0D7Sny&36_U%@qNr?s&}tl6m8ClA&USlvvWwYx0{FrcqB|!jZ;F)=<4{? z`ns@UApX2sM#ZXV0ZbmFmCiKElYJ%vubIo`lAL*rkl1#1wh@g*_Nz9poQ zdKb{_g>i`e6hcQ<*fLcm>v6wRVXmB=XgpL>*oz1K)@HwZGCWz@Fy-Ap`FT#ueFB9hU_sGVS0n{!C|NW|iAa49)TY+Xe7Kh%j>zVjM4 zM925LPcz-DJwDw5v>RlA*xJwqiKP+TLU2G;Db42=QIbQvk)Oq z87LRsW3lK9ccY6=(;a)}@|{d$JlGSaKgiuJvo*mkp38-NYw;D4yOO9+Pz7=7a<<=b z;CjmW=1vrVNqyB^O~^|(6Gdq|2=f3A3nT0aEn0YGv5p4_qY7sH>v^%c^!v3A3@~|Y zPkwC(gjk%Aat-918TASx&%U)bzc|=61KIKm=$v>xhqqPVr;IwB8=BjIESV zwk=f@eob2|$ENy43*1yoBGFMnJJ%{mXsLsk@h?ptT|tYpO5@S>^&lG!j3!~z;WenARqhW0Lh_n z;ZG$zgX(j*gqQR%maICy6+B4>S&(G`csAdb{P>Zp>j*b!IPaTXpyvT$^6Es4d1FRW zMUlg4_rq}nJ>PX^nXysv!8Rx^$r)HdThZFOSU2gDMj|5~D&;aTE>Q8N6MTFvo!hJF zYfb`4(UvN<}qG+syxfyAU!o%gjuYQYHgc?P2w5uBq^-Y`xO zzui^GV3yA6ODZt36uYtDJ&cpS^Md&^hWy+tYh3J$9jG- znHu?r;2+9Vajo|1f@==}MFA7Y4X*`sFO{{V!u5X4A&LV{KS4CbLZ>3+hZH?|BbN<* zm~}5#G}Rz578s=vGPL-{A2P#UfI20xCcs6Y#XxU#8n`$ZVJmJwc!m~feZC=(wU>u% zJQLRDr3X$qP!nf{%1*(gsI>BCot2FQE9Ja_3IXdMA!Tn}xk#<3XS&1PkpS^T#tMvV zetRseMGx}+4;NVU?fiMxl)Y0UPGsALQFv5IHaRNLqe%n>Lk0jvyvFf(f8z@U0E7U7 z)cZsL00f#JqIxRR_M(`f2FcWW{v}^@B-g{q_A0>Ehh#+;r-EPL!AwjoIyqh~KsZ$2 zQaOfW0-sxuqCZMA#6fV6s-Tx0tHuV}iVDT|L=|3C{M19MqIb?A|6uF+er|8aBD#Bg zvnRwWfsM>6jhz);e=$d$R;p`K&M+4&{rN&{tHgvW3BoKKBUjXN$UD2s2)Jp; zln84~?wZHqBp&b)o`RXVJHK0-VXfWFa&mpAYlu^A#zaTRrQDMEM=?n2T%@3nveD3O;z4u}1;enue%GZY$N+%FN=g0Qh(OrO(GW4x|(c zVZP+iHiCLV8-s?OcX|=}jpIw6)Y=#|TEWqLza22BS2Y5(8(oQ&~49LG{Hup@wN{(e2koUkA!J!8pZ+%R-|P1S%ZQ*cFLVhXtkHxbAiU2 z+6b^2db7AG?1%4*sEw(79VT0>bX>qcIA+aiSce_?tnYLdyAbbSkT|DG1r09a85|Bx z#@&@yV%Vks$eimh#PAQriVK&3h}ogt0f2vt+~$VY7EMlow-xszgi6YNz4gjTgxTnv zRv#quOjm9k05e;CKA%-$?j4Eo`zVSrk+m{F$#26NEhhhPWW{&F+ixW>vuhq8K0Y=H zil`tAzb<_wy@RxNNT^0~E;g=X>{fvo2#Ne?=&h@GBisFwq;hiO>%PwP0EeejR=lp( zB6^F+UB`Y&F33c&P!p2GcM5iy^8TGDfw%}%jor&qyrZYSO~Bxh#5=j$Y5p86i+9T} z^o&tj&-3x+HDVPtZWlLwA0w;Mz2#YxJ?&*ZUGE$kc1$-XrS(7r%IDKXK0`$n*0ni- zY$i^%PfR-Sa zy)QD_f@HX64}xio)}U;v4HD3@78zpsn}di^6|H#PQVOCubnVq}aW~0UjE*iKDX73L z7Rp>~v(hfuk+#}+NPa$&;7k^I`b>~3(L?I*>fZj&VT%72z--5P#zD|Z7KIVhWu`Z= zS7@P^LPUfy&}Hmt6hWrj2)(=EdA21YskEN_ywiLlwy|PQjP=Na+IaJ^e2U}S3m%I^ z`LkurrWW083;d*k|6=ECITOa++^-A!T4W;MuHCzy%ny6wAWYFSb1MG~x8-otzdLnTvm2@Pf8ESqBOQ zH)@%R;`D{E%qk(R5#OS)wyj~Jp6k$MAx}_BU%Y4CL&E78cR-yuQ);qRv|Bu#502^-(7G(|8!ZKa z_=*)HSV*GK`8ag)zHS%p; z%5mUBXL!z#y&?(Nvx^5jYhd4|aSmjhWxpRwSz$D#YD7HxpnenM2IG~Hd#6kI53w3b zL`ca`86zxr91>SP2N!nz*`>h5IT!va1W2fjmgJw1bVU~T@=HlIvmdYj(SUm+K=1Lfk?^)6Q^XZ4uCMk@>>@an_6zE! zZylU-1AZ1ihnSYs0v^$*#m^nf!jBsFIinzi>J#^R(vHtkA7{!x`q6{4dZH8VJd+m` zYb%S1;RLU(CrLkfy|!iX87bT1L|MWPaI@0x%rnP#Ucj#E*&F_XAkS-%cOEq0wz8@5 zGFL)7TFzw?V$P}(U|+b=F!loRP8)JRJaro0l9iB-6CSM5S9!vy9NUiYb}hmFQ2*L- zJN#*Zw=u+s-=*&y^UvhAKIO?=JaH7(CfNo&WbEWF&%)I8Jl4wn__|S^EaGPHH^pKk zeZiYiwKt(ffy3`CaSuv7euJc=j0vrD2Q5bi85dMx;JZp*{_EdakX6)IWz~SXNI1Co zFf1?3;c=evO4Dd?o#R?^yGY{ST06s4Hc-cQ2^|h)jiR@lH#F~yEehp-aMN&A*FKX( z?Pj}sG=2=rG8mFlX(JNBhJ!!XM%uBfLsrf<`8HVHsk^tUO`HW@c>|u_uC%pj^~29B znkO`J0pC6|oFJ6K{uwlun=wiNOZ;}&vE^IN1EJf{lSG8%G)Wn2&SGci6i;ChHu{0k z)wRqFf#rj1v@*G#OzCX&9uX&#&Y%AS*gz-03%k5(EkL8kmNmoht96^eZvA6u-5yY-LiJPy*f>o7uoyk3l4x8PO7JNn3;JG z`sVvi&PjE-gJaj0W&^u@UKslP-jMkdYXRWrN7y|XdcY>(xeacy^T^nMGSm>*UJ1;6 z@3Wccy~I5hNtiqO-g}41|Kx4p#JEoDM2ah!Av*W89_QEi4An3#sNzD)~q3Rxc zP``wr5akG~5xq^(e;v}uf)AUnisM{Pc70-X@B2E|)3 zAvdvKuU{@Ce1>t-__g1QWcku8TO@|$zGG1KNaEf12V7x9M7C|PSFwfBY5su&)R08))aliw@Vfk6C`FV)e8Ec->B8-gVk6#hM_xOgo84G8|aGs51MwvCyDj0mZy{iQu>_WwWv8Q+>lE7Sd-ly{4 z2v$22Hsn&}A_wUszrc@WgI9oEUin={ zK!X#_hVks9QJm}X4#{|trX%6)@}@>=;T4x0RALJy8o`eb+W4C*LMk0fmu->}8q!@S za`=t@dQO3xX-^b@FJ3)@wyh77&z8NBTbX(T%To3z7TR=S1XR+31h1kYRZE!fYJotE zN)Pu27bmDz=G_A{a517f0!1S)WV6z2RGac_KmP>gzh&P%_239H7wsC3fb_FX5%R;W zbfHWobkAwHj{VW!l{41ZQ%y%ri(V=Iw4SL7c*^lwRBI(?^a5wH~^Q$F(p2wbsW+jMy;Ja(Q zApIN%da1*}u|`8Up$_66#Lb+{1c)%#LO9E_fCR-d8jk?V&8r+Wc?2N~H}+{@IHZVQ z6j8O{kghZRNc>q_v zF3u}&0BJ^;-+|OYarC)dMq*fE+6Rz>a<$bI&Q%!6Rk&&kLiCZ1Yj&w0b5sq1 z6Jw$`Sx5qrpQm|4}`jc*~yNffIP3S{85#R0000PbLa#hI{Cl=0000W4Hj5f zfLvcN?*TtYr9iU%ZD5UNjAbtF>c<`ntEy~piaf^DVQE%F8|y0KI5iWEB9m7+qdf!8 zlz=;S*(`0Sf`4JBSdgJD&l74WDkLSP4Pqzu$Y(fqZF-JT)uo0bc*Q+^1N~JM&NxVs zJM+l#X*E?~>?=W}X}`IM8~L}%yYi_TjGF8rMH5(qAbD?SH!NfPqxqhxE|qL~2peO~ zU+8F75N+gw6ZZKwbyo$yuxpw&Z6V?(#G$uN%#ekX5WJ_Ysf5Y*_UnKY3adM9>Rdpi0Uvy!poE!;+=7C0`Q!0Dexka&KWOSanf!K| zT7ujnzOBm&Q_~5k%KH1}qsDWcH3JDzyln1rs7K?JR|2Am7{IyC5FRi|s-`|&1bHlQ z&k`Xjf?hhMm273~rTiuxsUQ5uS*}^mW3cdyAi0res@ySW2)l5YA*U%zE>8L3P##nS zl%G`B{SZJtZ_p0vZ-Duj7M?BhvYa|`3CTv$sOS5~`@BI~8WN6yTF#lIpueWtVv2ni z8{rX2p_v*W(9Gu+bA&|;s4)ieVaBQwo3QRJEvN6-l}l6U55{a~@JS)8pYY^e$mvr< ze+9+PTiYd~5Z>$sOo9;X9K921d9DJdjML@-D}{G)J!!B%qK8sI>rigt;P(lP9AcTo z9(D5wASz&2Z1yrg_HcF;+z=QL0d-Vz*tcF`qHJOstls*(2awF`%Qzj9m$|K zo{G`)f-aWwi!g4t{uY%NP?44{r9;A3FJ`?DMmCO!_Zzm2|k<%l`%qhGZC${mUaw)Pq3uW-nTO*b$ACq_};qY1!-`%y!H;K1T{) z_zWZ2PB2}$aEg3RXYZ-rn(LfhXa~%LV?_@Y{7+^dCBMg!WM+ei!v5uxw@Ghb_2|y9 z)F6HvRL@4>Y@;J`ggTb_q-;2>&bJRmMHD{oAo}}*yVaO9L>be^iNttI<e2>G-#N3R?TvWngU*nG&G9QB4p}MROr5>#3crfJtu%>FD z>$HK%s8HY7w@m9SJ!;%}xo1{3;)nnMxnhj~0qXIM@MO>c00005v>7|W4ov_eXpNbW6adR%cP#W7 ziPROvkHna%9VbjavJ21}zEY>#5l*dV%0h{}zC#p__>xlhT!}nz4Y(jB|6yD9djy)Y z2#rBD(34j*P%ng-d9POu3bPIDv^x1ZV{jO5^4U=@`_3`vnSg z&q-(jB$xw*7we?16s_r%78o*#IHQWn@t~pJfH!{>OaV9Vo_g>E84LD~qsgDgX{D$w!Vegrl%z>H;h9s@ z;E%pc_}Q7a9LQ5B(GbI7VE9zBPOwzQ`?R#0{24wV{G*_g91k4;4$WX+gH!a{>QH{E zEDh1(pw`NqY8m@a2tP7>J)v<5Zl7CM)m&8D!AKgo62`k#^I#J92j!>T!X=!*W>D2y zz1U{gfIdoJIiD4Pj&d^W63rG8`CPzd{ge{&{whUry5emeL6Ni*#|z0w=|6QM=l)o1 z$CN(W?D5p!Y;&mI1c9apNSE-HlcdrXQP)E5C{bZD<1>_2l3k~y&<|* zF(-fk7k~_a0000BMUuw&>CqOjg4jQCu&Sq~5km4yuv0e+V=}9@piNkXE3QvaE4hnG z=jK3{`*-K6#g5{A@Foz8wD{@TY55<>I!jiIh}6(jxfnj15TW4;NEhf*(OQ3ViPsy}3vOp7I?Atd?MZVEltb(|jdPpPduDphgsn$lJ42WCemJYAfeZU)SglW8uy1e=3b;1D%gWZm*|i zO6h9a1yV!@(8Chun5eT^BY(}Sf{n_(PisG@Xf-Ih#xHf%xBl1-E4>1p<90OV59{nh zghg|SY2-eAW#~cZ7wY6MoVWcz$6V{6xZM;B0QsN*0004G`@rEbA3=)M2pZVWQl02t z^W|;TETzip&-FGKeoc{ebwaF|r>ikgd)c~#g=~ciM*n}<+bPaL1=TLdwmz5ZkkKTk z&sE%m3Fl&$n!_}!%X(3rCg3#Fomxd`lrU*m0hWWUE7HHn$Z`6p8!xj?KD<{|qs0>6 zq@D+de)D3t0zSYlU*@XiZKFGkgDRvT%`{@CilS0|j`OCQyiY8tQop{VqY3#`;D^(2 zTwhLR2?2s2c3Sg>;Y>( zhsqL8OVY)}r_awjdaa5crR_cs?SJz^FynTa{xZ;OJ_)l*^Ku*XLvc@j86 zS@xKvPad3^@e1=Z&^6D(44&Zk2PbEtBzqYVf%y^>??2o`2_Iq^pGeo=fk?sl^Vc7Hf+0*BEat$F=Id{Ts*-=%v=oIbHcVda zcvjYASfZtfTgAH_oN00Zm!mt`>sVdEzM9z%7@5k^(%GNxHs@zkx$aBGb9tHh$ha&- zwBa*s@H^K$usb$r(k@0XG_LE0LmOu@n7Zx6 z000)S9NQ61FvAX#;Y;LV58wY6Xg|i2m5}}MwM!5mE${Tr2mnV*mPR<1r-?&2vE=ar zwjffUY}FSg7M#4p_~nKA>XM1Fn0nSq9DjO6aQt0N1+DN``BzzBnY1e>E)^hm{N ze$+e^wTEPa-c`k+4EoK=5Xsx`9LFLiv8khTt)i0H@Tq_I%16nwo+i2xy;xz+>f!7K zv}nA#yOTtj?N<~uj7rKFcGLh(Af^qC%r&(z7!xy>tR=)22XeX46}>H!(#lxLM>_k+ zj(ClpV(76@n`?gG8AYf*5Tu#GI#btg{q&8IUuvE4SzD64{rj81zrtVD>C9nC!_C@~ z*roA|o?l4?4o#-hQ+?%>{zFM3f?Bx4h?F6=ZY5L4Q?28j?ez?b`H9O+qeivA!dd=A z*(x~zz=7~fhr-R2l-+STb!6Vmtg+UcUn=X-Gf9N)#l+xEqLS9Io33BL)<3Qjin$rD z_}5j4Lvr;wFIT@DO+Wwu01(Uo00001pnwdjRw7;nPLqV%0_c9gg}rRKz_<37gA)Vm?XNEImClee%-`4pTv0|;g>d3DdZFo(!GHho_y5v zl^JJ@W=uGyYm=nMSqWx=o2B9fBrBFzVgdRn+AYoX+-s(sB7qx~cFEFsq>*kB&??sGC%(HytxP-gV(KAtL(Tu zQnDL1fY}Ya)~iJl@m1f6BQf#(u`DZ<3Vf%Bb1BVWrcN*M&>}zEVC-obg1d z&e6prNcT=|oyELFzYY%U^wa+K@$VSQN(+ce9J=6{Jh z9C{gp)`}+W7&7xK=$dRMgR|gb{KzlHLbQv~REyVP?KruF0_qp_Aoo6jx_%}5KUPkG z#ely3PKDS(1f*hHyIHJX;Vl6NeS5}4jLGWOT7996-Ny8`_8smHot^uw=Ia`eRL34* z1ZupmAn0N}ATTIL5j9&@rFR6=A5Jkstj0(`Of_)SCt*-XkxGKt6KeHh9T2}$!z zk>{5T0cKv+pd%}>g9x~4C`0&pkrjDTEX#_4ftfDki*>+dCExX%QzMjledw1kA9?w? zJb6lzUeiU{=%-&~#=RYg7|hIh9tY1IOx*dV?*`~bOCKDXsES;wfWygppJukK=R{A%>h6J}AtP`ktu-96lqA%iEiUjOx*m{PHH8BG z_reaNIjeTk0B3_Hu^f=~C}P-U&xy{R&fszmxOUe#>{qqvn5%0@zaMQ!spVZC!9fGp zI-&FcK`nSsBbdvc+|ovIWgzNR!~(%i05nU?IT=<-C4r=!fHPVWUSufZlb#`RTqu4cGd zXP!uKRw?#o59rvwb}l5KOyfK;12vieMcc<;T_S57_Vx?`kX7WPNHVJjp~5;{eJs2# z3QoD7YepU7gNgV75E(u#w|n1lzkwnIR)MeA32Z-?YduKX{y#Af$F42SK&z{-T#w%7 zo+}|I$tsSh+d%-LRGt6uSGdUvMkiTY)XfJ|o*h|2l&O3{`hW16lc2OI2&{6g{ei-s zgCVY8qeY`e`xbu#e`3Dv1EO9~9#w-gUUEn|kKxhG#9@z9KtN2I2CF7{{!WF08nwLs z9i{nL;`d07*H$IL6uDK>%+22&#Rf{anF6?)CJ9SO z%M6GByMd_&1D=kKHeV1L`n0pCx$T5%9;WWP*9_R8IE#jyQErB+#$5dX4*H?f$%(-O z0|K+~gRq0t+4#MOYW$dDFupOXV|u|xJPRBr1_op3HCS10-O(qqYSVtaJUz)X)=e_M zsL}B!GutOrK|}o_9ggU4o8YO!v@U|h+7B&T1$F=arNq~Ie`26r+^dqyFm~l%1n-?S z?Ni}jmzpkTL6Iu$NRcT-g$}uETKuU$B#T&-cw}KJwmYz-*>8SbDjmI ztnR^9vapOCYC11>Rouj7y!8820BnbA)qKS@oRe)S@YHq&PRUdiE7Fi^Pkp_ii@lhK zrrf_5C2Dr;!;>r|+chWmdiNUcU$1mpL#iwv&&;XtS>NT_g00000 z007}?0y(A#tPfdR&E32uJXv&{bx(g9{f*&dvH) zpd2B7y1!G!#n+&M`0_)L?@?3c09$8sc*)T>@eNi_(MpqOzIEVA(ltC3iiM=Lk-mS1 zGD^=aMy8P<8PXiq+2Uk0xf4z!L5eoQYza+;T7)o#J! zZfg80diV>?3H?+^PjWF>WD=DkibMk>-(eNec<{V=y0`|&@Vz%wnMDAow>&&N4vk`j zR;Gji0COd#u@+&aPK0@ihWRa>h_q@y+hDrcYZAo0cmh(Qle~kngt8rN2pDc0-9M*4 z`2nxcAU+kAWQBsH0>{DjM#QKGm1RbHdYK3S`1(Cnz%^* zxNAqy<(G}+cBi%g?bf`D8zWP_xE@-7h^@u{QJ|uy>bgSF$)tN%>m$~E)nKpyhS`?X z02_XJt^fc400G7RlvQj5>gFi2CD0Hp$S*U1b3CnvCQy1gwod61o7KDNCUU*O=iOTe z?F9Sem69Ed#8Je-I)xP;E=O0=X_w#N>Ur`cAx?_WNZG}TWUDrj)?y| z25gzw7FKyLQ!Ld|$%gmWYUZ^gi&fx6oeR~1@(i=N)uE&aj}x99m9i}$meRm zxW4>ErJSV$@yvqLCj>`k!caQ<$~+laGw&HTc2AdK9SKz$b5!C6Wr2ug(Khr5pCSoZ zMnct*;9y9b7^35oGqoxppb0fJz5qAS0b_|!00000g&+sr@xW}OBZ?zC`7akTwOc@; zoaZ&aTBsj#gp2+<2S01ecgF)*(s*W>Lcb}VUFcv9G9cUlIh`F{)Q2=YC(mHV)yXO06=kND&@iy_Df4kgc64bOUjI}9kV`lbTRN6D%{ZVbQ4MaPyAn?tEIv8jd1s*7c{rr% z5RxpZCXP<=D|KEnp)CU^a|bemo+2vtWx*Ie^XgO~avo%+K)Z>-J01MLcpA@yX*cNn zAO-w*#tKhqJEk3y#W>VMNeesGOQISXvS`Q};Vo{|PcTd_%k@wH5z1mgfe%EPm^NH< zTtc_74i7Y@ROW7QH@HxDngO*u@w{@-{C+r4cRVV~!Zui8O|_I+^sgmbrY++OJErmZ zd+|vin?$qJA7UG-0AC38IqdpPDT`y3fo+(!s+9|1AnW@$ZUnxE29WsngfBl3(fO|^ zTeOAQV`9a?&BWi+obfcf62Y+>^TAP|000000006X@Aq*G#5XLeAwh+Vg2#ljG4k2+ zudCVETgDn$04``F-@zaD0of9^oRD~bRQ^N|FHnFX=&Y=qAqIkNJd~NkZTelGV^H;H z)rSCPU%*K0Cl_9(75B5cQ0YFad6p9Dph9&U0FQOfE}R#nHCb_d9)f=6PXG)Bvx2`! zVxR@9yMlbKvLwqvuFcLc*Q*SCQJ>k?b?*cR%}{1l81#p>flIzPDP@o|8VDzKP)1*y zMd_GS7JSR%^veKxHtqn2YhxaO5}|JPGm}NV;||>3l$hTcmf~C&-XCi^a%j_EtOL32 zb%GE5*C5=bikhG17m)WRCBC_JiHi?$_XyA+v}jF-Wa?mJJ0w-}+cVaG9x&W#vsynC z>KETt3)1o#MZDVu0S05&Yf3(zuoOxVDIhogVTn9%fK+xqn3qt|#gM|&QFr%laVmrg z5%iseWMSuVR0000000Hnv4B@~9YQ%gj7qI&kG9cSytfyKtSojfw zfSp;y*C; z^>u^ynBTbOJz*-XVS=e95WpHukR1qjL!KX?uE$S|(1e!QG$I}-gH6czW7%vG&`uug zI59h8ckF7}3KRL_h7zuyCR%+>2xmSE;Yxy*k3$5x*Q0Rs*FC9FR_q2c7u=a+RjOht z9P2A0iXHnJGl0QLFS1yCpc@=iyE_-CX{?_Kt%_T;PyMRY`tF0&z<8vT8Morc`gwnn z?OXOq=O**v!H_QJ0!=^zT{6#rvqOLY00001A1BmN<&+9AKE=DF7fI|*5tpYx8;=xk zXLuqJ1aEVE0^uN#GEW!#5pOmFfWjAurgA3_O~Q1gm{?8-D+5e*YQTuqYaN!#zy*$R zg#y4?;9tdQAk6=#@gfPU>|WS~OFLAnRrWq!03yk*F~Bz-*qlu&IDNeq7z?rGEX;n| zK@3WRgOO+rLCn;M3d;u-ImU}59*ZAED0RD^0R^*@LoVXnVnZLDee)g4U;m;?D&HG; z!La+YO+D<8W|2~AfZvC{C`45bCxh4k>yiKf0004Y@-fXRqI8!Osg;?I0~I z^(2M*^$yFza92_mOYwr+!6cYri4i}k>l33U0a@a#_??X~(mQQ~r%XgX1x5Zf&Ey@t z#$uIPOa;5&jK4`!LZb>g^019Bu>MRfFjXpgCKS7!bqAV9VBDGo?k~WE&?yae3ooLD zrr~^zx5^V+t9oU>Q2EF+HYU|M-2gfb*z6`vV5gDr0Y&u3VoKo~pd_?KM7M8mxc(N9ekjAfsfJy68b)mwa*o5XE=&BD8OJj2}XkL36eU#|K#x1tfV zA-s}0Qk1IV-&`f}OHLWG3ETXc7tlL%8&cXMuAl(_uQF~ej1OU1LArjM&x`DrA-mtu zWI#E}dX9t!9<-nQ=Hd&8fTbMCm z?v_7{0015X^S}TA002ag0Xw{5x{&Zd@9fLw&%Hzh=YLBel1sKwNwE%4jHXWTfJ5lt zMh&^LQ;|Xgb~A67^jj1kF^_&Ju)WKY?W{K(Sh$BpiMw&#t7N{?1g9Ut9*tcPFz-wq zaVv`o{+>nC`)wwJsW!qv*mEmSWxUeAO!()X$WfK&m+2{=98+vtfaCFChgZj9n6TrL zdT3#>i~vCZscdQb7QI^ZFy*;*_2K&Ms4zk>!$;IQn+Y+fE~FE>c4KnR*)nczOk<=l z0ocO?fB*mzeqFxs|No-v3R*6_OA^{30nR>F5R+f5c(@M-4IP$MB+I9A9DYkKD|uF= zgD*gy4}ZEv9NU?eH%$zY8J{Y6{wnvP}bXfMkqTIU>7eYNWT|atVV4UF+q;Zr_)y$4TvH9OBOsc zwe>?MGjv`KnKRrjCCD0Q6r(}STvML3sn_=^vDT98NLl>Ve>Kqn(43PqtW{}5{sKAJ z28KPsr`89RKmZM*zyJUMw28}VF5wH4nQUOD({#vB>yHkj^bUO^0gXW}>nCHqV(vBB zS+k{wjBE$Lh6lt5j_fg7{ux$}?0?hQ6IU&8Q*>LBOp%tH5wboJE@b?mLt{yOqJMng zfpu(7dc@i#iEySZ{aQCZ9z;_6?-&T-i_jh*U~1woxl|b_oP{^6@H=lFZew-H9FlBK z>1xI5Cfty?UICy}G^X{qz5wC&1oF{0S68&aylO|P`mLh*$wOS+d5v#T0O)QRAOHXW z6rsw5C~ikHz+X)qsiln=HS)m-i@;A}$5UJ9{AE#JCY}~_H!+r8Fj~z@Xc2gMR^yK~ z{5&7k5Gl_ffd)8}Th&5?L&1k%lrSKG095)l z$d$gtxBwBNzyx6o!z=gz00007Fzgq6zY`gv8v)eDPnZIwX_bXVyEarZDl5j+pOifk z^hG8fgBHpan+0BG6%06=T*X&;*tCI0k*G-un?9y@UNnjghJ`?uE8s|471HNJqFQw3 zbVay2wJcN6gj&OM>d#Tn7uN98>w+VlukX{qQhCBEG zOpzT}0004$TN)D$_m#6Gx%=)5Lwr^} zJAU(BS0(eXpo12Lxbyau@E%>Q4b+EgUm(H)YD-}Luh*l5c*9+9L{b}}ntygOREi$M zAC7p*Wj9HCS*YNt%e>lKsNsAe_NO8;aY7x9UH2rnb;$n{`gxd%tw2F|pkuYIZ{8zp zf!ze!&5otImZDY+iiI7{h70pL&;SP2?l1rV002VKnwSR+4pU{bWYF2H_m!-uwnPI! z`_tNM(6Zth7?px&{<{9p>^UtcJhMI*prvNB;B)9)i>|^y7v3ZKy#m^BECq3I)awJc z;|wRdYKhkqktd##mwi(cTYePh1F`X9E^&o>+4Jstho^8r0%a>K2<-EsQyC)`Zog1@ z&`VyybDnYtTLmYOM0SOw$;u6IvSyXBNzZL zo*X{6=3V)OT5F*AuK&~q{XZxt+;klF7T zsPr1W;)jp=nbG@=i;0Bt<6#3L9h@r~up(cvZ7lOgoql0bM+}d11n!&;hV{gn_D;b; zo@YwoR!=J^=#Y&=v_8y-oQ2yPL}y)kJ-KM;Feik8#qUoIkFEJ;60A3nex4ojbHI`( zcCRPPgAq~kGklpm8jiN~u^--%I&3xsa+&(!5hN8vZPmB|x?7S|SRPNXSa1ie_BU~& zW+d~3a^&b`(o<#?Rq4!!izrox@Bjb+02CZhdK8C#qDKlJXTS^=VF^o!MiHWQdqW1D zG}1A|>R@y4Y~sEW0%z=?XyqTD4pM1OT;CfM;|NS~zgu2RVMwV5Qk4v2BY@3z(cV!? zSGe)qb5z{x8&6db3Js%~(#!SY9<1lmd7cEnrl)xpb!@S}&qp(&iYmQSZM5h6LCN>T zWvZi24uXN_VgXpvk%SxVb3-Cw5zl%oj0^I7^AZSh_aVm}&$mA5uVO<50RR91DchPJ zE_{E-B7+Kqj32616&(BcJ7w5Q!m+RLs0Wp|<&kTf$49bf+S0{5^0SrguQ?S{?$-ZV zFHqF?kP~+}x6d4}4;YtUyGg33LirIx`W27>1y0AE%2*$ zJ2#ec%NJ557eCWfaj~PTkSAwqVVDrBtG3jl!vd?J!cz5aQaYlfWNh zK!-8_001o`eTAk+hDaf~LWeQPG~%D7&J3>sM{bRE?L_A$Snw6qgRLHw$3B8emmA{$ zQ3{Sg;Y!9sUdF_1j=)@zRQbu06RJ}!;oGbiDD!}T003z(Sgw<{zs9wHEL7&Z^a6!# z$Ef-$Iy(JkX>zV7!77v4>9ywX57~cSItv8Qxz+H-`7}M3tkNR{TLQ=oek9)j2O7?n9$jloK?UWV=i`&SSJLC*jq*Q^P2slQ|4CC9d!2t0cHAA5#g~5o^%l$& zxIxD(ag5fho~cFU5I*O{o`;r=t8k*0*8<_VCaSH?GgXUeV{}RS-rK#t!6=#d)xgte z(THi=L#i>qU_sWAb_*j@y&xBg#H0UBdC8 zD@i!PaLj)usId3|%K&QJg?AL5H6*Q;UbG*%(C3@@Mr-SW*IONrKEw=AT-L3Ih0ks2 zXtw@TmD|HJZ41^d000KA0TE1kU;qFELZa2)H1D$8fc0ooX%=#YA-e+XD@oe}ha#N< z-e?k0B+{xJv{dkX?;V@8g_HGPw+D9xh}<&z*pRM+r6|F^FSn(%^BO3CROlMxh&V!? zq%s@|BRN2YW67`RPRuA!^)yO}AI*8t1%DhC@g$3Jlbdh?H^bP1;79w2bO!?)VV_sb zeYRgiT>x`cP^TNIR$p36&ITV7<(i-hb^X^XIT|wXCv(YN-=#Z&upqx4LC1J;tpHv`;-f5q}->c=aI+z#WQv!)8@WO{r z!}aRJNpIQwXa|-2dPFV@J3h(f8Cc0j*fBv?>1!OhCDU<68$ZA}FZFIXkG4}MF&@oZ zYvCI*og~FN2Ooh}8jiZezo*F)Ex<=J?a0W|aqoS0>i(mVB}?epb^SIIl4zCS;1fby zjEIdNb2B#sR-wV%9?)pj+RuG87bs-(B17oW6k` zg=4gemHa&^@j;YlgL>HARKo)0f0bbSSlTP6XfaOh4rmC^BKa!H*EZI5pPeufM!hww zmhljUi;D8H38a6TSh;rJwD~ImasB`R000Oltuz7=sbN0$YgvZ(2aqhl6}-XO8bbC> zi^#pz0TN_tGaB@egpWNzTn*@z*f$rRG&Au7Z^6t&P^Uq^0fC2pHEw4=|D*-PL#2}K zddxph&m-aDQ^0j8h}02FrVtKt16w_5yEpxR02z|(U?B_raCkEmod5vI26d2nyo&BM z68-17J}z@$sMJM6j^fi$lDAmQE>UB3y|kucK*%mrBAgJQvC5EIx-FV9Y#j;71(I^* z90C+Yl@Qyh`zA};v^R_UdESWllGyBltTc~-Oj5P30007a4WV7O_%UwMYfLu_Ky`FPTuT>w02yz=Bc;`V?TC zCWSh*T>~GQ-*9#Kf;DwWiI-8gec|qgJi0Jrz|Av_Mjtj8B|mF6b-+huJ?YP;5v9*s z4i6g}(y2^ODp?3+bEHI7%vkH}3wBT20+B#%mH+?%xFTB^-hp*bU^b0H3t z4?^U9Cc@-kzD#wSzg|<%W`8S?aQTSJ!D#KBGJaFVTy&A?K#5QDO5Kv+ch}kW;eO{a zC+yG%ec1>?01=Lm>0wLybu zRc+8TT}p9|YLe|c~ z3nQgOqLnbR$nb=!SF7Ot{@cU67VB7S4Hj3YHvBZtw^0brVX5G8TPtn{$XecFkG%KH z!TQ*31W>7zi3C!`y&6Fp0FP=>Px$PE#vbu^-Dm{W0F(P#!iC_%(SY+6%A| zPXAI(q7wb-#^8D`P$~jkO~0CZ5%aagS|Dg3j0e&Q0?L^HdAVVWA;+LVBxh`bq<@W8 zy|-O+wR}qm|2G8?Ky2s$17gZYo2>C$hV`*K(>Z!So5nlOqV(wDZyf|%NI&&D9tJoq z=aw=)lK<+b1Sl+qm`xLrzJ{HsIv^$(+(ucCW}GgKgOFXVKVG7H4 zdlbV$yS=cPX^VYt-8e`V9WVFoG2-Gdy_6_abXKsTC;YBTfrQR7{=)NFd}(~8(Qa1j zmz0Q&1a8d{*NN*Dl`z_SM5w!1=&XEXW_1q`K5shbT&Hr!X3x%r-Xt@X#d^x&?G;27 zi!wRKi$LQ;uHfz|dtf=`IOoU?ygSCc2GY$mSURJ`-U@gL@rGLeL1Cmq51uV#WWvZo z8uJ-4uF*$G{ZEAZnqU9`00eBdy;uUjkz6S#2^r0fct{b@>v1GxsQL@T4a$ z-y<%ig2MAxr}yz^?YhELmsS_hN6(OC;ds8Kr~4k@v1X*V zh`rNUOI~%$a*eJ;fC#!+fh1aUL2!X&gF1*aG0{7Jh|-Ynnl5aV=jGuwF9s~6g|xkY zf=g?=XGWPU$DG_1b@1PmMkZVbX+z$p(&)-?R2{O+O@wD7ant|+01-bW*8%?~=yFsp z0-ZowENY@4_}3U^s{?=u#I6{tO>$NtS#*@!gTW?K27~BG)T53&Yu7g9usL1tye{ z`|@!Q0~{9f$S!9X;ZstxQ?N+HEA`RqKi^kO&8sj|dc|g!?q~{4A4Ea^!dY9!6BZ;< z>yf3Qu0%nGao(y2HAe6dq)W_GfNO~XC^ohD3Pf``b@q?sx!>-uHY0Q(UwuDTbmIS= z=9#7^R{kY(WpeMm1noraKuH3s)GBi8AW>G`e2-XOgSW4ZqFB;e-55+qP$*&Flyw_r zcezrL5k!14V5-cL)ayBrKWRahr{TQWVr?~kG=2UYj;TZ${%cu_;$xC!M&hL?d1=oQ zWbVX@ku9C+jBVDV;Ln%%tg~L9KascTguMVblUHgOYTy6>2o1TF%XkE>Eb^wZAVe2- z=q!3@bpRNhduY!WAi;u)Fg(t@>GXX=QR=IM6&uzK+l_<~uq^YjuSH8X!zg<-ZW&8- z;z`)fp1tHFZvWB?t^7=4$h)dd&Se}*oc+ghX;}lm31uupJrjh14IwjYgCtwAJ`^w)QaPAytP6sIM*{zs z5IW69Aw?M)o8M`GgT7HED?bISUT>;1;SKk04u)V;buwy#u#vn*QY?hKfPda}sN?vW?vXYAI8&h0o`)X?-Xt{JN1!ybBl6fj&y7Z3tQo`w z03#Mk)(lxR<;FK1W_{yvkL`cwVVmbnn@B$Mr+9V++&vNqaSBxBe7#e2W?j<-`oy+v z+qP}nwylnBbZpyp(y?vZosM(ze*ZXQoU60;&AzUxU3*p4tU2wl`*BiTBis7MLN%e! zZ2~ZQhW`rCG+HiH|3fEui*@1zbQ- z+(^ox#|uXIaOmj;IV&HnwUS0#4KgYd#p}MH4(VoB>~A|zVWLO24soS_F0ceb3RWd# znXeEPbK~8Zm6V8q{IXA$TO__h#3G~-m&Go@#I8p!*KI zsN*e+HvGG7ps*V~*JEDqa@g+9WIe+KP zuBC3}uj{SHHZzrONCtU2aRcH?s6NW?9DQBAwI^c%}2D z1?M_8>Vl>I&&*^P7m)I0F4m>h7F9ZC?3{ZUO&UMu%s5q58MjXb$4^MsCz9kVKZfMG z(=_Fh6}uSshLBcUM)>!N>IBoHo9BvTL* zOByua1xdYjq0kcO!zhm@aRC%!RrfaUy5WJTp{zIHN@;{MZ#lHGaR#?PEf1baOOMw7 zm#8{qf+7x(r93_=%ve3UA^;0NR+Z0s6abcm5oF}xT>ASQh0(_fceUa)l9CAg1#iLXlTydOWS^pf$b3xA64qo? zQY*?iQ95vH(jDjY{hq(?0kgspm<^)RtI||zkP{5KB|`|O0EG2awvgopaB%WB3mw-R zMbf`X)BZlb^?~u}p6b8qH4W{gT@)`Egii5d%xwET(78kIMg&yKwl0=VmYw<177qt% zdL|Z)IL41!y*}D*_XXS+$Cftwd?=Ra9nY*PZ+*1Ov@Y*XFv64D!DyN&|1A#Kl zj?7u(O>U4{W@(@~#*%9Zw2uKXOx8?)>M(I_X7{hfg$Zdd~5*cXzR-pr)ir&_|8#<#9<@WOVe=;<8L zW5xYPMaZW1S+6#wC_(uimY6pixH;J+z$&}*|EhCP&Oi>t+kMzyZUpW0vRjcdh|jB- zVtG4S+_Y*^oG75xvNqESnKKL>Uwnr$BG?^^OWOCH%DA;HJ3Wf&nA2QE)r)<*j4(p4 zccM_*HK%)sU`na$(4!zfqmSNd*iIzU8&mkVcq6g}IV^XvK`D)gZ;uOkD!wn}U$mii zLdwh1J9dK0#IU0g*fZBQ-s`jQhx5CeHWHY!f%3t3C7A&|e8UDoR~^3U`_hTYpheU$ z&b+=UKS57u)cvocE{#muqK-R^@-K;NS@-sgM#j?*PgG~V?Ot5KFO=a2T&(s3=Q>3N z7Kw}i{NknL;zc>C(8$0*Rd{dDw4GI#QhyjSRUV0@sX&@W_XkKfB!+Dat7@`|gVHu5+(HbBlz|NmUd$q17kCf@X7%T)qk z#C6V?M$8oLHiGdaGp$8d>Zc@QbBNh9gAGK?wKnT2dr)#XMuob?Ww=N#RyZPrD@1=A zZpU~{3~EKPQNZlVT0Qz;s8Dku!qK08(w1%R4@*7b`-9wbwn0(~T8^^?OSW*fcY+fB z>hAT;RGB~s$eJA0sq1SG=2w?F);N$5eo?USnKZj{JmFLqjAhyMo)>ok5Qo4gVj-Vz zLIsoZAZC&22$2PY=k+J0imMB;*3JB09?xq3sNcN**B+4ISUuEA+?WFl5>yn7H3be} z{F&cAeq(D1Q$Qi4paVZ>e+Q!qbhJ`oalmiKZb3Ee!!ho0 z|I~RulS9+>XhcvBy3>5% z0>EuNH8qysg?PSMaP`Eu%0?#+NY9XP1j5rV6XiXx-g`w^X+8gD9F+c#s4AX@*$0nw{uCU*`|)9c05F(=Mm^zKgf zUQMAf&q23%m_9>0D72V%U~OShehfBes<21enP%T~|MI_P`NT>ce`*?w!qJv{2wNx| zYc1Q-bD1)I*!I#nmDwMg(f{OUC4^ZYsZvS5VA6tM;$+ni|s z>CV9PW6*^K&E%!2;yk0O2St2U6>3G#Vh(F0c*b#ilDp(%4eHYwuhK$=e(}?afV9BlYpAZ(HAhGYS3(auC9HXbk>aq9Bb0{8J zDe9l97^gx)rJc>!&~1AQivP46(*#t}ccq51FCHE?i?bO(W7Lf$#a*p;5H(eas|P;^ zpCc6ikg>QT>*pPA4NJBzh$ka}G#_SOqjq`z1qG`p@BN3+yR6Qt&g+u9dcS>}YkU$G z6$$({k+nvW2X`Kkbcg@;46J)_t1K%(9o#-_MPV8&t3Z|#`R^b4N+GFfw2pq9NwC%8 zc9m^$NbN2Q2(IYE+DKn1tPuSC_s;sWcb5=fAZRiPB59bE9G(zd6m7v#s$wi=X5b8L zLDAfN+Qa1zT*X0R!YieANqm@Mm>-i35k3GlQLGs6t*Ht;FD)S>+Qu^qa6kosFV@VL zj~`eXu#?>ul!gD_cLB(lP)M@<@ZBjlC?s*TFwQq~2&He3QNGEA(Mom%I9(nZ@QL*x zfSv#z;7`%FW0mDJe{>`&$O~~<{hV$ZX9$|90!--{x2k#6Wo(-$&B1fVBd~ciL=D~A3vX*29z5H{IDzt>?u_+iVB@Bga~17>p=C77rVi34R<$M$9ih< z)eVW#JN?ra5>>TGL`fbSfdT3_Ns-5+*51lAM-+RX?{EQ;??~1jkeEV&%lb;&3F@0A z*p-UYk$$c!RW2VnJ72s|Rng@*Uh#>1nt)~9dkA*ohRC~S!I^RX(?(5AUib`?Ok)*WQ*`O<$6|0+i zlsC7Oor0Y!Kt{VH)c^?N|NO9iB*9M!;7~E(n-c+$ z4K9EL#K451?&$^MkNkB)Du+7*nJ*Cx$gZYwj#%u_)Z-%etZ^tOMv^ATM)bB4P|b<9 z1l1aHk?{}u2*_f>M&;br+Yx8UG&5}4=YL{KKW{nqv9>n7p++ivH7r zFs&rgM&gEqU>Ee8(f7(`)=;i;h4BF(`_kK#teoS}Q?Wj0n}K2BwQ-JBVztCOa-zUO zFrPav>g_8%9$zFYRw+V4sQ4CDfQHj{Cf(|o;(u4@r4psw!m=VZvMGxi+4u0PgxT;y z{ww2$CGU#Zwxo%qIe2V(Yn8E&WBc~e*X^)bG#t&J&bR`$I-e=P0*iB}{FaHEOnqr1(OcZRj zTzH?J*W$X|e!HCTBnHS&+ba|;39UfjjVZ&Se}M?Y{}=F3k)=N`wp>Aiu#hmrIME=n zJ^_FclNIhHbkaFRu@M-Gec>rYy8ZT`T0BDlXI<9)QHG%MBxf+UXHz)bvh{}(z<&N^ zl%N9GWRyF12tEv}UV&ljwMj-QIMi`x-lSfbNjQeCL2Q8-8IR--PPK8PAjw;6^IQl2 zZ9$*9XnOODntg%of*`7q%uJKun=rVo_2;KeTGkxQE)QVUS!2j|;2$5HXIy#3?-zVi zEknkU9DL%SeKQ{x9NN+^tnM!H^OVvtLjB@`)|3l`oBWNZ{LB^!%MQLgmXyEcmU_?a zfnaqF*>4O&Q5ZZ>#T}Qr676RSVbs6YCv(m&(SV18<}h4fnHbzSv?6h#Kiv?Me;Guw0{TV6^dmx_G>R%!B-ATt36p{*&|+y zT%YN={0_OHv?ySrLOuabN7~jj#4KNwe$$yi*s6Q@m)k^_KE|)7T2A@8Kqg&%{9?o3 zIJ4`lWra&$&^_=&j|4uIa{Wf0#y17Q@FJ8oY1PNg)Ln59x!>k~x^R~A2==#hgKLlB z@bc8b(N(^}|(yRB}i?s20GB4^EP-B~PoE95eZxwG|5eq91?G`MS*==&L}*x5QXvODG{b3>qwi0We1oe5n>we>;a z+;@qW{xfbdHL#%A+A_=knYaw*4vw;6q^vDWtu#5%GOd;_HtB=^$%DRKm7L z-hyQyrVHx&rT<|(P!|9}9PT|y5Ta;OFRvd}8e9^ZmY@3>jL;Ii7qy#=qnn}`{IRSU z1@ql{Pv8Mj)f^~NfE#OoM}d(%GD@`^#^kg^`l`@EQW?YE3Z#T9x6@{bp8;_Br8->; zEuxmelau6;IJP6nAVT<}^t0Ov0_p1;i&q&(%rz9W@B|>QxodvKyIF<%VCOKH(CeTl zTHouIZEadqlD1rZBa{9$tDG5Pbg!8L$EWzr2>@!A=~x37dW!K-ltRJ~#3wrI62Dqj z(^Z8ljTWF@M8-C@B;voy#*w+8Gpaegf{0hZIPJC*BvsFL0pUqhh(AbEubLp$e(y%8 z^R}AICg!N~Go5KR|AArs-ys@n<_@N7b*7o_G$Yhl1_h9tm}T+Sx{w(!{R;#|u|hz6 za)3}4yR{L$G5%5c@~dcLne1M@wSgYPcI8(+1^wDSkSHDrn*+ET($!VE3QmDJl=Xm} zJc#oanRuGKnZr3ifR6eX^&id~Skah2?2;cIR8R25cm!Nu6=JsHLq%OF_zkWBvGJx5 zvHq?HxxqNQjTt(ke^n%~qb4>?ps$Ls33#b7YMWQWruul|@Ml{LYQ#*pyE`6zYm}uz z1g{Kw(!zU}zh_9wvIv=e5Ll^XEBcOFjz(1Jv(w=~n+Zss(Y{FvU)70XnpKHGXlE~| ztda(YczqgmMen%3&>ZtDPL%~@T=G^X9o)YZz{Za7nr8!R^^MbYc7R`}%5F%;Q`6 zKA3Du%|SZ@=vjkt(rDObv2IC!+Jc~imFv6?VL1M@8|b>#{Y{%S*ABmg&9qskA6814b*zDu_#+u-f=S=hW$ZXGLW4S7(03-}MQCO1 z>fg0sfZ?L~^$Y71blVEL53L%=x10$AN?a#$6O6M%*rlwI?Y0JO;X8^G^HA){1^hgv z|3ogVVHY~^Ksaza3sBnr=no4!SKD%TBbE=XH?sZO8W#{*HGg2Z(O`&S;U5(s3eX=& z$>p|FqXkRG^HHqdr0+{-I{_=U5!&C;i(`lvk>AAa5g>+N0q_=i7$)UX`^Wnk$LH3# zSg+A}wXHv6_ibP=ZSfp}&l?tC#IlN)xv@-O;n9#8$?0@_NMCKcM`#j!QhL2r@a()a zOO#pNj0uxv7dL2HIPB6J)W#U(Htx?OaG8KNNtLA$`M6q7BaR4oRn$m2a$`_D13-2D zi+zyg4r_E^gE=J3*%t6AcsHh{P~8EZC(yTrmLwxns6R6$3_ zVIz0qa^eaL-b=|S8ov>kDG4b`Kh9*NVW_PZ%_w%O)l6G9Fa_WkPCX@*MgE#2sKauo zIkXdW5o&gQw9F@^WnF5R5k=^V4au7rc>Cqprf|y%?R(D`7uG_eN-hVv#;7{41K?S# z1VKD!SAjjF+_7|&sl1<>6OKY{D+sE)OY#hl!*fYS`zO%z%t#y|6nW@E(uSjZkPmmF z#{<_T500~W?tI3MtBJM~lS^@0M8f{Svngk?qDK~dEh2Gds6sPI01oa;AD|-3zG}Cs z{d6IE3OUn6qv{Xd=R{AlS)8b-*#B!~G5Uph2vomsuH|xt|pdqzoC(UnM2{8N7&ekQfm=@e1t{m7y!aA*a6n zHoN%))yR_9+aA5chS0bV3?5eXc~~}3R=7WI+IA_htZ-YHtovK6**V|Ne1K+oK3I|A{8jpVB z*s$!4$sdg~Vxtw~ZeoM?%HGtjEN{Va3MEV9y#(!}`FE*G@Sn-1m|?9x^_hH*o(|VW z>)+ogJTZWfEgXcth@~F5rhjh1djRO-nF);nI5FoGPoSh4J9Pf4F^2gL4-v^3s}Pjf zx~J7$9f+9z-x}^)Si=>mI{`4$9te34mKl1HHmjVxwRB<1>IaamWe5G(vGR4a8(t)m(BHd+4E;~bPrnT+P=VB&QKDD7H+hT-b zOS4a)b9%TaYgA9x8+6=rR^08V<-`$#U5CqbT+^ZUQ);VOtr6#72d9x;-|t10m5bVXKIMRm{JSb5J2-gWZC!+tlH?` zRWvsD{!&z*ISk3J!pygku;;VqV4``LLJE{#J!;^vc_0re{J`Km6YL4%Q$y|^uZ-yI zN0k%$wLbFA9}^{PaJ{IN3K&h_q|q`^=Yq=aDQn0IpnZT4oo@walU6XQuGBrnv7@ACTwLI8r#`+@#miB@c4tjx#q#Uciu#XmMC@i za@ijV)Y1wvKbdta+fag!Y*%s?MyLsSR|8=D$sjY7Vp&=crva_l?w|Fil-kK1)s%DD zWQPrGnOi*;^psL0716{Tzfd7LPM_P3%CoUZ!D;86`U(-!oHf!BJjV z#gblQSh61h)K=VuUo{65VLw==4bYHbDYYVGk3OWJG>0WgHM3R_C5vxG2A0_P9;z8P z5+A_QOgTyPzoHDuhL=PM1q$b_;_q<#V;@u8Il(1l>KX-xx*Uk|asV>$ae=le=QR~{ zmxXW^4a`pmK5-i6U~QoB$*(2}CK}@esXzL8#-Qk}O?RJKE!T|pBSnE*;Z9NU*`19* ztEHP*TPI;5-Q9+wy|pmB9QEmT(P=Qj^Q~kbP&`rh5F*m34^bB=Wc@LekN0zZ09d6s zqEX!-s7G7qu*de#7C<3Thg2%wE+!J|{X>l44j{)q&A?65Z=rQA%q)Dw1W68)spq;y zk}r~(=roQ6H83mZr!MMHHlAtRKMpWW@YftSe2dlCtz9gNk_b>*#X!R0Inah`cZ>%M9HZ2gBPPRU@(3o=f4&@7 z5dvC-(iH+?U3Z7e+39)^4yO{KIrkn!37Lxy$VW<1R9-m@h-B=`PgCa?IQZnUCim z;5xN3>%l@h?J|D+)x(mkD;>%xo^ia(4K_aF3&RUQ^eKil5LGdYgj&tlnAMom{m7>9 zQc<-K=pg~oex5!MgxAof?G>?~+``38zfyNQ5=g&g&2mfKKaeQm^IWlClPF?< z?g?ao2iI#{dVPH&!$BF*Vj){ShGyBQFehhk#tE2QyO=Sv@xAlVE+m{p;4(KkY}6Z= zZxzUxuYT@j(oU<%qBaa=G&FfWZ0#U>xsesOOLP-J6kdouVled4b{bYWeE664d%HFL z>WwzJw+JTkRcz<%Kr*Dn=`&cw#n1(bgdZm5K}=)c5wvo$rC6tuX1Fo6lQaW1$^zkQ(Z?;n$M=u0rni*l@ks8Fk^?c(SGd^X zdZcSrMDWo(ySV^P*)RrnAOL{*%um>%$)w;7W!p0$h*HsV@`vfV?-UIwxR8@~;RzVwV=+%I`9nuASL{20?&Q`c*OJQ{sPPKtlcN)yiLE7K_uowxuu z?|T=)iLY@BK5{!4*gJ)=-(4G@XC=d6AonM}^plp{D0|f}CBL-N?>dg41Bv&e?HCqi zd%i1xB}d7!7gHsBUZd3d%9}lOaLiqPYjS*L2$4Mq~}TF|8_5>S7UDR|h>&Zzf3 zf>?XbDd$L9WCP&xtU#ZckD2^k z`75T(dqPUFOH}wApAw}(LSct5K`%FbBMLRvufr|xapsm$dc)?}YbqQIF`ou2hNkZ2 zv4(6PP3$J?yJE&r@eYTQd$91^Yz+==e=t~iNLh__9#&Z10TH8A_082yDF?IZ>}HcM zkC|HC;st58?EB?(r*r&rCjedM=R*QE$%Iy-*O8ikPB4g9ZuHq5U6b31-e+jF3I$}z zhCQpqsgsRNd3W-jdGQl?`G`LD4cz*Z95QBGax?;0Ixh}=BX<>N)nT#_QTSsa!Q?4H zK&W9Yoy&8f1z;k4G6HvJsrxMb2S6mOl}y2IT+Icz+*@vn6Iqc2hHpoI9MLU+;>|8jLbop0yPp}i`Oj}mPql8M_y45is#AuZg(q|-C75&oALuHgTBA8 z(Ai4N-#gv{vb@wnif@{`F~iL;1oiT7|1xYc+0RUtLrZh#>=~C9iN4{Zk3(ElZ%$K@ z45JOxE_ZNru5-FKQwR=gk?q;37}G_Ujtl*;)Bj#qW$kC->SPC?C6 zKMVkE=_skZUEMmH0*PSTjl8By=|LUwSER(rQ$!+wNti_4#cM!xmJc^z{|FctH;>7R zKk-k)?z8;~tpc&Bai(^XX&_Xm;g98j*4nz8E@jC{K3Qng`xD(65_r^a(_orB*>zY#u++YXxMa@ znz07V8b}u!2j;|SPhXy=Cv+zR_CM3%{Vtz9beP|Ot z^lxu$1UWtG`LQ+Z++pT~n=MM*@(57Xp~Qhd`z|p!KdrBAQ%DQ(&WN6!87f9}6Au+@ zpGA8`J2VH}$n^7s3*cF7T#M`xtD&HOlcj$(b@{y&$EC@T>ac$HV}_9|K?NC-^u}*g z3+k^Q?^J@+3>p^6R2CW(YBN;jYN1=63z&q!{yhePDs68bpNf2DbC*SG&Ov!=mP zkI5FKP6>yn?Lj4kVLEYUya@RXJFF7;Hp1{c*D6S>V)ai3gQpn4bv9&|Me7&ce5 zGkQ1n&>!tNML<9{!Wx^(Y)W+P%%K^Mw#D zCMlJzxp=2<(!yHP2p;!;pI=*5(!hZ-En+N-SU`^z*nj_Pc?^c2}bm{w&F zi{~QEBK+#>`pTvY?2->sEIJL&A|5gK^|Q-4Tm)Y&P>5~L^WjJOYdjvfp%(zc9?EOJ z95PHDrP-yWlFpp+>LlGhV!poJd?Jy%cGzih8<6(5FCCJS^IAIgfpDk4M&bKU+f?{b zNp#iy{Rx_nTq!I5FjVIHr#qtFe2pCRB4wt-BrLkRDlJ#Ei#w!y2L?R?^q_^rq#&v) zdYTE;xa-`w*LMX0ifslxwE^@!$x)^*@zXno@en%}r&_T!E~#v)X&-u-9->8kS<>vc z7%>7p9f&t%cWIulf-UM_E9gPn{|Tvqj?v745}mU*4*@aRt@0dU9ZZ*;V9W-!b<;#* z2fb}27j3y&-*kALjwEkVX@mV!!V*MC2DbGUA2uuwRR&W zL88DqP~Gdm8U)ipkhMR#CCz8gJcuASRZp3A1#K88ZJ$}au8ss#tkxEqsB(C)=y}3d zT7<|h)vTc2R&u{Wtij=Ww%)_jAQ|hE>h~(KMlm7Fm6CQ>yxfp*NZG#@2{QD#5;(Z)4|Zf1rrYi zYs<5wW~MHvP1SaFwLwu`yvOo_g++)Y5TN}V!ZVq#Yuy;4KdarZH@SH8J5+QL#Kych zNSNmv-5g=svK1vD?j9kIbPP64E@;c-pU#oF!|i=*M{oW98hyAR>F9F;dr8=oSe)Ma zB_V;tI}A-o zp81*G3I(#zgsqtSL}W|ANHA``vyb6CnSrtPV&f7X_;i0m3!8DoROx9izF`tb3l#~A z>(w{1_xM0>?SjIfJJ>+{)`>ulAh4BsM{>39@xwaiTv1h9NTM;(gYWPaUQIQ+sJDO=*E4eAr&@1ibzJ0%T*RB+9!VZL>{DMb2F2KW?Ee4K$`2ym$7v2T z^-nT`QXpJVdl#5mo2id*ZrojL8mGd`>+br9a32jaZ^oQQ;^;?8)uOS|amh@gVM=<)`)NSCZ z-WfFCuI{wJ379ZxOB)=JW%r=Ey&)*iY2MF{vr$r{tSndDZuA)s-v8_2RA=R;8~`u7 z_EuSUecrP#bB^$xHg#ZVs&lGja_Tle|3{K7zMy2ns8QOnIfHc9<$#R)Iex{n;V~FA z@U-O8!%t+*=agvR%w`JGSFv8Tm`)B{RSunIQ_L-jdLw+VBV!2=;S4*4lb}DEf9yqShMX4XlK%In67Ra#N28jbYgzP=!LZF=5rw*TU zPP5##><4>2{w342v9+)3g#QaG0PsmR4nP|a4$!p{9(_}MfRq%oT}Hba!g6f1j3^mo zeX#LPr5o>Eg}d|iYqjRkT|8(yEN2<37p4Izvn0rsw)nJhmG0q4D?S4)X6N?+up>+> zS~IS^BY|v#CA6Mcvfs__+5A9|N!_KBW)+pA5!-2I(_p!Gsbh-p$6!T^XdF>F-@<0* zx?Oq5!>B$TN*fn_s&Q)hQDb-JYdN6oPOdqK70xE*Aa~V}bgKTct;MxwD`zlw3v;$| zdIc1_(gK@5)&`>o`*@J1mpxL#Mh&3z_#WJL&`CUGeqK!eZtiV8dyE&D!F>S(H=>Ta zbrjuRjOGz%DI6=Rw5YInf;IOk6r9E4=0LsjT+{k;akxcf2TFnxqUp-HoSi-s=ZpT$ z+UQx?mZ|o{;>Kpz*VHD{gXOx8SPpx7Dxz>K=Dbk+G&HZdk}(hE(jgIpNKMqJTj+c+ z??0JO5Z zf!Frx5gqe$IHOACUp^zN1Rp-v(4{J?mo=o=K4~c7 z75sg6APZP$%1L;$WLps)U6W2*X9~blb@&JNFrrg^XWot&mOKE_0s+#&K#U655u32T zA29G*0+m6t&LUuqO_Cy@3>ASAu11iP3$QE9pN>aZ2R-N+PjkpG?epV$#uNPP)?3$> z5XwJmEu!%?`T9VZwbC&w+|IZB9RfGea9`a5018L6Gj=&VE87YXs3z485`fB4L-Ib{ z;Z}38rujq(7)Wlsy6e|@H~k@XaFt&m;g#Cu+n~AHGseeqH+83?f`|hrm`(D~en&cU zI8RcOmObQjhGdM!+|oh1!on))DJH{zSI_NyTp*xE3btnmkW?qua9^=Vqmo{T=sgF| z?pfbBo_IztW$E;IrQm;IP7iM0q$>nS$OZ@_;0!n^T{JnIUkSld=H>r=p}f&99G60X zxMM8@<=94}oTfZ2eGGk|d+KbW5~@xa|M1?%K}zgeiQ>-E=Akt}QKOizBE7P8ED=eV z1^Jykax)ML^~gWqI~Hc({yS7_I4XfnxfK5_X%xG9iQQt*?ER>EnzulJj=DB#va?i^ zb6mm^lXU^KvKE$QmJOy`eoIo}`q^Q#@@BTZ~N z3)rn3^S_uu%Q;!hhAxvvms`SaIp!%Y2{xdq5z<%bxyF{>r%Q=t)#kwJR!(+cfeX&5 z^ByPRu63Jy|B#8)+G*Lh6ZO$MK_zMdmGKO9s=?uI?^GMC71_rBtVnFCDd0Su0;_9| z_dov8C>t`dM+RL*V+XpUb~e2uV7+i--bB=c>t{^G@`k`mwcEkNE!0O+GVQ4WP`^zTXN0*`7#-9BF>8=QRTV`1U zi>;`sQO7Q-xm{$!rr0sRHebr^rD!5cu7e`Y2HP}6$rtiW>?1_zu?zu3tl!T zedoRTyvdBS?|m(FgmXAD+55u;4Jj}$p*&m!J+^}Bk^z| z5u7bNbW3^z-PF;AB+>P-l}|&R8OsO@w0tWZNvvP1ge^~= z8K;HEY`I~kwXt(zhH#ntn8o109>2l8Z{0Gk42>+siJ1iL?)c^;?NC-Z!WR@nQQR+a zK2{qPeg>JVe4R`@tZqhm?MI}N4R$px-Bxp^`3~S#P*QMz8;uPJJ&_ z_t<{?m-CYK?X(o8>ZtN$vS4X+#tVmIb5Q^+e`X7=eEOFAQF8cGslS0|jhsztjt0b7 z1gkkR8?2utyG&J14SIV!WO`-m3zdwKbj^R!LHYuDph9rFWUj(vkiIn8`Dj?IW}Zv- zL04FC2_t2sj=&_b$<@dAd+ge@I>@({9Z%!Q#+|n`KS0i`nc~W_LI*0ZDtT7}x!p;>b}oLDKjT{|%1BSnG{X|czKU7*(#dRH z7N4FCw1+ph@_9gTi!$h*n$)xbDS2V=1vD+{qNHpVzx~bY_$zU)#!62*gT{@=*U8(z zxoiX-3n6@ujD2FpLjMDh?ZHHAdd@K~0h^L?^y5E%(w-7*5fK@BScjVPoa_wNY& zfX^GstaO+q2_*+*mEN$qtT0lEtxn3>xlEbYa7!=CwVfA__BntpGPiE}MFMv-rDqq? zv)v5m_$<$Dz~LHif?k$=_2=me5hYD5G(f;> zvO6EUJ(*-@Z=*Ezn+80&P!4h=ld|PIo8bSx(rt{C`u_w3p!dy^XfbEKx+>!@bNjA4 zTW!zF4Is;Y-y$n8HVTcI+`Pi;d5BjI z!Ava$dU_k1R`MwuK*1rV87pOBV~AQg`mp%u>CZ{|ZMlLPD%L?{t@H8|7eKv%p$C;l zw#(TjMD?4bc7;z(ldXI#_yh{|p8mja9{e(-W(3%Pmc>1>x9;&j);?4z&e$Kkp9TkG6*s8XI1Tsd!XQNNr09-a`5$Y)SNSMQWr z!WygmW{WJ~ER{)zabQDgx(?#Qy`H}4+wLXF@s>Xcb7Pug98y;beuaccGWQFDUj{qg z_fK>CR#T*XNcng@6Joe;t?%f?K zj)n8|YTok$!;~X84bPVcg6NhUoqbBo`~sEy%2(uCMS}Wsv##&$3hb1+BTANjzhk$h zTD9r{Bwjs-uaUmhVB-m+!9I5#nj)ceL$$yJmOv$s)Jd#&(dP3DmGVJ`RtF9~y&j8U z$^oU+IvM^TQm3a%Hy|nSYsMrBVPyIv0nhQM@m{RP&X&M0IizvqoAom0S z3KM}!U|lU#*2(jKMszrt=9O>!L;?9SqbNz1C84A>B>$9*HjYd5;f2Y$F+#Kul?xo< zmf`9*yzVZ5XeE^aulhx6gse)Qps{BJt{EQ|Jus*^)Eah)i#+FD(5$sX9=UY&)y@1- z9DQ{lRKL)>+f=5Ypys3VaW_ov%B}eSn-sXKR?e9+|6U}|G)(n%9I8wiD8bI__3kJ!3D$oVqRG_?xx4lJlu?KX%9X7>quA{( zSK<_hFZb=#WK>YL8QLHhTio?KlEX{r(7z9Bq$pvhHU2gk{#*Pm@;p_^DlgepB< zM@D(?A5iZz^}x0zkFnbf{OD56t_FxZ9hHSvAfc=lnyvId>5@Nd#d%-VUeXdsL*;nc z#j>ahlbH#W>pJMD;%ZSqYmjMr0bgwkFA!z+cH7&&pdUS~p4Y|CBL3041+ccMBV3zCf$o6E3`c9l-z+I%1GRcr;UO5! z(RtDMFf5A)`)u#Jy26F0Kn>>*ud#)#?yyb=VkYSGQ8;{$l%2GiQ6G(mt(>LK$EA{gMx`lMdAsVQ51`G|~y&$TShY38T zxI02lRM^R-#_&G-CU%!KUd(!WL>El^QzBlW^2U2!wjNQR&QqUUb8#fVv>6#e+zzSHkm$aeJPGSKuHHpY z!E7xlYy%&{0N*xjblu-s~ta+1&^a3kT z=24}jKvmvhihNpE-)F>b!h66zE;q&4)hW@r{AOowq=_d?(>%%%cFzQ?)Z*OJ9W4&a zrOv((@5-N}I;m&_;Rhz-n}r7cxE=UgdkzT{c+5V!^UYquUN$&$BjH<0wJGLrKz+9< ztBRYGQR{8C=FB$l;tl->x=QP5Ggg3gZG`|n%=gx&q}>E)^V*_V;@~d(IBF?RPQ&mb zcYBztcIpZGeg39$H=@7ThtRE)me|_lQKkL|0_`#4^eWSG zCAsfBQXx8e8962r-h_6N8_v)o#{B?z%yqAiIvb>=%2z%gSp+GvoP2uJ6}w#Mr$ERV zP5EopEv4dM)KCn7-=4_S0W3ULu8H(f14~|XD9mbWP-9AGR4e|yAG*$(|26q6_WlNb zD7(z#9sM5SXQ$#;0Ab$E2)c7D8M(ok$YS3o1j+bS0X&Sp6JCWo`}Jtn)4LB3)bb_Z zH4RaIy%Ab*d&bK6!a@VD_|x}7(a^^cBMcaVbbx`qtq9uhx0pSe2ewgl2n1Jr>;LgN zAORhnB<~DT5aSxIAk54JUpm{$5Zs4wufE?ez&l!vN%9*^W9Tiylb(K@mtZqsgLJdP z&Z~u(e#NW!p(n-N3i^pcbLbo$K}mLwHdOld^3FN&8{v=xk!!tfS-)y6^FA1*TBQ3e z07K`c7zO^~D?veATbyI!QgKjdpcu=L5X5bO({s-}hhH6KaGJE?Flb@v?Jpn3bwzl0 zBTznVWSS*N2E>vhvq6Sxg1vvF-`^m-`AQBa(CVy}$}VgAQSLi|wYXVp4M)OUpn58L zHAT+`JSv}ntFT@X^ES~L`vwT+L?=EEXIjp}CZELCYIdgt9=adB;8hAmRp14L5)LoY zP8L(lK6@zC2qNWZ_OV50BfRat@ZOi3EqLs}7#mK1Si~Hi#qtGZwBDiKvLD(_MN|3t zzMn3f+f)j2zc<@yw%0gH#=Iz9e`ES&=#Qx=j&ETPNqM>4n>^ijr$mevb(ZJ z;9N=IoiqZs1*nnu0|rG7jrr2Wt&qiv^2(UzqzW<@_~ljb@3<2^VXq`Klmb-P-%U54 zTI+PcxDrZqal09irjS{qc|iB?S!iEcLHO+r@kt*fOkF04#IY^y{iwxegV-GTN-^sV znzHi!DC}7x*5bY}CeOgM;)MS>`oHswBi&PDy&s+HbqMBhS#T@+_O&p~G-qk0{eksj zd_@gJrfl!$%x+6=<U;~5)IpR*rr zwq{cfCN>ax%cft;Q$~eWK+qd~ltQy@@X&~?>~AiS@g^#IOP$_iH*2?!X6}r`TNcNl z&PY%N`{c}Awm$}SWfF-9J~SVeml{5Nlqf(c9%b-*67P~pd8N```6$)bpSuG1+v%|v z%rl#X!*uQks3YU}rVn*h3VZ4~-{a!O?ee7T2<2LpS8jeC1`90+bA^qBYgwIX_hQ2Q z^FrT88Za=}R~;|*{C000000EcUqf8g|PnGEu&TNFpet7)k^3~9gf zwybey?EV94RNW0^(7dwE7zP=!2SvT%8OXd=8=nUVznA@Qp0*W4$m&A}0)_&h3nq=& z(x2YkucKsv2cJb6o$FpWw>_KyjGc*k3Ar63@=0JI19ibTc;IXTx_xvSY5zZpR(eZ+ zP|N)`7ytTecZwgGNy3+v1tRF9geR6q!lxF4t|D^uup>I=gbTUpiln5|vVEH&gMO4gr{Zu@}*dp9)#L_P8v9p;>oc0Z6+oJwdyO;OW z0Gi+qnE;>M1nOdfS!=%riW~-pldcC7r_stoL^Q|mLgziNZAQeb?+Q4guZ-Ba+7es? z$?KFW_N0kX+xCxq_BtHw0spkkHF38&UZkWt zu(|&?i2EWUR=;}!>(1WFVNcZwK87cN`5~~8HE?4R6*j8d`=>Q?lOS8d#HTSBrH~v* z6I=iQ00000-?mYyRtZO+_dF-H7vDjuH6H_8Hi@~OLnf*b&KR$dFi+^Ez3DmgZr4Hf z!O@W4EdP*0D2FKj^^#2+GKQFb!ho?Ze3KT1^f;dl^h&hf84EfECY!tbsW(ixP1x_2 zmr_T&KfE^iQ%0NQyG|)ugOQWW<5H)nvx=>trR_gQXoY4RK*OlrJ#btEH3KLNB?fpY z7DVx?O^oD5nfVGe1v*fR%sFxQLeI6MD)FGKBf6D(K6v<^p)ti|3iTY^J&AKl0%;E= z>Z;K@sDM_X#EFXWY$hL^e+d0WRKC{Q9=~pO#(UWqbHb(^>F6-?9rJm^Uy7vKCUUVy z+b)xQl!Bt$_4)2AS{yvut)mk9Mw46=WXY0z&QFr-oG?bgT?o#$iY zx}~;qsOkW*#nuFy=u6RfkS#rJ_}|p0l(Y8(t%@K?!3)KaT%r_HUG2O?pRa~s<%1jE z7K9qwXWm&UEC`EI^1u*-nhUw=5uY7IN7Grk=V!RxX;kFFkEq^8WBwL4rG4~Qod5if z_;~z;uHhU;maVM;Q7zP5q5ED09`sxxz@}!}DTtInO0D#B0NF(&HCn7>H+HYnVgiW$Qeu*1wB(Z z8*SJ0LlV?1P(oa@G5*c)X7i@NeAP$QU2DZIF#EBdWKYyab`s{t%&2OKC~RcbElYG| zSH_%TLRY&|6=7yF#`QQ!hM!n8r$`xtjpcg$%YE2@7Jn19 zHH63SH^f0n`XWtcgTT|l#dZ+$_b`pn_DHD6`v=t?|gc!DVwx16AtA!vt%_ zN6vUeXEvCLI|B7PB2}<7Fi-LTt?LI%*JdAHme(mczBXy*31eeSp{TDdFH21@037cb zAA1%v}O$0s$NZm-z`IuWlmz) z!=?1vFkLvt>{2L!cJ7~@470_PCdqvljJQWcJ0m9;LErkO0* zWgKxL^Yhc)8W<-9AHM^(W}($|Mfc=o5iQXMvo;Ocg4-!$>L`VJhNy zzo^b(7z=JJGLnub`r_-uJ-odANidyG+fh9gS(8h(U0t^{eUEvC8#~l1=vMrYYRdYl z*Z@SdeObbs6L*^QkXd&ewS`LYgM9@n56zw5+!)APyWs11VLKr_sH#JpZzq$nVwLEn zE$<_1L-Hs(p?){aqDU$7uhj1llYD*%_3uY#TxANA-|NUF?i?{S!un;i z>#%Q0+gk}gMJ17_wN5wVTp*?`))=&oMQJX8CHB!)4u&Uim|w^;%Bv}5WEu6LO*e1L zY~}y}0Mxijpa1{>0001ktg{UdL<3iV0E%D=`8$k~q5dxJQS{G@ng=ecJV-(pWLnc- zs~$erL)?{Y#-!QXk!`b(L)7knoIT12)WNKW_D^RBAC9d3ry&HhZXrs6>qgi=Wcw$f zYwo45(BuDht@xYbSBm6n9YgDi{}RO?%eHMaSUnGt?-PHl62!fx$*zWyK2GABRE1SM zx9X|&*+V7o<}XRCK%R;O#NSZIm)9{|%qFU$d>~8}EWdw1FQ%mSY6OkIaQ!Bu zTSYIvYFox|v}+EV6A5JX)8FQpF&>!mufpF>h{P1zzBBS5{>-kjZonAF!z~fXrY|3h~B9Cvj(_4EUm#vwtyngMVEA0!lQhlQu9R}(A zCF6V`73P^(P9A>89DTWs?Af(R?aZ_zoSefDMWT&VaS&LE7mZK=h-L z0>W>d%&M3YF;OS1krweR%>q(G3F5w4hk@jRYgBK6(m7 z^v&sWtV0QtcYa7Qn);j3Tglvd2CCN^ch2$%&a3!$fgVdIaY>Zr+!8yIj1Bzwx;Q&z z8OLbneTO3nG$0bZP5_?BCU8^qrZ6 z1?fL^`_yA^mbrp)y%fIrsc#v(MsAzHuqLSEipS8kig!f_%|@m|td|F`K>a49n*|a) zE|eXnv-QENu2q2WFHc&*To}Jbxx+C`*TE1utj$%iQ8%DE$dd>z`AGbdDDw^0$k=O7 z{yu(&h&s%sr&Nvg?YaC&6F)G^Bgh=>6tUWdK}u?XuP7LhQeF*CLq@(K)zjT|m+T(B zs=+~Vm2(c{WB{(Paelz_rN>#}z-f8xW^VQw(ol@cw(q@V0@8PxLk1g4#bawWS2HjB z!S(q7uvd|`!7C0_*&Lf0lyExoi@b&6s8DfRC{I^h!l{8FB{}HprPJ^_vM?(G0z4Nq zvNf)^c>n+a000&gOH3pP0Wp&=)GUEKU7OS(_}$1JW6yg_$E{o``1)mNdAC^Gnp(h= zu{xN6j=W*3`NX3QE0iAXTh92l&|<(iEa0BD593*q!u4~+Ap4?%G~y4B{OJj7{nHxA z5-?bnEj=|65ffHD?AGswxaEsZoIx?vC>}MLOc1*yLmuX;%rZMGBV!^tI~?|bOpl^es)>k~VzyXr@u8Fei+LW#*{orhE$ZQ@Sh@kb%IqtjFm^wHWm}W!rZ4aI! z{W)qrN$OAa%oi@DZ~j1sA;`HzD0k2^#0k^tAcGS~Txo%yR;1Wr0M3%l?_NJc4*biY zHFGl@vOAQ8B~&lo)LMg1jo8&G1uiBtw`LYq&*+nzUz?*V8(dE`~lX5_|nZWn*C z3G{cYw_@Z+MEGI*6UF^TbY*ig@Njd~XG?e=G39i`ToN|xL4Gf2My1S-8-Qj=v7E3G znz+qF3l2#ckEeBj{CB^|V6>TC@MqbL1*QC|G;Zi@w9?CL zwJ=KhOZ*N%QVZgdsqhq;j>qdek%UiV*~MtnYvk}2{c8K+C%&{;!OE#?YfmYjr+eSu ztb8+>%#_NTr_>MymiU>Zgg-5Bp7%*3JPH*PU?}xjl*y)AF(KufVK0?$H-1=Es8+CD zkkHQhd!p+Z%K0ONB~7ZSdk?3Fo7UL<2|A?U*&CW|GR4HMO=DBzbzAMWDMt>Q8l0jI zF7(lZcIg!HB{eCV%b$Ak)mElXyzwbyuN zFf1>B*&#DVf$8K)(Z|i;WL}`Sz6c!MBme*a0000RG*2i1%U~NR0F^(Hu(W}SFGb|E z_L*=@BD4BxqrtM4O~~51d@&i_AZY}H(*~9#Hx{V5w66&{zzM9%!Xv#IpHB}gqJi;0 zy3ZK$jc_Xa4FVR2^!yi5lIDo;a>g-Z+|N;8KUGbm6glVtBHuM~x(p;E*7TK{;{W;+ z(_n=dT`S76RPX}p);F0Z1CEbTit}KOdEAFuBH`u=Cs~^E6s1aL75I4Gk9Fz#3p!}Y zVwi_C)2yXStmSutK`Qleg$3h3xBq(8$_DW^PYYtUqeyvAd`|p#&(MCd z?dVNLm8Du-f5=n^(YO+lQ`N(oPOeO)<_bo|?JU1WHTrjVkQGkao^kb0!w00g(_&Z; zk$df+%E$c5u%>ZkG26ra{6?T(NOTs7>aySE7&+t1bKVy2V>A&uUoF9;p2iC)VF!K>o;kjVqsJl{ zdI(e~KKB1><#F2!sE*#Xk`B9n3-8)SY45ayd^aVP)lPRj9u=Por|;o1*_oY9k-BO= zfT++;ezWaQu8=!%I$I?mKWO$?c4F@g@a+BaXIt2b(~Zdye@f`Q;hZ@@WK?asH)?mB zd&bW|M2f&C0hyr8Uzqq!i{fc)tG7eBmYQF43U)u;i~b+XPnmWis$fLJ4n6EwA;%DA z>G0kl28;QhiNhswrts1A6@-)M7n`t@_kN~Y)WC<;YLHC89@cPrghVRkQE0lf-nG#m z{mc*O5tqBf6``Ri(jWPIS}0k)GOxm6t((}vPpUH?peD;J#lR^QB>7zB4J`=I*FBu0 z$aIXtJ~}H4yG(Gaj6a6b?QsF0*R1S^^bbxDdGN^kCD`Ue@nDE0fnh+-TIWCj00000 z2$K64XO^D9G)~(Er~;6iIIP+eDYrxqZiv}di*KamSo=&?ZNG4KA=N>2OpJdj|Fej$ zf>qsHoSX7FYxDNm1(pnvAZ1h2zH+Qc*SmEcScB{}NmmWy7KO8g5ajTflM#Vbc~?xq zTJyY;TW2`{$L@WrQoGHkZ=nt zcz@?wtg9yFJ47B_0i(vX-ejxncvp{Db%smexEtdX`2q#HU^eifPcH7B= z1VcBwAbQXM*qAkt8c`_#fP^AZa(P36qDy2?Q?7S4n3lE~=E|7#J90Q6h zxB5h(fBe2ARHGn7rO;p2bn3rP8oAEoM|$3Z+gjmO802h(dmac=l%t-g(C;1J#gsKc zzWlqHW4W_22=0YMh9&ZNmY40_qq3ikBai(h=&v0Q0~iJA5GSK6(u1q%ujd?PK^!ox zb=^j=>9H`DPhH0fXSP^YKXi#9Hx`t+oI8%CY^ha+bN5jc!Ul)0^}#Mkt24x6`!@e{ ztYYCK`a;HW@CbS8?cxvB5qGCy7)D+92Au^TmU?A5bfYCEQD0NPhY@JnjZOC3@4Nhd z4?ZP2eOQy}+|Zq`yLfb{6pwj0eU(`IsbN;FzwryNm-Rj3oTE*Tt84H_(IZ8Y*^3jw z!1`4GZ7Cq7%L2=Wiv?CbJ-+%mV@;{{>TNF52gR+H+O4_!5!ZoC0vKD>8kJO=Q{c8A z8m!}nWric(*qg0?A977ho5heC^?JcyN+tgIYB!u;E9t>9b;CiqSYXg%s&pl||X7_hi zKLsxtxDFdzM?A!+=j}=hDbD}MZH~ENbPo51&b8{66)1}JKy|BSMGD;VuD})%BzEeJ zB3MPqg=_&%<_)`_t)k4CFQ0<2r+FuWhb?EPh*muhUSQ@;$iO%N0000SU4SqE8cB~# z2sJkD)UMH>0Gk7lbUl1xNAzT?TKb2#*;I_s3}{T!>jDEYt|qDmO$66C#H>`Fe zfLwTSw;rJm!OQ>!Ov&AIMcI5#Plf!KxOo4@(QG(R_WZtoD{Zg1zpfgoUkX~6U~{HT zb4u;KeF$tGHed}xoOqLudtIXV@hWZsH6DT}kY|9b&mg!|D5zC_sA+)#XS0~c+y&Hz zet%zYsE)783Rj~J-GaZae1df zHnHg9c+;C-o1-fmTu&`~3y+(a|6cEI7`uz?K)El|;giiNuH{l%gtJUkoh~?v=5L)J zZ!V@qSf=~?g1bGr)oE|6cR#mPpu#%m#`n5xA zTS3u%1TEiIByDhkqd9<;f!{w|Zw1CB-nWrii6}=LgUcd1pE#)<6teZka?Um9*guds z0iq{fKuB&Sk0&E0K~V=0VHFLz>t3aLpY-yh8tH@PPL4t_IhzI0>>+1qie`yc#!Cte~}W1>wOzc-<5&# zb9c7(G?a52!Qi)+3S4k6vrNm)!I6KfwJy;Bir(`nT7draAp5*&kKl2!cB9$z5rdn? zNLc|eN3WzQxT1Ehz-lPmR=B7?XaBUx3eYhm52xt zrqD;|LQWW=$C9`By-@954L?}Es>?68!hiwfZUB!A00_tRz2MY$U;qFI)bhXp0001J zE`s_K_6)`k6C;VbgDz0D+~Hox;CxYV$X^$EX`$HxdyY9(y>mpfIG4v}2(@{!uON@X zr&_bU>W`c=a`M2Q1kylY03~`9wzU_M8qj>{2uW&vVi1A|ex;{S3sm_@dsCFA=dV($ zJ{5{~cM?LBw19LF29c%^yo#a4;Cyz!h!Nti)CO6^0qcRf+vrAI-;e@IEZF}BHl*eE zL`*~~k*w(VpHYQN>B7}ObE)peuSqdjoVUSeG6ug~Dze~OmQo{&0=p*SWC8REo{%Hx zV6Gr|qEpAM7R^(Z*$JQ&;lSM=_`CT#S9Rh>TiT0yr%nSA^0(#<`L>jl#E%CJ*AXYV z1I6B1vDPWGNIs9I%gd$UNSq{$W076*XzBwsY6om6H5ZcbkrRuB0`q1hIQ1(#pz9du zieI99&FG~H7wiUl;`2^|ZDY~I@uxPwH%3-AxSm?}7aun<{=MGZF?Sci=p~f(*BzOZ zfb~z^utPORRrAok-Z1$pWEeNw3UHRS!jv#c(?fV9P+QBLJAChOCGc}6!U+q-=&^zE z@H}8R68%F3d&7V;J>D**{f^n|ibO6I-}XeNCke$eeNSbtyV9)HxGC+VeQTHG?1>P; z>)5`^?uXd>5X~4`%*=b~QM|P-=;>DPm`LpV>X9)b$PhzvFX$Yw^mA_GPU6?tp7G|L z$!yzeYkIp`yjah*pH@K@`0@s>kvAaboJDg@l2#1WpEqv$82z!G4nibtaFI38F6@-v z#}B2Gv#ceU#6tuu9b+#~+Y&)xeaG%j{q27IrX4X1GhYAT);V(JVf*qB=eYTK=jA!) z)V7`cH(>k6{_G5PjemC?WFHq@T^GFwq1W>A83dh4PvC2@%CLr(A?4ZK*^5!3&+kgN7XP6M+Aw`-@f@8Q7PKd72BA6Axo!eIh zg65b}(LNtipPS^E9igwAJEPExqu(bZC;PcF1xiSrb3a8A_0CGJqy)a0Ac-*C3TJjD z%8fJX6s32lBSw)fB7<0xTEYpK77M`XN5UVg38u4^5)sw2y^cPMV;Hl^{MyV#O8$s> zT83knn<8J`F!}!{yUIR2>dnRD2WEuB&Mm;Ux$-~a8R;F)%OI2I!S&vTcN8XLvsv_g7)fGIPvP?{0)kA(S*yK>-}IWRSUfCfB_o}2zsmi|RJ zFgYx|x%O^oyv<(WzEb`z)H06)y5_KvBC0&Gz%Klxvc?uFh&X!U*dNwvyj^x1C1kth zSYmxjBjH=psPs?FUH-&!7)-?~uBO63s(75uQo`S5 zCuW)JHY0tqTuZff=FKKwopTd&garY&UzegtM>Xru+Zkq7fD|C)u%T+50t54KKbXz< z-br2aLo~sGj~2`#;Q>uN6Q!YQ-BN(2w;}g8-OO!cCqhI*bWTMaPxnf4Cp36&yY3=^ z=lYwbhJ8v+eCm(ate0S1*8W=izRW#J6+A4g<|JkCuGrQ>!F;&PpNt2{CROg!@Idy| z@3owIINIael|vcw%CoA-Q|R(|H@jDIrQWo_=F4CpK*m~s7f^y`4y~yG>&lNgy8)w> z%#HC&zW@2VLZ``NDlwl7YN1wAgB|6Lw-G@9XGmzBvb^NaCo^hj1Nh3P8(NPlU~AdbSmMM-z!ZNq3&0$+Eu)hCG!_$Q5NMmvIIlTtkH%3Z zMvU{kh5f_bFl;4wiY3G+Y2 zd=A0=;1g6*Ma7EUHs_b8uoBJ>D|I43#zf(bj0<=XGrbf~L1hrYiOld5P(J^(*xY;1 z&XW&~v(k-xQgj!sz0kTnL$7C4p=u*`0RI({0h$`q4;-XjpY`*ueO$p#Mx)BxOoL`) zHD>aj*;M%-`t%-WZr^W>q8lmiG~^QtWRl=he_Dp#>G`f4DFz(q#BK)!dL1u{W+hsq zfdCCqyGhMm6I%@7iYkY*y3(n}x*E!9=n-oN-?twXVl0=~`^YNKAX`>&9uHPMHu1Y% z6VdY;pH7>T3I=ZtK-Du<-4(_rEn6#+ySGFniL_JNp6jQ|zq4=|e>#$1GGb3kOfI}Z z+e-Iy{__$()M#*%Ia?Q_w-k6fmYD}HVTeLHUD-x3AWKti_T&Fv6S2=_%HS{&=&&YpRjk~s!{<7j}twQZ{|4^+b{HXAnk9l?GU5c&e z;bLX~Mge+H-G2>psPs?FUH-%;(cYn$mrBit7@RFjiRF*fut>{bjSc?aCV;eerNqN; zg3Km=WLw}oEXh1p(J*r8&4Iko`EjER1dx%FGrSfc6J~Yx-2qChVpGV&e4xMPrOab; zedb9IWNQiP@H~jmLK34cc-)2k=J?hqUcLj`1yQa$oYyvk<*Glrsj~2FO1>im9uS>m z%N^YzDDP1UTQYB<1-{X*)A!cQE(DkKgW#s&Bb475_hYtquh-H6(abQl@38lHYx7O6 zqd=`vWU^~&*4*vE-w@sQt0`LL3mJP-K;FAp)a zG-zhtItybHUmZb{_(+=MxHgs^sK5i47kAW+EY;ZpToXZ#mNT^a=L_h`+EL?VT z_?{H;o~8GBS+?_}zGPmbx-nLrZ{fXhw{+}lQE4IRO6ioU>0>V2e{WtS+BN#LpDF^+ z=6J6kJE}mS;?fjJ)V&jkps;|9#p?%^Oxd{wRJrk9^dbvZuhD-Q5?E+iM!?1pf%~&% z^U5f05e>$YuxQq3B^GrYc;3?$+;zaq7GGN2!$!07h!Nx3OL6R)@1HkO9=~U6HzPXS ztd?KF8WH&;bWo80KY}!EPF<4748W{jc zSFaicOprw2-wU$a@R#Eh)|(v|@9p5L0nx;ICMkd}RXJI_5RSWYNfzvTbHK{17Hk$2 z-mqJN}LneAv#QA5JIDWk|_=|2iR%X9U&+l#F8_}QFh_cHWnJKj{P<;GTB@s68o)t%; zA4WU`{aj!Rhhdz`q(Jd7ULCD%LIXs|KT-bG%V2=boM&D-n7l?+B{I`ZR6-SnHFM#K zY9rCOwykZ>+*~!iP#E71OR~SRuE{;fE_v=CgE4j3173;$c+|&#%$mf_Ch(p3Ek<7f zLT#bEf=B97TM0*mP%R)r6nTq80BGH#T3z%xTa17J05-R4HjHTHNsF7$t9P1K_Z~_* z%{A9{lXlxpDmv#H4zx;u z*Yo{VMhzbeaK}BS#|sw(Dxb?>_GAb~(a#uqh$gl*MQuWU3OFmD+p4IJ`IrtyGpBm- zsAAANCN2`$hCdKfX&6p2iq@Fc8@L*IQKpHH=N#M~=Q)4?w*z{wTG#+2z!0L+SI;Q! zCiNc>k?|UMQt_4+gAS1IY@mr|11+?cJ#$E%de?-TAR<|w)W~lkNG?w6+!s*i{RbSh zP@Lq}SeLXM^=t8uEw^YXwj}yS!b{yi{RW0X)H$BuOc#2_G4HG2Ge4PTPfd?J9ZqLa zqb$#@MPP~8H@Eb2R@5L$nLHbc5izca*#9syFt8U|4X38%8d*wg5!1h-E-*$b9yz76 zs6?F(qGk1~B+TLV)9YzWQd)^u_9eLJ--hDIh6jt8QYznj3`ZKXINOF$C@zfuf&40A z5BVqle~D?QvHhG%f1EGWzY@~@yR>#w@uYG8q`ej6q2OZxy(jL!hPl*tNe1gRs#PQ6 zEfebgd99Nqo3j6-fVwEk$^(?WZ8!RuL>{_!uM?lHPMlDffJ)9xnJRM?Q^;tOQyTwo zoHP3M+rv;z2{#h3{J%eNro9;mm6mOeHzjI%elL}nQ>Rt=O%__ITP!~Eo^bVAY3v#Q zPc+zyNq7X@z&PHp$R*oFoW#>q^6zVs3r@e?_1P`B8N7LW5pTRXaacHY`vo~?`6(L7 z>#Pay4bmt?Yx!QVchoOmHH;cWh6R}2eZzHKzC^QH9~HnO(F zIplv4(hwcQ7VzqO$eQQZ;$mt}xs_`UE65n~9)XlR#|>PQP8>v0Vuj7rZvLMcd7d-k zos#1P=o!2#XkkKxCO_k8wgvu(Rt&T&cJmT|J^-`7 z4Xf9IGmZ`MBMILj25n*3bE~ghk4HpLq~;o>vx`a^g=}=mdHP8;YS#@%My6n7CN{|J zHwTgGCt z`+1T}1jyCd1Fb)+?iN3@|G$&>qT6omkr(J$nm#M#o7qM>%Egc(pLRQv+`<`H(>z_} zn;l{&9sh5UuPypXYpGTeXqtrlowcJeU10^yMq$X$x`VJMa#RZ^Pbm=|N4P79HTki6;IyoinsO&hOG zGkb$<|6Oe+jF~65^V*Rg62Dr4*8hZ|hfi80&WBizag*o66N+qQ#BH<7ppf)SY5g6~ zlh=`StVegCvfIOnfXi9A6K*7FsNybqDwZTUoN_bz1b^-nSJu&64|vUNln)*J+hw3v z)|5DyHU@g1w--|?WnkRsFeLk1>c;L?2PyY*w3XrS^iOma%f;?#|G?&$YDS-mRMg$m zYou3%ZhtZm+Qh;gtJ&Y@a>=n=P-{;jz}C1OP^>&aml6JouTW| z@ih7Y`Usv{04?!GGWP8cfOQPLTv#*)ZweZz9fy852Ju+>&>W*wEy#7sqB|e{T~`)I zs_aUMG4=F>I?;ylp$Dr4+HUK?1YN^K=&9%r8?KrAmE+gYW!=9iXsDuhEfd<|jEi^m z?(vanSr#3xQ|dDCW#oZ%0FI(%Iv}&=rMF1}m`*vuJvfz!Ty|m?9+!lE480X@05toP zS>M2$;ArJ!2I)N!i*8uk-&k2y`vOW)c#e zlCKp)?CD>w7E0TDnDM#mw_&|$yMln-=IRcTb2D3-IVv-xwd7qNIB=ldrw$l+j@reK zg6Qby0l4b=m-_sI%xhK#5sNX0=HD}S)XV`dkxL9;gO`mbRn=OasO5^$v^nig!Igpj zw!n3A(a|?@w2M>jIlf71QrlEn_u6X$e4Urqd8_X0)^JL6f;+8ysfFEhSiYlR$bKv? z$I@d+WGt6Mx-*X0is&CMV7iIF{$8&HK%qB7e^zSUl~o=RBU_W? z8|nf0!Ln=VMSRVbTX0rJ&LxFrSV^)2agR^i&+SMYCrI(%)qC-s$~ZchF{% zn!Z+910nX&SVwDK(PG}GFA~eMx_yL}yx0Q^G)#!d|9H$wDyO*Rc!eERRb&?kVx@%4 zIn{B3ImqUevbkyUF)DbdEv|X;Hka0{=t(m)QI&GIbXE0sI7}m-Eu%-0zYd8c9 zUhmnF4fN_H#JeU$0s`^QxV2}OfclO~T>~+ix`f3U$4bl?kKAp35!<)09gFK0`aEH1 zGJ1iBmYi@ZkOlAmd!S?PzZ;dH8o zMc{8q*DK|_%E6#2_5&+fWVyVirV%o=qVSi!!le`~u0ipxz3|9M552#OY*n*#)A;FI z!hOTfPKjAulHfGv3vX+mjWJq2{jhniwQeM;5~r}NJ#T7d$|3qAjY|FBwe!2R@I z93FLE_~%r!0<)X3Wwj~>74C_C3-{UxV`HH3T$GB{XD-(28C)hMBG(Y}RePU8-SULc zIB%_naTgz*H;n_gI-=NESG4w#|Gaie~(^Ehx z|T&;`3wTm-EYKVY8=KC(2VUoExb)?&z z(w`T(Iu<3HG{`-4Aq#Lvm?&hJKEo zK<-P(gwn^RgOv1TgJqkGCtwj7n_A8(>q`|P=3ZRCg3+X8hE3J*5R7wjtZHu5rL+3C z%&Kz@Y(OUH0|-Dy1oz<~P@QC3BwOS5$}$TD+zb#0o?|4^d!a^pE%rj*Hat98?rsc| z&$ojphd)2mHQSbSH+$uND>>X0Iv@SJQ-tA7Z>6G=&8exCe3&#B#P29Y*~>K_rGWQWjVvVn|*jtKb7(( zW>|Q7k-bjv^s4()}+jp?N+ng+Nk`PbDzLla%nnY^@_$oP)1Raw%b-PiGP+XFwoedMj(bJbdAG z)=4~MRSnBI08!INzWurO60f1L_&~Z)#qJ$Ih{Gi+py{abl^UZvfe2Ut&m}FbgsEYh zzTmL0bScBQ*MF+A~FXOj}2)leqBDoGYp$-Naj)C|TUKN{@uJk);14M(C zPkCwOGvk=6?r&1MiVhSOemMHg3CC;HZc7}yD7WnQIw=Hx z&U4es65pa1M>?ekTA(Hx`!FNFXy1eE4AA?Y+|3E^Z3f$Pz~ygwy4+Qvj+sSpbCUh$ zi2J;+j*yh{`j=fFDjqEK9piS)z!8zpSwxe`+n7U&-FVgxsJhkPoDf{Te)Q`=mUb!4V~!0n6?em&iJTi>#ZGTn8ue5{RWR1zr42LG4ni}T~hOr zqf&`U7Y7TYBS0jq3wer+$;Yk>7EWblCkiHEHg%{CQ7r~Nm$+SztoKX}lc88%&YKDz zB5DSR;6%43FM+YS5qdZvULU4BUvQkS3RRtH@Dd&3%NEm;%^P$dZP{KKE9P6Am?x6P==~c)_gbOf*c3Xh14|nOD}MrPmfbnwwH0nj+ zDy~k8Y9r%#!H5J?Wg;kX)BpfCDfltw2ol8qyYFHeLCYQNRXmD{6>VX=z*QO35?VEi z1EUs>TXAL{pCDx;DaqfR44hYtR0NOup1Y-28?8Va=pfHQ`LnBE7G2xx=_7gnZ&}!h z+&l@z5)iTOYdQ6sDQYMs4xynxSe^U-=j5l++IUz3mxKi_NuNt#%&Y&&+3|b{U2+b$ zKqOw{O&E2jyo1@3Mp!mBtD%>jusb`DCj-AS6M~2%6ns2ly1X^X=j3%X|zcr-(ZsbRabaEu@_^2|astTl4%X>+(s=sr2H2qGeSb-0QM@RAq zi<B3GiS@i{JYT>vxAm!gg|~ zNipL2ibIZjj&krkUH4AknnN@D%kScy6MuP$t>LUdvkjP;1#LCiwrL({?+E?5GeExa z&r9-5tqySh=sCQ(lO8?gqhJ>~L6oyt17Bvh;o8h66os5nxuWMwW38WX9D7!n069B} z`qV?J69-D~LX_s{jryEH_PIm5vmKk4YtRRc1yry^ZW|iR%*w3(jXZh@!sYdK7g=@logv0h=geG1QW8wCEySehLQh03<9 z1;r0|^>IL-;dgmeC`ht>U9$r8G+#3Tr_<)saDWVB*4|Z!6V|LP#967+0VFSK(km*} zk>$Uicn0&PQ0$3tmaRDRW#f^HZFI-v)R8C!b}+VQDj8r2a@}%SGp;|p3k(z6QCpTV@YKg`-* ziuglvON9CVc9|V4IPa!+rM6p7=O0m6o|^N4^=0B%c{5ysIQxZELnTYPT(PScVhcAh zNb=vN#39^6L58`6JzXP+|3CUAQwlq32T^@Hm|AXahetM@o~*sd68GrtZ%yG@DE>$Q zExW`SngM&pf{GXZCFjQc9TuOtbTNSiR7o|%?-`&&nQ+NMG7|SO7rfkNgp*j?*#w%7KnM)0ub! zb@@@On){E5rBG^&^jg`WJ@d{OgxU@kYljX1CoUc_kp2N8_QP4~r{(`=nyKP9Y$qxz zDq5Bo%udnUvraTnAcU!2o9>9=loLgD7`&IQe>I2_>`pIcIZ zD{vCgHv8)WxW*?_PUeFwV5b{4@S45$-CN&vMt@5ei_QXAh3@&BN&d^O=qA?^kc@al z_Z-n>MbQ=wr8&dE&V&UGH$X%7OV^7@^R*~3=l=!Fd+ z&-HVQI3<43f$st9KbmkV3UU`O4wvi!^q|fvdzc_8hU{Gzgn-p^IWd$gKb70u9374p zhDgy`BDW_i#tXX9_RLOo#xa(4eet)}(oVbwb-4hoAwGxKn25_Y1d@DF?+f7Es6zQ8 zxk^PrJ&?O{jEYktHuu7u4kzQCUXjq)5w+pm#lS-w8a8kJg?%^uTR>wcMd^$>1sQ>@ zVIBGg5U^E>ututbWTJq;BpkICG8bYfv+;ToApg8$t1tE*OkM{X<3 zgf@3y#gPkO`9C)WrN9YmJ^(>%{Eu}|4I{}Ca$=JQeH}Rp+R(WVuXR^Gn}P-yP#Y@? zspJTg9vR_E>em#9nzxrvHZ;Ce#p4GU>UEyA5XD(T1U{CC| z+@#z%iYst;`@S|khj9j9vY=azLjj$ii-O2fzUJG7TQ}k3iRrN;3wv%TD-(#I4vje` zxK+2QF9P%}Cu9|9USvz1#qkdNL;Z2m|Hz~Z8MTw5Ss167+eqHND8b{V<*VrPv|+r)K^(~$;gYlK(4-Of$$HxZB=iyeHVZ-?+uJJY zIEa6Y%Y0B-+*EEyH|A>xxDA8p7V3n^W8XHbdKGs$0a=LR)5JsLjD!P7&awho) zLKWeu>WS+F#q8m2D@v{-G7%cl&~1!a)n32kci=%y!@N=_`2Z~UYP8}p>(%mNPyhe` z9|qG?zymMYGM7|s{}{XiySMtd`b${%eBnw7Q((L1-mH*Uwy_BO-r;fsyGu~K=l)q= z9>?f4vW9oi9*{*mLVn$!fO9mB1vXQ*OyMroa7I$g>0vlbHhw<0w9rA*PoLdS#ICPwiUc zu({V$%xJlz%Lt5lMI{H2YC@a0K&}u+M@v5Z_`0E9A5Ev43Qze5yrOB26Gydc zZH-MTN5ikD^(X*S`z~qjRRJnoX01~0r+9^d)CL-YsX~4G^)gUIyWpYWDD9Q&y6~_AShN_K3><-*z zjv@2|=-RO(tSJ9;owT%`cbuW>RckaZ(_F8k9k*yr^&dptnyGK0lAZRc-j!?YcH6b;h*dM;_t#lab8AWcXdC zmL4&L0`S0LD9i`el?z%SDhC-8WF^axUzP(>x+l4ABjp^3?^`QB9y^UTh;A338KcWO zEq=?K2wKCous62S;1lJ%*bjQUH*#Up1iSzjhIf@cwM|8$qe{Dmlae3Jd=h!@vsO%9 z*Af}o^Er}sot8}(b}(&|6$^k{loo3YDEQ^7J%np|H4RvRH|3e)YRzaixN1xuYHokP zwOf6fE*bKbj>pnA47n9+YqtuYjJymK{~2TA9Sa)**-#jh)A;!;KMS;x!LfW~;fIu_ z!5usLC;MumlEi?ASjO@^SX(ABTUOPh&!X**zq`6>P}CSdAjpIASl?MmTq-C9)Mz8U zI`_abyLtcHO--e7JLeZs%4w{ardel(UZR|f=<{Fu%?>7bjDu(ha75&SRO`?O|6IBm zjkq!UT3EjG|Jr4Cz1JdtunkW4sL5cx8@Z35U(b@!Cv)_wF1=5ZSKon1fKXlH zLh-p9EY^c(Kby40qb@n_l)mcdFq^izv>VdmPP4K>`=`OeiOtpetfG(r00DYiES&UF zrx&P)uf=g*jf+O8so#G4HLr%#@z<8Q3+FVao9yZG2iL8b%N#@VSJjn(`Y_~n=I%@p z_GT(B3jQJ>j_Ecc*`9s2(7&q&c`mb|g4bFT7$3!PUX6=Jx1>%bWSjumanKIk_w&__ zOn3g)`1}~6W_2eag886cy2<}{9;9%CTubyr)K3%Md_ybMfali|qc5;SdzeQTN?vVy z7#dahinbJ2tLvLtqN@-GLvN5+x)2wwE0osVR)o7*ZL!o=Sa`}7asFO+W7&6V&;U_qC+uoXLV z_#jarH}=cVJq8Uc-l&lhzekG|yoLp-Wh(d;kCLK4<;&(0KwUjM#gkp?zhC&<8UV=o z!1(fS6^FDjM8ZMb5U?lB}(EzLFVvw+<;vLmdeH^>n?ca8F(WW~r=l;=UZ zf9rkTUYKO6Ixu#tC#<lSbRhujXxP-^eTFMyRlI7NY0^ zX@3iTAKL4=5WoNc07{$fn{{z?F4rEc2pZl<2vdEk%a5ZL2;%I`_4VgA?d`OMcm99>|Fp!BixZr#*U3P5>g7LtKw3PIrJu)gx9|OO(|bl(9%OG zEtbUk`OY_}*(sj*HKkz~Z-ycEGYpWjOub*Erj=c3pC|;Q<={d$ERc5yEc!2Lt@4nZR!6(7p4LTrbx!^2Pj60YY_wR%PvxG~ywpw-W%cGC6CEG*%1 zEUI{J2OPr)gS2Q`d^EOMbbQzf4*|$1>F3Z(T0_eF{`9u~8P+qlsdK1rf18Jkbs!YU zmkoyh9+jtHF6jc$`UrwV2!G$?pNPoi;T*ow^?y2}2>U7rtSh{g81WggY7lD<=gt`; zk0)QysO2kiW|vgT&LG#W=af=zge~^z5|YCeaiRBrmLu0vHMoS=zW4Lzva{CcZRZ95 z%vp-MhD#D8x(gzUcn)f9OaOUcdIVF*B3qMbi|x_9Q|BxvU?9jT<1qCz>Y1nYI)X&F ziqx7;B4Om3Q7nRK1DikP6me`vn7$`axGsS^aUQ@<#n0|TT9rt6xHNZKtb(RZF7KOv zW4ma@%3pWDcV<}kGIqvcsbF`iP?_uV06?<5d1EXK(K~ zPMmw`9Q8nrl^b?iT8t;{nPd4rgg)u@|J=YXnW=27grd+(O-!^;RMcwq27!RrngEZ= zHO*j~pT40U{|MsPAFk`7M(=s7@yq!)9SpbZ<)IBNsvQu0_1d=@=lVDAC$66Ehitsm zEL$;QH55$&QuPmy8JKYRbO|+Y-a6a6v1D~~99#u@IInrjf8ts+BzdP{`rWEE6S}u* z&{F6K?_q@qi;Y)zSBo@n4U+-}y+#FYdY{wKL}t350Aspo$uS&I9h%t%1T_k|6MR9! zrubq7BzCI!$HqC~=+*+f@GZdUD$FmXpIujmt0VO5j409>7n7IT;d3F=~7rSR5b~`jBOe zCJp-^rUTb=u#hi|7g4GUD zmu8D*Isr&xvYgC>>l;J<0+kI`*^+=0$08!L=%2U%es|2kx31pAco!^?7rLi5p5dVh}>vd_YX zU9d?oeE7e^>OXCtj%>;a6_&~^Giin3D;7_ZKWh?(mDtkO>~2QUeV_oelK=z0vxgu6 zujbcpTahYs6r|{WktP9Z#zx!Bi0FeAqZM|K!@?NXiA}9(A`k7w0mUJ{BQKi@19m?~ zfzQd`4a&B(GS)}YDOiZ6m9x9IO!Qe1c)W+9YzQ|(hfnyeIhlfI+0MF9{9}pGeK*QhVaMS@=Y>`W@-WLqch!Y99OuEc3830Y~5p4Ex2c{9! zhOjn6zW3g|q9K12t(o_Cch}>jS2dTWQ59alQ>|ct6w=0$oRM`!|AxDlrO~&{a%QE4 z%Nb2X{>%41}ClXkCf&RH36Aa>F;0w8Xh(8?kZKVxak z+l7+uTRxc9tE$OP5IZV$@p;55ZKarQPzztY?>`k`#bn-!z(sxq1D;(WFCgT>(qn2j zh8}w_&F_3-04!~SU)^#FAD!Xb?stoEf1asVv#uHFLPD%s{sam<>e3Pc=d9m8w;}pF8FMirmR19dlEw|PJ#+H}m z2cLLs^&zZKb^x;q-%)FHRN&54RgTW;Ci^|P;owMYEza&M(J;`( zRTq-E_xgL(Mq();otGE(r z|3fV@^7?FJaAT}WLUhpV+PM&h@YES-4!yZiS51Ghp9s}H%~FLiE=9_lRY)3e0r2b{ zoDf;(p9tzfeyj!f5V+m)>0Slwq|!jGw)tz3b&P$aGUu{4-Hu=pzZs;sO))2X^Hfai z6a$=ZFiX5Jm!~O+n0~5@{n*_=)w^KC*3Xqbh%tV^tpben==an%Q0rTJLcmoc$3$Uy#A~eUnP|Iqg{VNB(+9NJdpiPlB-8 zC(rCfB$rk{iJ$lEJ2v{d`LursVcpIqi7%LAEz{ZgbNPtaCWJ9w^jctD`jU3Vd3Sp>j`2G4u5I!#T|&;h6-N2IPDGJE z{Epz0L94mKGEi`Pjx^B%=>Seg9SMI^17IfQW&i@I0pjszfa-Z0`2Z3G z000v#0bZ->xDGIG{a|U6uHsVxwg;l}ML;XBbqTt}X%Ib?eFMh1!C9rZ+|Z%B%1K-5 zexb-xxMUV~SaXw9A;x*Eu;+Qx+D9PRCVYUIPgYno$2pluuhKE&uYQr5PvAreCBl8X zl}M(!hmJan9RDndG}dPqJK{4Wvd7~)3!a8@q^lv70k z#p~F}MiQ=_QsoDTXlQU7r(lhXt{fMtdL z?1m2|3{0hgmY9^RI}r6DlXx_cwphwrQ@`Syg2Ssj)r%%_7(n~F^AIt;C{3tVl zxmi&KKXRQ#_L?)u*Y{ z1w?4|NmG?W#P9R{5@*NVwBt5uPWN#S_X5s|@Ok>=0MpLaws^dFwHn5>e{)>@d9a*^ zH1ikO(c55t&8wSa)$HvVp%7g%dK$38?B zF_=OGPQ-Hz>K&;sF?EPv(+H_?56#{4!*nzB;r*gT)VWx76}|(i@pU8`lbe%w_;_3jb1$b~iB7Byxyv1f@gyT0C zQ0ON`pnR)mDagl^=xOZeTYTo&1*G zRy(2p`QTYjQDPet1uzk_6_|fvBuMpxa*$@1so_F|3C#2XQo=63jteeTqiUW727JRviY00C(x0000b z{R_CnB(Sf4a5KrsYCZ>rg3Ujr8C-oBuw)ayWjmn}iDi@-PFQ}CR_=UzU+^qf4Zsst zEtt$A@^sol3@B!W@%<7^KG>?BMS^kPumACP>O zsOPyJ%5-o43PD&aIX=T!Rvac(L`CU6$vy-!qxvNGbbrpc7wYY7qGCMPMUEr1o~WwqJ(x416aPnVwI~|w@9L~GI!>=5$dsxLH3VmSlIjcp?mOt1Zj}1w zPLftv8tr{q>R$_?j@CgR+^l=dwNQV{cJ)*)(6`=%mZim3kH#VdkKxOw<3hHq<~PcE z7)&W}w#6VR9t4CU)4$$AYfTJ^er`zoFU37fxS30Q983;;Y(lk7|FG5(ngWPQq0a`b zR8s|%Fm4Z^e{E{^p zUznWi*qMqBadzZL@-BtdNp4P`Zzq3``onOl@;>neq!MKh=DZmdZsA|`feo4CtKRR! z!N&`m?TRYR%Ba(*q&6|~6ON5XgyHt`B_b98)!JOeU(zw>{D8E~t+we#o>q)Yy zw49JL|7tc|y}$a$La7B)@T)F&S(3%y)islP3ah9~jkU}a zmf!#w4cUMI01S6++1FG#`L#3}BLQPt?`JPU+ZwQBzsPPj8+-$~(r0@z(Wew`NC#)f zwiuYv0B9WisvLneaXbIvni6Mr>+wre zV>ZVpDuj}rma;GF?j9T1*Rax=)`bu(h_KO_&V7_kO$WuX#4wvU@(%>EKKQao^GfEk zL>uzEMMlqIg8TgogrA-u+ge^*0?1f+Hsbh=`LUQn7&8@FguL3_xkVn-Bn0B74m@G4 zM~I9FE)9aJa|7G#saoLb?Jm69Q#Jf<{X!}z3_*96zZZt)z~&v6W08i0)B1n`&tzYT z%$F<|BZ}7g^(_N6Ao@uNG#>3+C;V(JCsOj*zvmwh(2NHLt*5KL^}NwCv*vz1n0r zQ-raC0eHkkViaF^jwU^I_0!VFvkuoen0UC=udDZ)qD-*N19I8c65W zb};tO)c8$GHI=s&u6>>;ZkACTT%?fR{H~y-7xJ{m_cVI5n-jxb;W?ub1I`p0#edTu z#i{d)=4G4>)Zo9!*zQq+uPVR>p8{D}MeY(fGh7>@aA&XwFfF$O?Y7 z+%qJR>9iQrUMZ0fI4i)9$nI)aIkdFKjNihB^BH|mfVb00ja5j$rtn!wmnp87n`o7d z-{@WriGJbJSJ%p1w`i&A2K&|TX|pCRl5)9}M4=!)+p-wFn&&GYYvXScK}uK8&xfPiPqfm`2RkB~E@4ay~?R)GcTB zyrGDpRd^kUIlZQMAJ_k&3)S~hiePUi?h+fgOoj~B#~T~rj>QI^b8D%Unkh+79{4vo z#Z;>Rs0E#PO~b|x;wX>bA?S43R2IG~JQVGtDN&W|>fn#>Z<2X5N<=C%=~%_8EZUhM z(5XL0Lx)pX2$nInX&Y_Mk1RY}%+Z_9D7IjI0L9#+{nLPNKIM_*{+>S>4A3yJJAFBE zMtQ^g8Muzm=fmf4UsyIeIsvE#>dVMGTD#Inm`-?teVA^L(6;&}O?_AKuQe(k@%nuy z_$|v9c*lsv_Ph$RAC)5~~sk(Iwjx|&uA+Fo~sEozM^s&ApdbAj{JOxjIYm-_Z= z*Cpm2g6h>*F@63jiS~5;^(9;J=*AcHZq{k+<*Rmg-! zkY@nHx_P{HxQ#s@7`1-ja-Vu@t%{vam^9I!`Oon<mJ)yaK*xcAH_7w3mOdDi~8SRr2f z50=7mu0+6*fQPzv7L6z@i%LMrHCbW74hNmfkyLUfak>~Fk`ITXj(+lKRUS9+k~!{c zNZrV=*?>%^JR94C#>HcaLEsH9P3|Wh}MHroSHmPIwCL=&;WJ>H+@ppP#(;L4X?3A8li`A#V zf}zx4^OclLDg5A$C|jQWVutI_wmov*fw`db;$MDT{*jJ?WtgnSavaw<6yH)92Num>Uhsw@mklBWEi~DDpEzESgTnnk zRu%#@n*l(1v;$5_OgZW$)+idy+2ac}W%~_|Qx0p_w)4C4JCTg-Ll^GCc{*vK1r&~+Gy>{1uvmxBPtcOwmi?ZnMVLUA-shk5L+LFU$8KNzvoN>LMZOd~`XwobloI1@ zd|!X_)Kq%u+5UVDT`OXf=<8tmq&-X=gI8m1Iv{tt=r1vdpKXK4U$6ihXA2fY*%FFO zh!g{Oy`+^R`1q3(7R0$0oHEtCkJK2YLFld1n~>l4&T_j}>-;3qCH$yz)eJY>z!OBV zOA5ofraj7)Aiy#Cg(406NtJ$B`9X_DJ?!aH>UZj~HaqshPL$8WC(s{49bTq-TO#C| z9-aYlfEj!u46rDSIZG|P`T-gQ41tuC%}WIWb$wn6QocNJWB!kMd+_vG9dLB3Sse+Q zBa!#a85BkY07dNm*75!8P=YnJrADS8zf4^oWVlK&`7?pvmb{Y+^H_-9Yrx2e2jl;x?YfOAy6>H7bbfL>0&vjRoLJxhFPB-Zu>vCm zyLnv%clXgGYr0mN5KAGN4^=qq2=jMkXC9hth4`O01ocyohn0ad%3Se5_oSyl&tkDC z$`OAUGWJ>`z94d#b4N&gZ+==l{gV|b(i|84_+|6ouuixKWQ2&1CE@4+0oJ}Hdm2^s zO#xT@^8O`bXGfKJ?^g;<$9h%|gOb<&WKcx7)oOV{EtyQD@Oeaj07rOkR$^Xzbq><* zZO9#5Ik??GApT15wF0mJ#BxXz5NW#!WFO}fE5 zv6|liY!v3Y%ilX}Sgn`p!bN_$1}KDDdeHd~`&tkcaHC$El%>C4KT~s*6H_*fn(8^X zb5^&7GY>Nc6WlohzUtzuH}ZFLzd7O&F9bTqmBCkTp+Y$S)wx8J-gL3;vu7>u&Nsr@ zk#WvPTYy&G!)kM#6Q1eNCFIa^CCF;5Yc!>}0pdwG0001E^G&~zQyo^g(E-}IpkvqF zHQN@h=`Z3C6VeFg`zgsvIyfahOz3_wfjilWfMw?ooPBW2hrLQC@mb`4Kk!x@3RCjTDkfWmagfzABu*KKy-Q> zhjjt=;&ZF*@6e#D!uPgg1kpI!GE+&XDGs0x#uwXDm`djU`@-;M+BGni()U!yl;-HX zC4&sa!=(C*A%sJVlm%@7>97YykmV*3jSf#fuHA%w_n zW!EI)C2kGBQN73e&j}LmR6cU6x`5IIZwWI30;}#Pj12i5r+jJqc2|`U0{?OaAXWCF zhic34*#xyA*O9Q!?ITuy&#Q9ocF5zPI*KNkl4Nuu(0pNQTa-dgcQ%YCo|p*fX_F7Q zlo6h#apYwtSq$6ECe|G;RK@&WvGBq|Z_uM7WrnU;Wqvd@tx zKmIvk--WR7e`nZE;ApT$q!hx)bh?v$ZQYx44gTb7!jH((n;FQ;O&cA?({}{?W`jyN znrrx0IS;Pm1^>slc3uRyZ(QaA+VrbFE?SOy`G;g4B1~P4j_I=s5J~h(FF4V93bV@@mzzss)S1+CjY)J66Z(e$;P-YsjGhd$iylRbE7*b7y<4w{)qm zYuRUv%Al@-)p(NRHCzit=1>6Y!+vaG`POOP-3>3!BZ_5s;{BgzCZ?fX0!X(Fg?O?f z5Z3=T%wzPN(#|~DjnUCuPP%83TO|RFmHkC&x1!hKwx1bBV)Nr@{Y{#fFxg@tJ30|P zJwg*&Ze+DSt}B1hxZtg2N2iAgFF}Ir5~E;u3PUE~WwwN+D3+r@9y9_zrlPPXTgu(_ ze8|F&T5aG^@5$N&Qibx`KdW?WU8KhaL2P?kY|n+ZXzLP9keoXo(?k|VM!H#Ku8qZ) jxmjKnM8DF1D+a2N%=TS4x61fK`weJY#gTiDVt@bu2nQ_ILo*tSh%`IU;gB-E|DB?2ly2Du;#bPrIduee7^V$R-GxV2M2(!!ZgGE9^I$! zCW{Zj0H!kl7`)v2Eb{~N*$wN_^CK8MsR;&o=7JNlNfW@6K=Q8!olg|{iy)a3k^9aS z%*q&!d-7vnvgbRX$$I}6Po#&UbMnK^KEGseD+maN{J>=ob*}qOJOLl!pD95SPbv3+ zi_JT~20zIEZoHlW>nUfNPXH706_HBt&hsJg1|0cI2jq6z*a|q?JQleDM}wscmEnk~BG+wb zkSk>`p*|?x8?3~dU_Nxt`Za-eZjW#1pC_-u(Ag8l#Wf;R87q$@yf>aLcIAitkTmvtB@~V!Hhtk6(c?U z|BE*?ydrPAzFd zH-el9HYR&TmE8ej1+10^0%MuW6y*MYGW>@Xr|b^seg8)*qe71#XZ`!I^!Pogsfa*Vun^@JDe0OxM)vu)-9c zrrue(bX}w4g7FIW>zRW^0;k^p6MXbX@k^5Z<7<}KK@{QX|KR83ihtMjdl}^GsI14+ zzW~awEkgYN*Iv?uTmQgnhyTC#XLlFN|H5mH)_43z$#*XRes5G}bkt6F+j2Zog~HeR z_m2=%pMbLe7(qgG^7MZJj3P{fd-1B>i2pGPNUZ)FNuBRymSpnmzIcUuxn}jos8Fe( zHda9q&7c352WvU?ZESO8{_{1fUo3_GHyFHp4~`E6k?p7u78rjiWdf- z?|%f=*DwnI*mN6$i(3N`1hJI8J?|%io7$e;{@ciZhu$!~IY{8le0hb3e+klmUQM#r zMLk}i%rt-yu=4Ti<*OzKLS`trbgB8XSG@m9J+)OdFD9#W&HVFT_JX_67b{gd)~lOj zh19Z9{>P)XzFXj4t+WwZ5doP%ZsEWA^_Et7MEZ;AeiuDl{Zh{`@Ku9=q08k3%KJi` zxH9>>e*soKkhU1_s=rqIUu8RPjBVv!h*K6U zrKpT=#X~M&)Og0e8+LlPG=H}yxy3EZZ5M{FB10`pH1 zA=IJ5&%@(SIL-S3T~O5kn=tB{;w0`t|F?@u)&lE$AZt8I3>?0y6F+`C;45< zX_obL47~Joyh%sWWkw+Ztxpjl8@B0(7%rD%f4o@l%W=Hm-q_Q3!+lxH9nb|!)@0U5 zvOL8MAuwGoo))Q}Q_>kJ5AauB-0Fo0gz-30P~$m!zG;UzG{0noB!r0ctET{3MtduM zLGt6wsV7x)$@iP0L9LjOW=lBYVrR^h3>%NyAGkV(di)cyePU$L<%sRc zbXRsU6`0#!V%t84xuE|LTA$Z{c{Ac@p<2!MS+jX(-;>+V?R2;lK}|#&j!wCaQIh#uyrb2S4QH()1c#paEsYR0ok1a{i7}j8LFPNFETQY<;)n^((x76 z_XTCHLA$n$)QB+M*nVbwZGU=nZ-l2R!Jz3}AOm)JpOv9tdDk!tHk3@S&hU5cR^PD>6#! zqO%k_=2muoITCefv&X<{Sv2NELXwIm27e5Px|1(j5ZkCdtwQ;J3grDG?IooF8Xhm) zIgc_mv4ZKTV)Ks4VPWt~5rWma3wYHGeVEA3onp`T2fm*#XdI?ePVRmnIC!-t49TKs z+TvOGh>n!;g%a>|>}qV(R-a*&F~nO!FWrCcSMRccnAnl#b}?onkVDhB_V9)5uV(~| z|C{naQjXRHu5}|>IK6>p<2UZ#1rD(YT zk%&CctMh)%X%MR_`0YESaeSSOcAY!6FJ+?RfX&TLvdi~B(Fz<-Bg*fSm#1rM5gSq~ z3YlMsdL)hhqGnSBK%(?4F+1Y5s*Q))-$?&`{CukciL@~h`4$b4=L%0PjBGx&6;~PFJUsi@4QOL5RqiH+eQWgvPI~^^&Fz5r7VKS(Qe{=7zjgV2S2D& z_;9p3gZ;obk(C9(xln0fq}`owJttEbH~HfBFZTe+;jf@8ME7gO>OIKNG-I1Lx1F12ccr!n+}qf5cBu7 z%Z5c{l?B&Ohkx*eP8WAXL5{uz@_{y$-sz9f{)GIx zlb{K14w*1%pUT}aJ$K6n-bT+Hs_Ad$z&Lf>2%YELCbVaDE&MYNrvrfR^V12}W=xbN zZ(Z8xvEQ%40W0d5M2Rn}lrIHWCEb(t9g=1gN|!5>y+ChMI$?ibbe7#clu9)>+qPKe ze4mpuW2#=b>PyIqwg=+N13sKJjrY15vEHB3k(onJtty0Bx<&u>sjQ& zRE$LQbvr%B4ZUR@_kr=Mf_nymfVU-nfm5fG>234@aJIzns>Z)w=<%6&=~Ti#uhK*6 zfbK}T!Ft;+&Er43e|bsPchkh$@K4DI0l`b*_>afF99u0%)VWxbRi@FO_;6ffL;^1? zwkDV619(vHvbzJo=O8wwmaxR3y?eo%4XQq#4<}&_W$JvJ$V20T-D(a7OF@M|P+Q;Y zsDpWZed3B*@R&~eESIHA=10; z19eoWd@l&BMl{U0IOyE|RdxNX6DwdHx?nLGPpK`wLkhBiHTQdlr7T|S4_?wQ+$qQb zf*I~rNWrLY_;ghzvm&Ca?_Z1NLVG^adw`5s(bQ%$L5_PMJr-7oX} z3zwG+14G9Z{hjYygS+jIzd08oah00Wcrivx=DpBZZ3SF5dQsCcR3ap_Xl}fJ-KeTa zC0346_sL|cX8#X1)xaR?bEpkMS_hn%GyozMw zyG0P@4cKYcz7;|mI3Ofzn?#7a=FZyjlhbJ+k07B|0mjy8acslEJ96Rph;Ta88wPmb&%LO%Ag*<0(j(}KgFUT-Bw^K;)9 z(AY5`&f8?I%B66Wx)wxvCLh5>QfuSL)^=N1^V-|cbEJK`1)eBW)bK{%Sc+hT!M6&9 zk%&0-M~t~7hmpra>bRHMGD?WMxqjepYKA62r z$kYhspW1QOryY*u3*D9mgo?*-aJ2vablZ)Fsm(@p1~f${iNY098#YfF0t_#qB?A&s zMtxU3eIY&%c`m@{fwz+XKt+yrD(o+xj7h-SRkkbEGyN<^EKeeE&=>B55uV=hYyG2+ z>;Qq`!bN*mM$!pyjgQNrPeN)!B%bgeYlIgymv(E=+u%c&V?vdeLBA6_R=c!x*qrwD ze%Rg^B|{vH6DcR1L-Xm_cq;y-z@*HIgU}9buLiUSAW&uL? zsvyKpPS=Ss&0ht*&gy>-q_t%BE3~_xt7!vzM0}t3n<(=s_;w2K5nHoS=A-e4Onx6} zfT_2Iyh*t<@SH7n&(_|yoJ-tW_6^*&m33*ZOMYI@%+fmJQ(yYs=^#c>TD|BybYxsH zNdKJ=-6(7I7E)(HTznHs(%ns*QF|&U9In`IgpZs1!u2(81azl zbZA2{go1GRm(==ixvZdkKjVcIK$ucUNhypG2|`u<_MZ^-n>J#1jjS(G5iZMei+c@` zw=ji0Cipe8Am0p9j`{dr!tUHAau3}%H%N(chU`U(Sg1cUHzOTcS-JVFGE;-vkX2Bb!sNrD z9B)KSvc|62kbJj3e(twQNcp;0|3~7`)Z%P|Bm_&+!o6-|wBt#Lb_9t*e-xx@4oDGP zTlIAbx<&b}m=lfO_fHs2-+qbvSBO>nf`fQ*4W`NcFdS0TNMnXgqIs`IL862h8Rk!i zJammA9qchFHur@JYBt*(1J4i`oY!=ux{VFway@hR?imI?GngH{P8_^_;}~OMZ>lD8 zboZpWV1CDtxVoaz&~dgs{4Ky+MoO-9MOmjO)uZ*z;$N0Jm%@qX)Bj%3g4IiA<*zbR zzKMiB6CMQNN1jFhQWyzOU&2zK^}kHRVS=f^MZEo@6XHM<dJwNb9li0IdeYgDqL+PsdecLN?ec|oFC{sO zYh;OQP^b@f8TlN<6Sdr4#J4(^)T%u2*fs@{;&tl@RvMQezJ@rxRAEaCd2 zD15=$@c_aRKb<$x;3^o|9%6UT-vV1?VeRhbpeSaK$>r*`QBcv^X${cmFFmhlkiHYP zufXie8@}(7%>jBnslo>%?xZ_+{Csz~iaz7Qz=_9^?-f7(RaB*`!0P$=QcnCMl(LF5 zj90tpZBt0Nj>!g75t>m>b3GV~=1k#z26Z&X;%&iK6TFhe@p(u+!doO!^|m_nk3JS# z4@q6qp7J_>B1;w8==e+dY|~TO*w(`_DZZSJ^>WGv4%<8O%n*7RT@6#7iUPhpL!AA= zi*gizF{6+acq7v&yH42)<>ofp=fTj#byjvLpPEZ@5Y}0(6XT}%F$UKt58+vTSTS{T z{ZmMSp)+{19=$mUGuxW0N`0*~k?P5vT$?|Za?k-%#&I;f({E7fy9~=S$4SVyPcyiVo7n&iPlMXshw;hF**=*;p$M$3^r098VmFNao^Y@PMFU()MPB_Vt2!F#~Gl| zWb2BF8!QS}5Ln=ps-0QSDIi*Y6=#9u>wHP;C+7lE!}`){`X@X5@{~&!OcZMHX}j&h^mxdEs}_Yn zJqXiKV*WOJm4Uwg9*0lDy@U4^TcBQ1ZpSIKbl97Wz$7y%t8?l*Vy+=|DysDxQ_|=n zS0p9q%xQ^|BmwRYF~-L#MOCH`D#oEjc|buBkaU zeAOK;I-%{0;d;Kv>^o*UvScjWmXygYY_0d3U8hnUh*he)=?dz{`aQOz;7N}*&gm7* zeUYE4962Y)1Od#D9{ z1eu{&w>xDTn3A@tV(zIyx8NZUdGt{tzc`5Oie}4d^o+U09AHzrJ&UKY&)uW0D5SN? zTj=o>z+Ok}0b#W{<&bs=ghCD*ijuFCG<70~^7T4&RDZYyji#25Y~MGsSjP|}n>E3` z5BtUzO2h<5iWa8U?bCa{oAx{0L*%+vgM?O1K_{i3^>iTGJvRODeEsfqZ%~NuWC)2@ z1u|L)T#EIX)94!c4OPA#)Izst@jzTN}VgSOpSW9JL=@wkV4r4;B&i8m2gw zk(BXlyN={D(#;3;x((hpqHBiGIqeaMMB6y(Zt|$wkP?d5TCs!fKiWk8XE1^F_8bx< zs}OY$rQ6JDH>!;@tW9%TQ?!j?yI&q9`?m12L%r(Suwq)bLlm;wHye~j>JEKG94~Xf z%2Y;^l5c`7v{NQ9fOjzO$Xc-O44FDO-9)ur-t2Vywzfq9`L= zu?o%H*|>0{hPSEtg53MMPkK03yW)@eB&Mh+u)Guf*e(ge*qoX zs8HSuGeX2DfkT$GKNWAuTB@XMFeKF#K#zAgtq#0q2pZG$2=QPmrf7TY%ZIB3iu|g? z5mhP>Ou?XT#Dgt^^$@g|cE7Rj$m4lZ!}tpDm0G49upj~^f5*^d!=9Uxx7>(>S~w-l z-|Z@`GSRhg6oEc;MI7e)1XgFV+vMb|0aFd!sq>*HmbA)u*6}J zCaYTSCgV(^KZ)Mn$9#3IEqpXwqAz=*#Bs0)m-tmcQw7s$&r8ACb^EUK4(a8dG~jrA z^%LO$f%m`?O_0a1TyGX&QD4G2VB>62%RSK9Uz>C;9KIG6+#{V!ja|L16fJ z8-=igPoI+mJ<=opOUY>xK(Mdy6S*jCjAZPm?rsZ4A6bO2((45np+uP|K9ZC!o8<&5 z^i!ZcYnNJlVJp7in{Q}{74G())TECHjt>y^+ljH%f7ZUzIdI-U#v6(gO_KNv;3b&; z?P0ozKzv$!RCCWJe4z4id}wa-b6m${ zzuuYm(u8+Xw%$}LXb&1v4zCwF&f02Z_S?QC7xO_tNM^RaG^%!n%!|Q`t0+h!cN?2yubqX!JrQMVxa*tqAyf%VkTVCq- z#4<1ARo;IQwbx?=0`|+g5aFx3-@zk<+Huytc_y+rM!>0WH{G3SxSPkvJUwakAh=C+ zRwjv|pg=tGZK!*OwB7T2H8AMY5o6^UR;FkoQhJ%vYAx8i{p4$t(|B7S&sUz%vfRd~ z(R$f?pEK&1je-@97#rX^a_c;%z{BL?hR`Z1p^N=Q!j_E(5C2?1S*6>#g+lFMrnBsJ z8EpOzY~>2>;-Us#vt>&)gvO+n!BUK#2K*^WAmpa2*c~FHQ+~oRy6GUc9!gTLu{yVP z@H0O?B8*;iv|0j$6HV*^oD@R6%o;z%@by(7ThJJ*>`*P`DJoOhpO>nfeTXYh4cjHT zW=Yd}aQxl!sd9Mapii2kO(IM9Ilc-nWTdnL$3r0y`jtd}_T)2?d{&e5-y$KdK}b9ASec$tS%W8uGov z&NSsTnQ~o=&TCW(JdVEA&!)UfEindTA3C!%^6M8-w;E2VVMpCg zMN_mfrNqg7AQPer5*eHt+QfM*q=lUBowoH0M)M-{Rm&&-g!XLLQh1jlfQz@k<3nc4 z^d<5;^#uWI-N_jk8+r2?Z`>rm&^962-#TMRvop-KM2+zqV<}UcN1yY8#=gw9JZp}8 z+0c2pROEfS+yROW9dzGb^1{rvi<>A(90FYgx z!LFG~c7R*hz_)Z3Gd~e^f*<%Tl=julIUKPTxw68|RC=k|C7zPR|V>y|eh z1Zi2gmNx@@c|sySOya~AmrHt4@9Z8s2)@yDW8RhYrOa88)BzE&miO0Q@$CcrNK9RV zNr$U2sGw9Q0XW3E*e0HxwPheL2k2hR{;}P%jo)m#s9nBc4rmTG{h%=XAxw5QIG3zD z#80F*nt<$1an@|mM~Uw=QayALp>l2Q)+#3%Jqq;dC;&#SJpWfx+w3i+;V`w?slPUe zR208aYigM!bz25`zXZ*H>(r?12QOMay%t**5$dFP0Sv;8jC0jKJyC(_K^k_1!>yGzz>CK)DcK0E6diRgqJhwI z7fmR!=M4p`W<%~I1p>g`)ovN0H+@wDy^vHu7vIOoCG&P?Wi|GsmYbOZOG8^3|!FZ;VSYynsLb> z6=um$LDSI~%W0d!wI?1?QtmK$)V@+~MIS0Wt-E|Mv>pg}(L(hpynb}WlpHSrRY1IV za*laV)stv2ZK=!m*;AH;vBx>$9US=hAmIu1T+Cx?S0c#moUI$|=R0xat8J5u{ANJ6 zZMV(Qd%lA;H8Gs?t;!=EE;KjjGUn}4SQb!C81dCS_vwgnc~&zsM@+00_*I*^G|XpZ z4aX#PLnT$y+kLB|ILT4OY<6ksIqe}Pi+XDv@jG8o76~brVJ@pFxsCr9URStPs|Q8| zgUymQNJ@fKCKHJ&(=E6|{={%ey7usjpYc)>`A4WkI=NmI&kNs%{lbBJu4s~jt%=+u zvIwk7L6tWvoA)jnuK&& zWS7wH-v)Usev%{$oitil<*i=#^M*oMxGTzlbA`$109|uGpP8(#dR~aR*-mGXZQn+l zUzn#LyuRy#!N@l4O+?VA70p4gH2)BPBr45h{>cyj`plK2Nu)mRHJqFnL~yF{_yiI8 zLspjrtFCZ3G&FV{*ar+q8je&NCSaQ$O`5-4Z`Ge_yoS*;K;b^du zuX8rLY@Ce0HFzQdEGz@II}tmc#&M1~_>N!c=SrvoZ;%IZV&rx1PkM8v#o3%ZHdC^a zmir1qmG3wx{35S!t9_zhJz(NJeh6tFRpeez$QPE2LPTwIKtr!=g@UH+j7EQuR8I=0 z76C7Ac6R#Fx^YCsZU+1wzb>#%@g6I9sQbVnLV?^K4Y$?&8v&71?{YBIB0g>}r8O31 z31+9GAu?R;ex^-7Ek9d%mJw-7!n8jIGE7$f%=g#-Skja{)bFM5@u3UI=bk-F8FDGU zr5Q>}=^kLmFjY$b7=$O_O2`g(vO(E7lW|W+5 zPI0dsp5W&Lf|Tq}IF=B-bLir=@K6&ma@$~SVAAo;8P}TG_EWe{9*@bBKb(BsMS=hN zeh{j&-umO!-99lpPSBQ>d4^D{Ai2Z2Qm zS8J|<_t(8)4y{?>72;DvkT%j5uOn zP6A=O>D!$@N6G;3M+I?hXPgS<4IarA7`n8+7E8GlaOYf7yl&?9n&TLq%NVU=W&!TF9^-aB$=IH^!W#R%Fbf|6d#qbPXR5H6PbJ@d1yE_|>dKK$le& z*iU);VP{?mu9ISaN61*Tlo8}cdTwWI-Ne@U$vm8obcbLD$PSl&^Pzv6hofb1^Tw)H z3yPS~f9mHu*H1hQXXtCyk+v49&ec_dJTKGrkVaY0vhYZ5^=&~gWfONu8o`V0B0sreKXHAoEcNeE0?`Q3CY1-#T zq(L>#z_HSsy&qz*#8Vu{EwZcrC2%We&~Cjw2tQwpZl(={`Rur0C0!6Z{oqb|yU~37N9R`KX;G6)xZV`g5aj>L!)7 zU~~(*U+Zcgn6NL_&(x-_%tl8%=-JhNtCYDAeSR9>Y47wxBX8{F$IO}z`%PTUc2kSt z`@4x(A$$U<1!QDCC)w)o8Ign0K*We)AV=fGuO(_KJ69SsOu$M8m%;g4WUlAc#>FcZO%&`%|cVae~BIX`!W(C+K$M6LUGm$R{0t>TEb_(Wgb zUx?}?%dzy1T*c9TJwJ%UWLdTKgO9?>yYtBjU-Lb>lknF~tJ6nGt3p>Qf`=6RUw7tX zZuBPS7q&USu!qy)R8Wsa$+Lwm>e&=N;%hcOj+{$X`_=yyvuxsWd_JBO;xALdPIL|AejiR3-{fdpwAKU zrp=`r_9?yoLzWYMNtHMm^^E|kW$3apq~BqIEnaq1Lp@=L4oF9Y@Mo=ci%h4Qon zH|P^?K8r9iyU*1rZK}IZ!c-fuGB#|QG1q=y14)eps+2CCl<)9WCn zsoIlJ7!WObx$yJAs|To_-0^IqTvph0V5s?pb?CCn^R}g-dL;ngmQKYB=$~$y5;x|V zedTGN{@%vqO1|7XCj6S_!R5`oCB~s2deQRTciH5&b=GgADZH?Z2Lg{uB}6$eKi~Ay zPFt(Hg?TZuBG(g#JK#b|ObUke$hw@lEMSS(qxsfs2LAja7L7RQYEijyGN5d|ym^`5 zZlWI$xfJ%1cmc)q$>9^uHqbq^Dyo3dq@f(~$lj?xMfFh-Ce}L!nO28-92QM+MscCThX`g`vugLE9pN5>3zbJWgX4+0|9@>6hT=#qk5pj z1KQ!~Y;P56&5BQq^HzvimCH4Z(taT8`2|blG+qD5T~3sNmPEpclf1x#v+K?bijJ_a zDxiSrj{apG9Ia_`dNi ztfbb;oN3zp8&W(l@EC$T!;@N{Qy^GtiIpwe8tFvFF0u>Lbb0 zLX*R>f4etmBbaD`o)8=5D(Ak33d|@tM<-9Vez^EEKHmpk`_q6{!2Vp2f>^g4+Z<3w zPj_QU(Cf0x|B)l~l(|5YdH-hmHC>^(o|S#wuuyY-$@jEHar{U+}y0f8JRS6C(G z%VX7IV!t9>b#$MjPO#J#1%tXcc$+nuny3_yJS9`HDt~iuNbzU+zNxQHcU%{M3~||4 zVefX?AiE}XpF5Q-rx?Gd74HGO+NI5Uu&D>%(|z@YG6=Z$hUW_wY?bL7;EG3Kn@J!h zFBCv}T6Z3qlzC&v5V!Gz-gtlOXF5z-vr(kmN7P9r=MGq6?bulbA@S*!O0~4^+o`kcg4?8 zRd~$!(*PPSxMCACt~C1lw+MU+XK|9c28l_yEx)7Tlcjk})>TE&d{MR3?_Pg^1KOZ; zY+NC9C|J&;ZnmnrE5ZroF{hgeBOW(|x8jBf)ub=zSKP^>OEThgeOx4)>@FQR4&`Z0 z6GkD~&p9yS^rv+GjiZA-@{<9pmd;3g+vJqqGO{(FDueL+*SUZfCpD(GWHmD^DbE7v zNmkpOU_~Z-BQdRW&U$--U97&FgSwkmY zA+jakFtFtwtJ`l14$yEvtJh!f{o0bRnq6i5;j$$%gC2@Honoiyd`n90c=9#!m&7#I z>YMgi3(2hRX0>U}>L6X+cUF0yZ-b%s(_*vV%=GbP!MO#D*V;A-_DEfpUKdYjujbR| zj;Y>5%Uc=!o;~wRZK-Er*5|)l(f#^mU#pCKGYzwX>8_Jk-?&9*V-Q+6Keus(nuSaS zfjXPHhQ9&)Cctc;THl*DGaYL?mg6Rh5zjH_iIrJ4S<{#;6_xE<^NvAtFw2Ey44dTw zWK+PqCA#Su7|fzDy#CX}r{fo}ZViJkOmrX8X0JCcA@1cG7rXW^#Uc;RSSDNu%6Xdl zZT+S-;K3-h?^n1A{PdP-{*|_mU|r)wJVi+*!VSs}T?Xb1k}kU^2zdYQvp!-gE%Z7g zooY;DdW_k4=p+Ce1ZvAMTkPJfa1i!AUc2J};b7#ywexmAe=KeIWvsTo1la8OMvR~! z(~LHD!cfD);|J(GMwtDWrQY1Z+o{n~H@3n%dYbC7Zx`vR+>T9MXE-9RWQLA>0napu ztV=Z5;M}ocL#V7C!1BDI$=M{E?KPes-teJGvuc)DWKPeH?gz#Xigr~Gs+IP7+u$VzF@y_BS6SIx^N1~%Wwxx~ z2sDe;6f2|}>ykYkNMLhl>9|J@2}onz{NCA;iuJPhu{IxK`uOVAw458Va|=AG6XUJ1 zKjC@|f#<0W%iTj=55o#x%HU-#3Y+zE0M_hvgU8eu7Q3?MLB~fK>PBu;UlHjMevHi zE4?4=wX-6d%kM5KH|GyNKBvynQO zi8ITLGzRQt_%~z)3zgdu5hl*PHg0b;(POSyS{piUi(u%Wh~B4c74mGHV!RV{ch^pc zHQr)XTX46#=A*#e%m}GFN4OGd^n-^|tWxSK&`=)JjBI(CAT2!mHHW@y0Np&T{)*99 zszs)_gCz4#^)=>ZJ789VvGYWv9`QR4gXC;N$KDUl-)w+3KAFG`S%;3HG%L9K4{5dI_^?!9shcP^|Y6J?ahe z>93~B{dIqdOSTHW2AJ* z@>xW)!y#XRcwf3amCQ#f4e`WC{g6G0S;6V_Ej=e%ZL!oC8S=-$%VwpV-K3;=WR2KE#=F!omOTmwZNCbwIst*PcRuj<&m&hI zX9*l#kLKq|Tv)FBXPe_43zHe^8TM!%Xz60&yP=Uz8#Zg4UQvv`G=y`kWd>?XrKII_ zg`6K+Zj6YpR@trqxUB=yyuD`KNJqj%OFJPaj@r5(*dSBNNvSA6pS5t#RlOf>+CXY| zB4jhJZ8MV(jLS3~q!G5FMO;lfv0d%UpN1ZTP_&O;>x*+Jt%lQ1x~UrqWGJ)8VXDk? zot-16`N23}uE3`P@8Y?$V&wF;ziJFPU84eh(`@|)F-yhFvPeDwDH+oJL!*Q-)cKS`xcA zXyxyp(zzuUp1;1JpgYKMg9%-HJw9OC8)Mh`R;4rs?qh28?Pmq{j+tD3St<1xH~Yqt ziZ7|JSe9U$qh}?~2&-b|N6Dl#Sk51In4%6nUaMafbMV;PfYHVYg32Eo53yY=1-u1= zI3=#}=iy1H1UEVROBY&^OmR5ue7fYk=^Jy$4d!f;zJDE3XBd;Yn*F3VqEs0c-dKW@ z*SOP|k}aI)94*qsID5dW`4*UA%56)E?!8DudQ^A}8DCvl5&^8gZeN*FtimEU*z_nx z7#wPgU$TrP^`LAw4na$0A|&287mxk{Ydzs=Q+wbDKbJpq!mEOY%(cX{uU+qE40`ke zP5a5$tL<(RpT5-*3Um!@NyYyuQb!%30GV%)v+kZ1XZeP+xRRQ`o?(5Ti1_)E?96;w zudQ!OHkVe3+a&WnH7Dl;cQ!S<$N6AI_4thQ?x6pz?N86G+=$<9NJWu)Gl{sjttjgL zc6U&|4sbH<7xGM5Cf-67H|GBOe8CCphWaQO%!ogIRpM4Mpn?S#A?pWG(;cI3cQ19 zx!#p$FepucHGSoEKHOY%**ab4+n?kJ7dFWPrthgG>U^3&m!K+z%=$LQ+;6)yr^qMcZwszn z(Nd>fB4spabEZff|@sbW36wne5c>~_ct zr7AXx@Vl-mhbL-{pEr;KjFNYyj1;z3D2Tso$-GRY80tupVV3&OKSFkRf=lBf+`8+K zZeegdQ0_-UcFel_<)>LSJidz6Gy!699PjkV)17C6-Ys9A{V2wCqL+b3SQ8HF)(gY_ zMwEo;{7a}sx`wCO@ zU|B^-pq-+vvif2-Jm{yS!xMy_{yUsdb!U^>T|ZJhkj)pL4}=1rew+Y+|9H+h*wWFp zl}1w)Lo7G5SOJ!GvVU)YpgKWd?2aC3Aa%#vxeuHT4DNna;1f3^&iW*? zF*My@96aV@TtA9NT+*hRgw5M7Qs5!?HKAGT)?-f7q#kyx6P+vz^JO3&&{-OVOWA(h zl1bt4^o^eQC+(>)Ht-w$M&;2ZP7J+w4_ZUNKw~{l2#Nm+m9wdj;}XhVu+-3S)(2bzgB*Ok$dH@nR56|!yMw9A5U-oO!p5!1u3$B-jfI7Ve_2Y zj7BHjjGOR{(0w$gHaT%zWRBXqDeysbJRt>&xgV^P$hrvU5*%WR(X?vbq*#3~B z3ih%)Tkmd_arGRazgQZe)cZHsE05$=v^+lJeb48jy`Wz4<7$m!7hTOIP5G76F z!XZZFmM*XlUf*4!hDM!k6T{c0p2rCELlPQ*67o4HieKlxdmocgvEZEcc@;{R(*5%U zj>5d6VJr2W^o=gMU;9CMD#j}w4>8EdmBt_m3*%4GY`c}mW93Xo^fsSHFO)7ww;Fc= zej=nOzQJBV;zva1L8elX>?cKB7>7f~8x_5$QG7GKa>GDTJo{6`&F$6h5VzF$nS5== zuQ)tW^IbOJG(0{LKi? z@k4hh0X@D>i}HhjH!F<7*O(g%0;PN?uXZ0*sgA2MzU5fxXre$Fq-P$SGak1D??N^y zAlnvAsgk4wk4^3evnt_k6iJvXx!s%I`e#2=nIs<9uxgk|rt#HO+Bj6W!W$@GyH`4Y zKFfzS&oWkd}B+2tylKbb3%_0!rX;R&g^Ox~>20)g%= zuh0E9^d%atVW?P{I|x&BthM_+KA7lmMK2BO8>hS?)NUEI0SG_+kPi4+I=WpfuRPS0 z0E8*%ChFD)J-9C1)xf*8Ex_bR>L0^>CcMe0m(VAW`25$)7#Km?*Ie)qe7OqV z0;~NxU*2QTfsaq`84>m)L+;nB?3@<9*dBxI1FR(_cU`WkRjkec|*;~=;L(T064N00x9vA2$@ zqxT+u&%xc@U5mTBLvg1_(c&e)Iy^8qiz@z5`B1O3(l+tp46^8K-JsK!sufhPzqBvveG!lXoGZCh zUfMh;fc$tJ(GNnFmEhgcsA^j2YUNZU`^DdmikEa+sTkcVEv|N|!oLozn z^;RKKOS>0m!rEI?@2hnPJWy2dR?=BkI0=4aysTL)Ye%1gcfi;&a zUH@0}Lx;@Dy+~#)miC>!(t)?!-=A!4&YId?X2w!(al<+A|H9=i&z7h&!~rqZ{kc1c zLstI%{n+0S`?`_m^Q>QA6Vvwh<>U_O=)V@lYmVEWF9iIRNIT&Q9MU zSHt2u+-AX^oIn^`WxG|_ERdh!`T59PJ?_fk?b}PjY1Mi6jRqS@NL*5SF7`)_0sxDxDkq%<9IV3k$U|9H?1M8$#}=?IZpC6P(L6v(_eDZT($woTzF zAI*7`VgIG-^kLIu7J@v{V6D_go#tIb>|g}T*brPna{qIQI^4sCl{+iK3oBR8+9M}d z4~?;a`23V`5{ahteEf%B5&3Vo@c7a(Eu$8erk*Gs8Uz@}y(etr??cp3!SauN$+oiR zLbfkod(YRaYALZ&-252{>9H%ik=Z7@tgc)>XZvxuYH?b3%Ew@SN)jRL&FE!bZ38lX zfADK;iB?fN20f2#4}YP3aZ4jK*3;UwWhd^ zwM~Uilc920qxSvW!;#+z8hgGDg@5Oo5E-}pv7D;(7cHr}zyBW5UqpG=e{*o1EMHUw1a^SCwOoYVH%h1f|L^53RV=RKfSPTjfAhdEkGUY=N>H=BRuW<=b< zy3m;(HNIU*8X{**M91HK;?QdS*Uy*K&5T#&29-mZYdAD!X24G40oQE##tF?OQ?SQE$($arRVj zQG^PIISh)EOjg8y;P_ta1(1^+dlLONL+9L#xKsrnL01ZT7`uk>yV@<#-Z2b1lS7Zr zUN+c|1;apdLr>~V`Fexj)WSAY#Tqc$3q}?lZMH)`!)$v~m&FeBY)}cEg@DqbrRdxGEep%rcdlJ0QJtb+^ zhOl#BJSg7k}hgD%)suCqr35?>l@ zU8X~D0IVb=-3Gr131nY|JI#cFU|=x@`NDg~o{~UPE%yDI{qFKNsiUB6De2Wi{_+uk zlx$KA`FW!?V@@1>(;xjxJjca61SQYN{3B&^kXZ=mC0%E-$X$7Pb*FIU#QFt#R6gd# z?$1NkGw?l9!$R(H3>s1V#zxF+fU8A?(g))x3+C~w-EV%+11Go@WzCMbq~L}Suh?nR zt=sMskT1~cJz_dxeehW%2*tLr~60e^C5!e9Z8Wu!(y>zNkW9b zr5QQIL@vybl|}au41`hfZRHjiSdX{WaKa>Fb1w{6)-i^tsBW|oOq;w3M&s5OF^ zQYsV5VrfBrWd#O84);Uz#pP+nmS0=q~rnK`(oZ z-!e14*ay)Jq%VNB^x&9Uh#$VEYJMN4lvp38p%nu(#z}9X?tJB?om`w(vo*(TwaZ-i zt?+hTQAeA9V`?=>;Ljkm>lF}CzZ%hKcgB1cRa~E4FuO~AufZ3R$mq%ommr*VNAch2 ztFx?X7A~d);UwH0Pm_jTm_V<=`fr~n=wcU2&0!28s?TI^@4hdwtJD}jo^_miphiqo z*&o7;_NZln{?~Ja`_iFPHqXQgz-Pwh4W`kM{nBIS&IiRwXA<4l+`4~IjpZ_5kIbif|+?TZeGWeF3 zA&6N>YioIrBZ<<6?fKY^`Ozy1t-de;6_GLRAtL%pb z{2jD~8rtWb$WVzlK-)@jlW^^#YtHqHdR4)lG!g#lOUm^W3^^B2bs!w=#ut66ylyHsXlZ9PsHx{sLGm@?^VP@%C#&6UlwF!=fb&e04=N#J<;KJzq7nofF znS34{TX5iz9kgs6{3YLcBqV0U*9e+o8|%}$aFpH2KvLrQ{A@st%shlAuCL6T1y)p? z&{44;yep!ym&LvzSR93;wJ>O8WZ_``dYa`MlT+_ul*w9u;OCmCafo|%oxVQLo7(~P zuCn!*XIG*7{#S?L@>PdZ7!+-o&)`$fyH5eYq;z{L31Rv{P7TFF>%&+lIpVFSKFW*#2=c`z-?aEn(8B+)QIowF zdOtwf8H(+I1^QC*bJ{lKdrf`ZL@G*U(Jo5hc^!5jW6h^=M$R^(4$tu3nTzumgCw2Sm% zWrh!2HgBJhaaC@o9H zr@RUp3R*9ZZLlA8jcS8t3eCA!Ytuh`AE$04@ajHTD48qbusF4j?&w-AJQ#3ZMum$6 zUgO`nvo4JD?UX!lOuIk}gHh(3=D^0KxCGOdFe^M+4zuOfr%&Z0HAj#~H6Romn0yX# z;F&6MC!3xEJs9mbZ>q~0>$z`U(PfS8%^lFk=~r4#N=H-ifiV=3q6c%$4Q~!#%01~dy46oc z|CFKsH!I5k;RB@Ai*TNX5lb$5Gh|IDMY$ejay2wn4*Mu##f_*@KBg`yx#Nj}*PGKV z95AONf1N0B3%MQal%ihtXa(=$MaYerATFKI!jN2ZyGSb??pf5ElaW%2c9-@EiUn`B zfMZ%9Er$y7SG zp+Tq^gbj|AOxg@<0uZ_r3#d5I;I7?x|A_a+q*Ehr5pEhFt91=qC^3#{c&95PJArlI^5U)3h zKEYN97TAS?y~%0Z(LqQJ-}|E~;)$8imKAwSF}_cT*Z7KCOlbEVsgyVdqz=ivKmr>~ zY8OxYYwD`UNe7If2_AwMGyIrJRHlk;GQGtgMK%VNI~bg>jf%7$+~ptm+_Bbzx%at zL6W?(Gy1eJrp=eX2zo-=nNL{>e_c@e>(ddZfyHo{&M2MU3{~AM#JVj_;BGV-J0EXx zI4#ILLcqZ!=Uy|N6ISOHbk#rbhabMTM`=hp)rCVN=^!heGkV1Tubcul(-TZihLMqO zGWn;(g&rF2$C_&J_|><47lL~N-xBY-vf*=BNb=8rKB0>FUCf0!x=DY5kNkOHlPq%N z$5Z`Y5!V-FSaFVB6oCkqdN;n4*%7V=L3lD>COT!};K$Wc&pWqN~C{(U9k7v0kUI??9D+o%1)fpU+^`W_V3QtL4 z%>$R5?~07mRu)mV2VR#qT>tt}SubhWvXh;&GHt|+s|Zet?F??Jp{(yZLmV!|+0%=7 z|K!x{S*|i1$}FsFw|!QrqKdp@;P0mYxEg`5GgadM;5vfe0Z@6LJh`&yiZXw*M@-MM zOnDs<==d$GEotQ*M!xSDiVN*1ODIO3gk^JEO#PyfJ5sR`qExF#SLl^nZ#4i(qnA)S zpY!!LBVs?I`jEYD_o4LK&o zVF(dnILb?o$J*J_e@O7c_L;tIpswC3To*YY7Zc*Gv1kyGp_#W%( zB_=k#Del-la`$ZEN;sGEX}`9B`>YT@^}j0>U{;Y5{r)vprh*_IA8WDJV=?#&9zeSR(16k3dmCZ9pEK_oU%pfZ;#2(#7z{D+QI;~` zNZ;(%lG1~p&Kl{dmO-_98qs@y_ZfNEIW~%op~g(*AV;#}CxI!BX z(>tifL*E!#1KB&vJvN@74|24>{E8(YV4nfUgpACEjI%o361zbqG;`b!!-6rZzm{1G zSyOUNhqV&3hRSr}(}Uo3Yctnfeh-%g#G?9o!P;i({N&)m)nuE>xfQllPC;qB7N0Fk zUxF2+YzlJ8eklDWo}{NNY#Yj+4DP+rQ;z^8uYtnl8ud+VSuV66rHhod;9(FSB8OUV zT)z8D%CaPcl1`HKwU+u$>BsCOXr}HQDSdUx99yG$B1BF}K=Cwc|9$snDgZMaOX?C4 z?C5c@3?=qb2fe@J{AnJ57>;|Ntg9#V-Ex*PD%R%3lqG=i^>w`{jOhF#aBl_=Ks4_Y z8es9O;O+7s)TKh;Vs})Ek|zm5*Dt9d@BRI9?-dxsrzuDJ^>U^M+mo&SbBUKgTKo>F zq(rjP0^L>L4qi3oorl_!WDZi;;tN08a_Z)pu7N|H&jdD9Q~(NY+Nf6icqW#R>3h@7iygxB1o8cK5yaae)shzQ1yb3*w zvyhpB5bEqCX*DM!#c~rwu~2Vr!6bLWYsc;RYU)TbAKI?*Wl)_5rr*!`OkuSc9HNc+ z@@w7)j#icEZ;eQx4{;w`?%&^xVpFcI3jBHJNU50<9ze?j_y{zEKP!0I{TAEh`-k$h zY+_LPyWV2)zOH-~`Vj9xLs+A*Ulrm8?fKos4~jD|3;#hvTeA(EzkpB#wcSw5F8`vD zG(RrLH=J10&xr1TD|+~zjJf?OT!O5$lE4HSnFVovo>s>olE;Ep?^cs7#J!V1o1fc@ zs;%!!XE3S;uAzxNRS*MHnZ4oIW0`50>l(#^rSWbeLS{`k|2Jx@JXSJYULm>oIoLB) z|L5$$u|CSNdOrSDBbz|FdrrqQ_W(GmziM+<#7$3xkPh1yZrt@x5PU#3pM2AAZU{5N zl@%>_M1|X`ogRzl+mLM>3($Z;rzBJlGH@Lk-@#zBiM#&;N%bFsJB^#Ww}FuL0z1Q$ z&bv+#Tw}q(xhKZxi$b?qT+DO;2{pk2f*4s@ZaS~*U{Va57v8gppD&)d-pj@!1cgcQ zjTjn}?)SHLT+zl7%P<3Ux3qXVBk;S=oNAx$O7>k(`CCGlE8r>MS7vQ}i_S~k#fq?+ zLo;j&@6x5p*q7FOK2x7H?O?SsT8{eAO@wp(6pM!hzOw|ONi>}QbRq!XaGeLJiHY^Q z>@9;NdXKmcesLAgmhw~DOXs3=k)wBf1 z)Vmrdg0Bse=DRG<@&#O)yn~$%vA3taR~_HZG%Qr`<9F9;;YHer(%45VDRsVEz;NM-6XtOVq zWRm&b2a)#fC(Tp+I6c1KEZ-5U#QzK#rm)q~BL{p6~I^>7HfFgF=j6 zR~>o16_9`Tnka>GBpa7mz=s06v8di)9st<;Oh3t6Y@DnuBNv|) zmxZj#YEJ{1DxWuepVzGDVo3dzGW(ZJXBf;{8&(ex=cW*d2ObbDBoZS0bbDl;=9kck z0$k~C0UsWjCZOV?0-iH)>RWuBG5g^F>juERF2!;MsNYTJet(dV!sq%gp8X|@L{^p9 zgMRYBO3c!b)+1Y~XH+oU z;@?RFd{wl36bWxYRV)KHdshu>X}q;d`-*YzCquJPFEam6LgrX9|AW5&)`QS{=BT+i zTjqUjvoNJwC#KpfAc8fH`vV>J^(cmK1vD~`JRj_5!DOn(te{Kt?1!=sG=NtPZ4`3d zfipGP%n%l3#TNFu^)$5n6UL8E3QUs@Cr_XkWQ>Qu;XYt`Zh{w&9c{S+4ICoZbP2=U zXS+&K;-zplu@uO0Y&4kakLvb@WZ*BrWq~C3uqRA6SSM$*L}W*Wuzg@unWpvxvha9A zNE6!)(>U;$L%3RfC2lBV@44CM03!fyE?Up3|xID|Fu zGgWH5>7J~Qd#_CS>v)|7>|Oga(*M_w*91oJ9E#-ulsqW==TW7 z;VNe#_T`7+nW>r%Z~uVILH5C*3n}W>>75L@Q9F}=c7owsOd(q5#@47H&2WBqPhmRGPq=;e(7?`$aGe zTMrw+r=yBjzJvKOds_ z;2e6AlHFP{L5gm!{X{=^UQetNAn}Yr_*=%d75KU)kG)n-?w_6!^7VMI*20h$)Bo>b z=h79>tRH&KV7Y&kp;B_ZtjoX17ZuhuX+Fsr_nYyc3Q4WaU!q+c!09&(S9}V8^91r~ zKRCaNZp!Q`J)_B-r+6{Ul`jeS%6sOzgF&_^6S8ALwLkdS)DLc--a#MAz^PdZk%E0?#D)o9wTf>+ol>)OA0GayBd;TrS*z4afX}G3p zY}`)YEcmgY*%d`D7DeB^?danTY%uh8t6Yj#tOgD`&^8iFf@c(%lBP1w;lh6P%$_Wc z#$vIOPM+!;Fm2xDkt=5X+g9*QEJkQI-54ceLx=|)DuXgsmcpO9a7n`x+1uOnKzR1(FSG)^bnZ9z!36{e0%dQh z^wv@YS``d)cV=iRw&wXg(GO$T|9l++nvf7QR>rXY+H+<(`O6!Mx54ySBvzMy5TmXr zKV6rDOko#j)=Z;P?hlUn`m5kGMkG<4VHdS+Q%t!W;xx|FTe@pI#GBGEYi{ygxKLDE zXxWXGrw&ZJcNi|tzOs39ojHy-4_i!%rAuI_kT&{dTN(bU#-k%mGo55Z6$<(Hyb$+v zeiWZhYE%D(S-IU+G|ha`*x+-B!vJrBp^#tUyG27S?)LtvyL?GG71#gsi2!~0ZiMEy zdp@YoA$lT>9r0b@L0mU!>8*>p6>!{`reog4OMY!W6B9hnE>0D-FYyiUBn21g}e ze=2a7sdCnQMdfFpOkqmy>|Xpi1?)HGTCpj4rlYMPwset1wx^S5ibShy@bD0i%q@?( zUwTNm8Tb5c3Stv~_z969&CVBrUBlnwQl_@PGTrPw05pif4E{#c*pkW0pH@j)xwD`@ zTO;+aNd5gkDy{bttgfgY-1*w7#hKsAjMeasHhbXt>VZBSQE*yfc3?4PwMU_%4{VWo z5D-&k6r@~7?BVI+K*Zzco~@p1lnt?TuwP>iqeTn!@?!ssGiC$u=Dl_ttQka z%wu^Gyne_*V2ITf6dVXX$c^85KgxSU?BW+AUq>>t1VS=FaSp6keLlVMA*-m z-O9>P%NTEB=>~KJay|pZaYjVrzm@ubl?`kMF309&r{(-7oy|BJBd_&PnJem%+l(46 z06Ej}PEw0noKI76#M!oN`f0E{-$eB+-8qCP21v&0Y!tsU#4;Xf&0JOKcJy!&5f%Rm3b z|Mx~Px7vXDzY@R#4V1Fng+FTHDdtgjA6Qd{0)Wk8hE!E1H+)t<=fD&VqIz~NGL8m7 zK}d#l0k$*NU;Zoe|920}>}&!6b?AZ4SH9^{tvkLDZU6vURa!Y##lOXP#r?bg?=3w1Vu(E`hKVuN?RKr1JvebK)9>-5IDdI+K>6eY0Q$jA_&+5<1o!evQpnv!>5_r}R~qOq zSiQZE7@d!9ib8N3rvGjnFh9ZxBPZdJa8W4&ZIcAr);qCM++x0zwG252ngnz#KYifpz!}UMeZ$^0Cb;DWSa>@i;UOI5HXg= z_NA*a^;y^>I#HRvi${m-bVxZ=$tg1>Dfhwj9(_R(MLPP(3&jBdFj)ce*RPs4b| z!jMP8e4eQ%>z4Wsutibl9rCKP=GU1BLR^?nn$YG$Ew^9|issev9|T zTzVRUe#c?4j*SrkO!01dKK|Kt);FYp>q7VWQWytNL5T08GZWZsGWPqb1R&hHKgp?8 zHUpDKu6IH!N#U#NZcbHSX9VSfHYY+52Hk;yD00*9={91Lm<|@y<%V%N4A#V!?R$AS zVl3wfqMu;Ax3P!5;vinlggot*9leuseuMSke6I`)m80 z22=|Gz-?Wj96&-ZAZaHgiZPkv2=iw$oo8APo*y8)WKM#Z6F9o?&<5eoKy3o5bBReR ztDzP^oLCwB8Z5h^9suAU3vPM?A65!&`^z$12x^Xi`<(Z)w&ifYJ}6DC{VMy=sa+BO)oN zKez80Td(#F5@Dc+4Dt9)YCva4e4|(pZ}~FxQIr1(m~}i_9e~(Mi~yqvCt30G%d)Ws zOR}%fFWxo1qX0bC*A0yYaDR*qD7_gIZS4&csi-I!nU;8IyG@Yh|5H8;L#Q;EY zBH9z)lRZAPYiK@Y>fuq|UqroR$c;$ z_Iq)szkczD4A5p=IV?*QB&;jO(m^ zL<`m+;eU%+)FH@O*p!a%mc!e0ue9*$kU}frIc)m~Ccx3>Us8rSNpSlZhz0_N5?U|| zfNY;ZNOO&&mv{yHF4!9;Zn+&qhxo|O1O*ZR^v3gZRK>7EIMV0aM;IBJMI~?k_zn`~ zvns;3AGY>6q6H`treyHxm4}W5a(n^R05Yup8Jke@>kaM&H1<+ty*jIKqq+6N+PCO? zPsFny=3*lO=EK|F}9qbKsDu-ImS;_OQ^wXHbhb{Q0ImqOBhWP|E`9e|`FmDlvotRi{oJZbyDQfy)WHbKr_ZqtK?m zi!2eUt^C1H1=LX3)zBRMVe9aL#P^7wj(#k+{{*y4`Kk zWhG=iOuY`1W8%(>Cser1TjRc%yX7farjHE0@VnlBUyUTiQDXw z8Z0kn|MvDWtulP&_8YW>V{oA@89s_x*u?TRGpNJa-dw%#3h!e)gwLC+d5=t$Awl}l zSkd8lYB{?bNO|}bzRwv~$|H{Nh|yZE$4pmn41%#)&|B{IaPQ|hoJRY>l@rf!s_&Th znjzA&0b`*HBhAaNO4TYn{%3ZP&gZ(e8fmSR>fft(@1*%~^tE8f~EN zj_&ubwRoLZM|UU*K_Llc>lHtKX$4Mmanme>O+WXn1I714>GcEKfl;oKn5&N7DWTcB zQMb8i{JhVHDVxo=m<<>AFNenCiTSig>AHJ-VqlS+YGolzj-PV5R^sfPOX84AY*n+BpJ{OQpSZ)mqK_?Ip&Q}062AKhEl+G#ED$5f338Gh;QV6$}-xM3bN z&N)lGt`B6Tj3x5SYvP+-ziJfI?Z7}+UJswc9>SbgOu znJ^P{F)*~UJ%!&vd17E)iVNS;V?Cq-w))$2c)f&S7$N@K(%0gtw@Nx~8Dk{n^`|w% z7DoQBrDR8avK#vwuJO(^?!jHL6hvaH9r376fl~|FD3=KDUyhHt*Uyag)Xk(yDtwyB zLlSlnZA9*8T-syYx1t+A@jyCmm6)C=J>*Sol%pPJBsqWo$|90-6d7()RIVTm`luMn)6{jC!7!1Ed?0JDSiNrxaqhw>Dr7hGZQ*jlL-s3_3yMcsX%x=ZO z-`6bi=hVA)T?Lt-9S~Rk+vmtPJ)ER8xe-fa!q;d^Pb79YM!c`tAVlc22GwOFvVW0| zTURx_;kKP;y)@6V9SE7wBnL=#<}1cR(FOvGzGLwIQc7A>huf3isGF#6r22GzN#^nE zaUZMbMFK&YDX+ldOwH=Xx* zu0Qo%5Cu?V_NoOc5t=?vee%0aqDP0Ihkz;s;8?ipQT(N2>=76YbdPy(leD(^*<6i> z;g_HdYgMstOR)T?MW&E5BK0oljGf4y+1XE}@?uL?szaN$MzVziv!E1>{0FcMLmxhg7NQ51NH#JF z28|M0ll?eJKiF+wW=0!2st-JGI41dFb}NVlO0C0fvF` z0Y=jXkF7rpqm>)lF4+1(ja)L8(TgYc80X9k@+ejbt>z3-gk_nDC~na)*yTlNa4mRr zn7g@LM#zq)N)e4pt>Du%6U9uGq^ayDr>U_wwsJ`0HPqM0TTVX?o_VXXw6F7-h)ogt zO0Lkd5IUm*V*!nsdmh_O=h$QMCoMYwOq%d8QtByv#ohbNKEMuvY{kIfN{x2QKpfRF zo@gBkNC}>b%ZF7aY>T>sxIU7Oh;jYXp)xB9ZpisrdJU5VJy~W_yW(1|!j3V|PVKpZ zJL&0LV(_o!+2Q9c-=X*?GFW583(do%F6@h!WwIaOaRbn>aZSg@>;{E_*{Biwu4V9_rl_ZS=gDKFumVf2w=+Z@!=hT|dxNEQV?dS9^^su2w(;e045VDdy}*KTZ|jiJLf2hX0l!&Y}H(jm?22WjX}j3XRKqI|6e0;6Qv+g z$S*pDW!{Hzwa;B)s%usXaii>Y5GM&;+lXzskDJ*L=a%DPp7@uoCMA8Xo4>DSaEuKO z2K;rovfyQ%K0Q$GV4mH%y)k{677?m&@6eB47g#Zk?Ll&{p3b4AwloVqz| zl5o_7j;d@LS{!3UCc{36&YaU!QS`>J!Bx!fyednN-YhiDcws=QF8dj}FSm9rXtH`r z17vSBZBddz#~AZ_W!P&$-2=dBw&pjYLoZgK_&9Y-q5_qAOGYLcGO{8U1*Mtif%+t? zsU$2(gND@2WQ~i-tQG}4-Gc>E5%L~ruNA_Lv1A7I#T4!ZgYitub7=f3+WC(GXB%sv zX_=3tKV^BMd;^jcZsUDmGt0a8JI?sY-n6sjMx%J6QaI%IInPlgAax8td!uT00H}n= z%%gl3%gko|10xhLiJ@VZ{1(*)09ZCm8o3Hlig}-T%vElfeLkl)9AFD-fvF~#7Z<`H zpfax%rP}4>^Ji_T*Tq{s~N#Rk=%$8k>;ZC`|&fPlN;Hl)a3}nU&X=@0| zcoWk)%nh3%$44Wo6}*m-dQ+dHo2b7a{6dV7$|cxVM4hyrbilZYN*r1i?`R+)_vwj2 z=?gA23L1GYHmrY^JyOGS|uOrW$8)SDIP%x@# zzmm&2>3?EVIL5e%(t4mf>{7@_$adH45>*?`J+`M84U1&QHbx}A;RJ?>jgBy5hbh`h z!SQPCLXxeD;<4cCDqUwhHw9p05zD(8k~I{vRiA|%27M0%mei!{{*K)S9`B4?HZRdk zRaIxTMdz;C#L(`1U7rqo;!rS1)M~zd?@-}H3u#3kAy^JS?en3HrTr~fPgXFYRF{@6Sk>Jod0Gg z9v843=~}pLI40?B(EU4^Hy#V-#|R0GHvrPSo}ReA;NqQJIijn)tudV%KDyUr2gh%M zBTHiGi;!0cKDB(eOtIZOxC!e?&TODa)6f-UW}EKAJ$(^(SUb4cZzeZ(&K3HBYS?}* zCiu|^I-Hq804exG%C{x_6jMS?pJjrJOShNVJp@a~;kmz_VSvEkV=!G((qyw&v?j9w zUcPQNFR7|t1*d`YJ$C*SU9GB(9rM|Z`9W|VQJHS0 zpYiK$iwjd~eifZ(C+Q%wmStaiRwe9($#lPv$-wLQ)Xzk8P5i3vlY2Uj0cet(BA3#o z0!PUDig6YC&Zw=mlRU>;IQ7Tg^8Em7j)LtRFGD-RTcQB;pa(p$Q*Y%wy2uslOeOn} zBH4+y==-Tiy(8|(b6&>v%|ZvyqVLfNK|4nkC(nJmNCvT8pOEj+ZPTkZxuXrx;OC-K z()gpAFBgKAuMrK<;d~&iQ2i~sF*y9Ga@{5X0x7@eM44ow$}-=(K$<6B=?lakv*ijm zl(p1r2(z;VYDfhHPXK_Sg!}jXwt`BTY6Q^*X*$w)Vl9c!y*JK_S1+2i@9nlVv*nUA z+#KSQD~t{PbXv_^&r^{Z@fZe8xlsLYV{1w0Ohy1-fKf6E7dSs-BP@#px4=e?Axzn{ zo!EiOy`!GL1_pGwm4PUj4>q$@BZbNO{g*q~fh^l2dqsOK$CFQb4INM!=6OQyjYO1m z0-;I#9T#8WN8?`Dx{-|0Q@x%jX3EuzYgwyZs6|{{JlU?be1Q6qzcr0pFkgaOf?@UX z6@LmuRd(Sj5cti1>hGIUv8=+Yct4y9fHqCPZ3a>s!o2r-00gabKs|SEIDo zhraX)nDT9yh1%+ezfcm`yc*WK$p#>9jtM9B2WX==9t6h;d0TDznGi!uKOu9^!2P~5 ziB1iT+w%##B5lEMmEvyT5GfW(l56SWx#>ZX&7WO@kB*oRS_&7F{yOoFK+H&0cl8^u zs3B#mn9)w`vClPQ!YbN0dq%$OcAWsTFwf*PKKxS8#Zozl@OhZjt__TYshT`2`1o7Z zs`t?06+#&LbCvH!d+Se!47_*-^XQ(DI=G=UQc1MLEQVTZY%;v6Uw&yvx(c^x1An40 zqZHXG8Mlsa8k91jtF?DI@g3HR!{F;}V|IoQv_SZI12g~+wwUR`_4(+!ojHnloECEpdtuCrn^4;Z;TFc*2ek}Ifm=)tpy zoef<}k!W9@-i^1DCUL@eIP?!}1~i!YiG~JMhq#&S#NANJ8m5Ai&I2R`P@{9nU%KcQ zGt69Bl?U{~Rbvrjlt75?< zdc6bqbevjXM{j1-;alsOmQ$PA_9H@c7FuX7*ZOKR_$+%|8^Cs* zL#iQ`j+=w)2(MJF(UWTUv=wS6^Osim>URLNmmVd9?Pp=KpVv| zVKxQCEJQP1Bi^2~%Y=!4Mg*#3md&^wH3sBW z!dyojQQm0Y*m02tx4=i;#WtkGA(1Y$DFA>O6YN6ydu_1$AM(F4dSIU_hCpBZg#nBS zGpB-t4TRh-x}?}aQXFKQif+u9P~TIhuft7=2O{9d*vMHEF%h(d--g~wIE=dK!LxJC>1ZgU7fPJkZJN8l=A2Ka zX@@zwB4Juok8>+AQ`1wz{MIkLFaN`Wk#|=?Nx-a7XQ2cX z4FLYnuWNvpMBGxqO6^YE-vxa^4{`sToLbBEJ0o*rrXQF^Th$FooZfT}|FRG#9=O;` zE-CT%NaG&U%NF8+@}synSl{eeLr*@!BIpgXW)7rdzzT@-#>-@1pg~W_ElKux6 ztVZ*P&fu;t#YA!+o$@#B#0fqM*82F*UqIE~)N(jl3DRD~Qe!*;9Ks7I-`pUJn-M!) zJD44?US`uwNPihwChJo(rV*K9;G)*egirp&1BRZ|C-8e*I6_O@IhmFpbq4a2|L3<2 zj`U%&Yt8nfe)5)gM2fDK3F!n7*vtN&rtdB(__@}aJ!fL>LCdg44$;c zgXSj;mthW=M&&)Kwu$;+lLCSg67{Z@qZ?}H1o*qgAF|7Lfc^opw!NjXmvFJd^|l-m zuICdB3>VuOoi*>hH)Vc!5igdIq>z6wM%lYQKCO^XbUhtjXl4Ka000014*s=(D@GPv zTMWiP=m2ye4PGFn0>N;vo!*)JF!x;azZ(Wbc!D~N`8aFh@!oo?4#n@-s-u>#5NobJ z1K+z4Y*ZUq3d7ed6#^NL|FBK@fVR(Hc?30^cVRFJwOstS7MEot3`#)(ymy;$uJ14d z2N5b7-T)1j=p{PmXX2zaoeN(ObeD}QGM?LE)JEDwq9xYPX}b}^n+v$1k)Tl#dPkwH zSTc`y*ljiI6BwmC2`lU8z|lW2N06yTb?F)`2^ zWR?M4TxEX%$~}2@^O7Mn&2$jugqm~|ATr`H$M%f2^Tn4+4sfh4<=DxHno~UB-(`;W z4aZ`of7t8ZiL0E?Xt|TbnLJ#4?cV9XqW$$IHx~q*#f$1PgI$-5fue^x9GYnn0i-ZE z>x*}W@Z2mF*gWfm5YEP_m>xxUPtd*35J@IJEu_#6o)~u$DEMIHys;GX>tH9QtF!|d z(Cn@O>21xfc-h$xr7+muWM&QH?0006TV9SxW$<}z{Jw^G%wVwo=daO=Zs&{Jqd6W!q&EvE6 z3ZaOY#GJ(@Jc+LT=`v`mCcT$O1`MoMywpdHgY8*xVE-vvHp22xCfC3-tPvt$FlN@)Xs8_duaFl3)1J}C{9eMFIUPAMy_^~V{UfvU? zAf3YrFwgm-R|(EKlEK2|4w|I~Z%xK)4c2_ZhQV|PY;kS#fB|{n000L! zSZ!DzZ9kBrpafPKZ};*I`C7UWouo+EGv?t?A@i(mo&0j>CFxRvQ-mR51dZiUZS4C6 z=^)4ea^67%QKiDa@!6@cQQ2)+I_)4YfwuuD*f0vpplw=Afb!JhhMN~oWu*FxYTHjD z--=TDG&HvK19;2QAwHPYax_IX1Sonsj4<2DNZ+}hc}7Wo*FZknhj-5T5NF&SI!TuF z0?{^5ohIcd6d6|S&)9%n`lb*Lh#ibI19EH+e;=-Qu}Ghk-j>re7xU}Q5Pwd1xovW|CBA$A-&9q|>qB3TuKTSUz zAbYru77#mGAwH$G8AL=RxdjA7SU6&(0j9};#e?fPOpPs?atlqFgdgiR+PFz;Xv#L- zf9k~g9jFr<_Gka5x~p>`F1{ms1-Fivv0)AF5__V-#-5+B93=rZxxP~BMF12!$aHxs z=)Rq~>g0a6004avttw>Ck|!NS4PrOIPnC+Su7e)|;+WS&KmZkB--iQu0^VksV62jC zWU|d9x^>~Ezyuxz3~&aGu)LSZ>;Ny4Uy-B%EemV|JW&$3<`?#tn#<~VStm59TLI1K zNk9M|bHE`IF#G@}5;_o&=H%jp`y!r?CwX0Nv*2B^YnDGOeUMA|TiSH2;JQ z$!m&qWqFz|bgK{1FQ6V{3kT!qa>ACfaKxAO>N{Rn^6JM(EWGEioTR{WRZ08fH0UEB zd66qX5%~OMVv$owHNZ*jVGnkFU67Sa{&Yu7X>o?e`D5##l7>ZJ;)rZJa33L8q$SV^8 z5>ILSO~yFW))c(xlLO9hPqVd~kXgEHHv4<3S3P@{KF0r9^RmF#CW}wNVOx=Oe6`0H zxYp*_oX#mq>IAB_@Fz{y(xG)*&T=tgO_9cIgs+zss37+ORt~Q%tOhpQvAbrh9u@Gz zikPp_@&wHNN@9?<8taQZN3e202CorE)2hQ(I3GrHwh1#+B(C_*9^Zy8zLS^+o)q@5 z50y~{zu|*?w>^5g^9p%+so-wx&A^@V6^FZA{qLW^-sI!=uvWUcutBMlp=IJBBr~k$ z;kUOhf6BqeS2i?4bowo*20HJ(UF3@vj(k8itHP3^9eZ*pVU~*mY6L5dxfql|wy0mi zxNH`?5J)N={c=F1h-SQWP$QS=n=KE_eU#&qqaT-Z%ifN;td()+SYMh{k0D1`7- zzt>l6(6*~9z+J`9SIYp_#vri_cmVW8@{LvGH$jweOc3;K#7RTn0O+Xb>emL5{x||w zPtd!0+L)_2>RYd@Y2& zpX!{%c4t^Jd%#Z-AI~?gTptb6kS^BV7J3}<1HmY{NZP7+V{?u_fGjy4e%KrAyme5$CH`sOIO*FX`RCqSg5{dZ(el9g?rDf9ChI6vsjDC1 zgQxI1UlYjCO=ZZ)f=79TFAmoPwK5i94cz*x@000a3xLd--)OUvtX&%rj zta2%qEy_oX0d0WkeM;b53`AT?(iZV!r)e%oP?y80NIW1!eul31;j8@?*^yQol4yJi zA|Fz27kWo01Ctj3h2+{p$xEcF*QyJ3D`D!ua*4$ikY0M(xpr3shInjxS0$ekiFvs2P@`Wo5t>Ye<*{;e#?+~+4YpI* zaXm;$mHZPFlspJ?&$MA()f(Gt05!-BYm%r+UN8aOg3NAiH|?+9T&Ecl^=XW}z1;y`}?6qX)d zJYiJk2u>e%`rG7lz1rpPrxps$UCJzt*uc^A!VGT7>08V~ETVJiavkuO|FP1W#vL@l zANuVF2XBN?U()`BkZt#MrI#>&I2oBn09qu9Vo(M1)XjjF3XZhJXa3b(af#m)^Tjwk zoVo0=Z;%q#NI%pjR-yPXLF_8bPewMpRT5o!_Kp78E)ko)%QlfVVgLJCclW8sAQ60p zOR9z;l+RVSH{WkBQ~jlmP}yGx_|%9Rh4#dw-mDF1x*g_w2{uhwLu1CS!`8~x;ay2# z3k{0k$}JI<9POtAB0N%K$d~PE3_+B26yD3DgV1tdDp=&OFaQ7m0000009O$fZG-_s zCXRawpq2YVBv?|%SkeFp>f@-hR543K_tZ~?JHcGeibo8MV<*CJvwtFUG4-?FeB*-~ zBSrkeJTv1&pf+H}_p@)(&W&b&z98qA!bk|sF)$^JNh$mloiPAOH+(E{LMSJqZsPL@ zHCg_vc-!=TT($Y-AI&7BFj2^9V__^88Fy8)TPxkj_3q83?;9haQmj2l)an4zdBMw4^AsN^v#|5aEz zqS@sYhjE!iu(UInV*+`gEIbl_?%XP5R7ovZrEpg1?a-%$m%(E((pIY;5&L~Lu`BvC z7&d&lLV;I(;w(34n*x+Yr9*zi0||31h_3E;kwb76q}kZ(Qh&ocn-HV$$to|ig(msZ z5lXb>wE(mjrkV&2#K@&!Sv~ZlFKGGY(E(1iUHV%LScV)sFH2z=Pg+OV^-PdB{ZE=6 z4@F2T$I5i?ee%@glTjdxpUy-{F4^uh0z{9)RV)%iFO#(dcZs+`t$e5`eyno=PlY zF_iCmD#x9;ycqXr*^t6$c!SBg+f0Kl8@AFx%vCmhKfFA^f!F128CAI&sJS6uRgwnf zs;u!1Sp1R05ItcR{5tuAJ4}ahS^|%kqb%0&KxzZRzqZRLSUdEkVT39aGLneq zcq=ZEv~nsTfOTY7=8ANM%wQ)ewHhf5?4F4JrLkVZ?t?D%gh7H-p(oTNGng)io+Xce zn~ZWz0clCP1Z#H%q0MtIdos%9nE+h(2D(T1uQs$Hyv++)>ox=TcGmuY{$iW!eQ!iS zDWB9-%tWFkwBc)M>huuU=u{sl9C!?%CGxJZFDHDzHiv3uXF_97nWliBCS(Z0Y9$3D zUxjA$MYlrkxDm=t$z3(CJ?FOL;o$9W1;t|MUo9(@LNUmdLyZ+@A9Jef=K+`9uu!rm z9#K^l+1P(gRWn+;FL=IwMMF(%B|YdrAh-tVo&Qic{Bj{_P|zWNn&><2OpQ~DG+1nm z_cxJ8)xQQPjhjD1I*?BLHKey?ivPy%!Cs%M`+=YBS~R>kh0o*mkBGCv&k`JZ-9zYO zrUk?8{Q)GbUu?)3Oh)v!gzz8AK#wMKW)oyCq|!I2vF?%B^Y?@F8mtFBRjCg_^~zp5 z8(`vxwIS8%O#TE5q&eoFc_^0;qf!ez_pThuQ~&?~0y?-z08lIeRv=}PfeTv;Z4^(7 zVzf>YaMakIpjj_X9Q}_{@*dFpfUM!4s6YKC8_=K+tu^Ss(%YIXHAi+*C!1!MuB~;}FTp5*;BIp16k#?>&wp1u> z6o)08VmyZT1e0%+mf3$D@*0T`vMb*pSP;^amAM2f@*PrQyS?fZB2gLORa!8?5)wtD4Py0+sLSry0@4OXpPkFw5EIC{@Our_C1?oQov*5tPDWXMyuQe_ zM?QH@<+T26x@?oEaJX%IPfSWBi9T04zs1)kfO__72Sfnb;#*qJ-9^i&TFUBt^HeGG zIYNBXyhd0wb|=t%nxkFW^~~Sff@k4}iMRE)H&U3i^2XX^PHw#fj!V{>#8nFoib~L< zo7=oB?KJ^OC#5{WXlumkRwt=fI_qO!%-BJ$0{rY+%`JVw|D$XsN^9yOZAX z`l$rhBl>o8k&oa20000003e(4O40&aKE`rm1Lbq^TdJgy?hqjK2gYb6y&%8}${Qkq zc|fZKSXufU{kvnsFyny$G8x(`=>m;q8wz45Yc=Fo02;1sMUWy^;1nOHH`6a!zJCYZ z8s#*7cup8AnOM<*sKm%ZYJluq@1)N?xAn7OG>YD6JQ4c{Y`G^f>?dMu6bQg7zL_vn zE+#$dcA&y0;?;pcY@c)}dUv7-6P^K^_nI`!J!B}x3Vc3X88PRkl>1OeLhWw)!{e6& zZlF+g_Q(=t3ta~$Fgru^?YEgMozJ7kD{LY-0B8o}ToCW7e6WzI^;jqYFahqgNoQ(lfD(j)dYxW=$494I`fu+1b zOC3vPd({H`R(q8F_nSIckI2 zTb&SX9RlJ}7uHML&tG^$vNkL)R7K`J$lt zLi%)?zf{t8=yDvIO)3n^*}xlb(O)86NJ_A_V4c9`54dC@?q*ca{IzF{v=UZkhd2NL z26xVjp8yK611B67wDNG3Km%Zp10p<9WWwtsh=A>D(^u}q+Moac0GygR0_KhcuZ1u9pQY`uqX~EDy#aua;gBs178Et#Cw}r%5>f5imL4y+dATF-h-MOY}C* znlBRrx@;9Tl?33~F!1|F0YCMWDJgRZAW$0^O0Td-=poOKC$Cl~&TVEyYdl2jMlO1u z_G<@2Hs`v)m%R1=wP2=7GB)!I+2UNZa(KB})QBfBct5jwvL&LFa9uMu# z(zjDkK7kxjvd*5fCx3)LuF0mKQKTCji z)_Hf%Eu-C9X(;Yrzx35l7_k7l!z|)f5jv;IsbRz8OX+TDy5^b^E-Rjhvc1G0pv+fc zV#k~(G9CSz(cdfu5`YUQ>`&M5EBWB%mICsWkuNQ;0S58G&NhK3k! zRaV@~xA+A%^e)z#QFCJlTk9f*(RwqiVB!InfI{Ntn!&<7bJb!Q8-?V$j-sGLG4BjQ zPe{xF-^hVb01kz{YAUx+t}Z{w0qe8JG?8X{;GD*QYSmEqf65UNSe%474y$36j~`dXi`8@IS1r&mMybjTLgU zv-+r3sE;v-M>ES0R<13E0Ka;JCj<{fdARu1tw!$h!iTc;cDf_Fs$Q8Qq6)W-xGN{#Q8W;F;#pfdG zaZEq6riobN8CK9@X@$-t)0d%iq9;aySi0F7sE5)P6n+;>b^5UMzEsk(P+N2 z8NzEpCg7pL!bL#cu>iqJfATaOmtDC2_?kOa(Qhd3N3yy%q*Fd(EX?Q>iUS~o@tl8o zOFS=mMN978nS}{sR~MXhdF;wnk?qyB9FJ)=Sqpqz1yDf52pMOfDhtzx(nrJ;8t>UOx>OUY%QNanpf9LXYJMj(564c6aX1g6SZn7{fpIOmdkdNIDo z%X7l(0fNzo>=PS6&s|w!dEW2(FaUe%bzRA4d@-r(CE$*AX;`L%RDPoBxal-Vfj->( zepONU+{)NMl_?OKTaPwxGdTlnBH@+4-IC|vCCxYdIfaUCk2=#Gagel%zS9A%E@w}C zZ!Eb4uzfYIic17}%e_#4bh?5ca%Mn~ze3HxlNL;LBmq_C$ljs2g&8E=Hm7Z;WU9=6 zga4ZEx!*QI%+oE1_;BOL%wRemR2nA*vKDdN{+TK(n%YBld5;d3+_e0y<3C`ig z^x?d_66<{{MF$^RdP8|oje*Rsd*)muZIQ62-sV`a|QO;$KHZQp{8gZ~dQvHeUey!som9yjyF_r+*rf7H^19svf3^sQvQPC>+)a5DQBt2>d}2isLdY&p57e z1MCt}V=KznL*Z~;c;#!UEFV!13jCdOw1~hG#AadG+-UMjsYyD#2&qj{Rs(U@4g0Kh zIl^@>u%+#+o&uU;R|Vz~h%vRyJFd?}qa!RGQOd5i$bgVWrHO*Wu?z%zI$PKMu9@Hjh(UW1h_~4^_S1`J=H3N zJm`JCLMUX0ftBQTJu5t%@*}*!(1CG32JGk=Pb}gDKSt(hm$B>jZ_>t(xJRY_B12x=*1*~Y z@53<@S19AR^*Qf_pK^3>t%vOn=Y#R@BHu}p(H_h%DZieFfZ8M@9fJ?dWA_u+Vsuvg_mz0VP)F5{0ofKeO!WI5JR8R&g;Uzdg*O}qukrr5XI_B^)|K991A zOhSi(0xCs19J9N3LJCZk{?J=@oAJXqcUX0#u&9s4*h-Lsyvuos;NpcO1P-S7#?3EL zle}NovD2$S(j=^kI`0jMLVyyFME;y<-6*duj?)v?>S16d0L&jwk@U})vp9|`B5824$cT@0Jl?wtmEv?n)ftTp${D zlO%uzvJP>tD}in z=<~ntUB}kHB@5t%B>n5XhbaL-H|`!v00@Fx9`#sr)4$8W_G(8`J=K3d{EQ z?rB`Sn8KoaPEPZ5W2uJ)cz<`5(WNTW;G*9^@p7}??2}&P2weRagNYK0XFcCNo74sh z{QyZSvyVT!k5`D4sq-z9TeAG|!H!ud@q3lVwr=uJUh_bh6;6NxeC0FH|H(h#EoXRB z2rw)@F4=asA%SGonbs>!(OA(<&$jcb*!hu|BH+w|bLOId92zWFG4nLlqO}gXo5M3_ zTlNP9kMd26DunIPTW+FynF!%aWwJ`FG-3i@#wT_@oW?*}VBizI1T+D8l{H5!PBFi+ zALAFRYl!`=Vym|U;Dg?O)`^%*h85R*EcEa)ygEQ6mS*+p3)g+v&P$3T`|7$sI_M<$ z%7K|c+?TF0YUREM!!mu#di?VQQByic00E!;3}0>mK*rXPz>j;d9<)%tKnVuL4KeQI zvtKnQ$fH!cG2Dy^zW)2O=fKH{u^z5a>DW9+$TqZz!}GVgzV#XlTY4Qp8^jG{@8IGg zGx3cAHv!mh>>y#P@Y_d0QB%lWg17Xb@Zs?|)cgU(Onvz;>EO6MET z7onFx?{}t;Synl25DrMgl;0@CBS7XoZ&^Q4>ag) z4~EYW6J%B_FDB=Q=zt%Ca$?U~?}#Axu@=6HMMnQSv+M#6+{oLE1K1PAK3f)<7= z%g-N7oR3rJP2Y#8vOoX}T~tPq*1AeZO6g!@2x$)_1~&i^{AC4F+f03VKKEgl zYTyxRZP|{i|EcEz!`)ZhWI-Tp;UeCm9_{r|CuKay-z*zm&;;)=xxHdu?|P(|n5A2U zvu5G|j=o=CU;P<*#jD!aV}~;ZSai55h_N73kXWW;Db+PaJUF%8QYnTw+|aHhWl0ZQ zFB_J`zkg|FSnWVrU*a=2GCY&~lJ+LtY0Z)EWd zpd*jpg9!G?6Km3!2qXosIZW{fg|Jm+w=9>H%upffhi76HO4fC;-)gYCpq@Wn{1rGr zKB&?@8>Wbhu{Ki5-4Jr;-e&Mpmbm@*8NGc^HhXiQ9SMV=utq*M&2oh%79X`vI5I-) zpI8UdJiO}ErWY7a*4<#8l{3IWTV?Lcf2u{@*xt+i+&?Mj?jpJbm_S69;9?Wk2EFo9 zbIY5chFE7bz*IXZ0y1!gNN6u}IgYxOt&gRQ(M{AD*vg&e{opVw&9r+qlkM0cW+(I` z-N}kg9|XvzVshQiT}I3lCqnJ52@(+alj}w#U&l;LVz3-Vs>gX8r+6ks2f7sS;uf_{ zR5mSQpsR|62Ng6(P zyFu&gWD!8EXbNH;$S*%~hoX4mWFqyn8&euKmT-etlYT%rY__cu9(6IGC7>30Mq}Fs zu2o0*FRui6T!nck+sq}5ng291{VH00{Pu?!z|C~ic5RmcIe2YFysy*i3$;^x=yZ=< z945shklnMZCeUknoasah5y8i=jwv7j3p54C9nuaJI3o2<=O_W+KPOXiM*6cZl!wg< zfFP?>_E#1aXzaySAZKlNIh>Uybne%xKg3dJK(U^KRTnWSwkF*a!>9AMU8d5}&mey?&LYCHMeo3;v)~qD-s-_rX89fs z{w&FsD$L#5TPV0AxQ-4A|89l&if9rje?>2pDPq;n##dS+VFet203Ok@=r!tXfxwP3 zY`1$9+Y|OAFVg+gSxU(yRYaxDJ-ZXbV~^_LFs+s~+_Rovy*aESW<@mzVns1ud9RGU zO_zML4?9loj?Ls>)+{owxB;MVku+mG2!p^BQ_gb-6^`pw20uXJD^jTLG_rBe9c|(P z6uZmMJ0D(CEt0cp?lc>xT?0ND6vPF*FFTKY{}G>kX*&z+mxn%&Fv<+vQ~?{WQ=o#} zHNu2vddQw5MR?K{w1L#P#)PO(xYO5UK3fyV;!5AI-$f(wW!|J5%qgN(5RBBH5m z_|D-drPd3TEsLKWlq;<$cIi3vDju;uoSaX?n_EU*Js>8!O;zu*yJLX;SqWtX^-u^p5$$H!4fH@Gn~ z_x@pH|Lm2F1tj|7zT$r0N&$7TAIz?C#`e-!=?os!)9=$G(Hk;O;0W5iT; zD0JlqGHXfdGM$R$H>9p}Cb3_|^qL^M=ezZ6SM-v7n8m-vnjo-+o* zSk;jI1VrD?X#quN4wa-po{r_m_gB(=Jb3eJACiF>e)|8a&03wKJW&ZAhi%9i`aSu= zJMLC=Ct4L}5S}1MW}GYqT-bvO^|AUxbAeZqN~eAu@w)aHl+i5cVWz(#!VEyY~7Zko{X+a!}=RkEWxEJhk*!02Bu4lOmY=@(okkqDc zC;UTGrQ7nUNkERy>DVwN?-eDC)6MnwfJG6e;j|YVD`l zq_*dAMaF@7TL!uKbQ=h5A}!J!1tBWv{X0VfH#|Gf zFKN;wpxICG9_W=#P=AuDRrY~T3lie?MN6zfvRB}iGzmiN8oLe0maXTyX;f=|=);6@ zAl4&eks8Dxnbo~bM4fhtpB03#vBux~Zb(4W$>$Lhhdcsa6=s_FJ4U} zoXT_SXPsR7CE4>$>VBIyYDNFg?Y`PGDeHNaR zugsr3mSSg{9dpNi_oQ-A&m=+_pA?JDMxES4arTcu-xFO;&Q1=%y|Qe`Tgm`uW;XXxggqA-`ZoJutq#$K{F0ItMvv5)<|r zFeY`?!;kI!brs>A@Yb~HXsMP^^4et@MvG%2p^MA(WqYN@ePbU%m&{oWng;)@jjS>i z)QT3aRr!@Bdtzjk9p0}--&(ph??Fe+hA`{}7xS`dEVs;RSyB%Au4%(JCABv&N%Q!y z3eoNYPAM6=QV*tqg6Z@MAZ3O|RH{dedRj|I zhF!o@zq*stxffn8ghq^&6DL+yBs1so0m(QB4+Qhr(wvmDaXAsZmt>Nu!&E zfi_oYy308;yIk&}W9(n}-S)9|Wiy5iY{hB^PyUe zhUPhG0|zpc$LEO{9IMuU>l@9S^P)ME4BVnBRtQdKM{Y^6 zBZATI=aTJ3!>}7c0cCE~Oa|2>OprC;agjj8Smk1UWe|v?0~c zV%!RKP@W@LnkAy|TUJ}&l_`~*kK8HrtAPa1KBQx zvFU#4`|iO4G(FL^r2usbm8i5~jPQ`dFT?5k2Pu#AwXDuUA)BM_PzRmV->?jlLWGaR z{dc}B!N#zVsOmDDVV@CC$3EA<7A+F{fm5|O=RqHtXW4&Sx1iOq38_(hk-WtiX7D zPN4TNmjYIUfav|1v*a8)=N}JS(SPmCQ*#%b2+rfqF$Yw*1j=%I>ufZpv=# z%D_HzY+@mU_E#MI!MxZMy!tpL2~a|+s{_7g!72~APmksH#nTpLgihvR@EF+kZx-j^ zQ-6=*WkC7T+O`KwNwzR3w1;p2vwySN5XcC!da#lOX! z`H)e=JTD*Kt=c#76V0fCXH;%Hm^y4PBZw(=>Ch(T+p0_d&;)6wI12v;Rj?JH9LouO zobg#UDOHO0-p%tY4zIT3r-b%AB}NKreeKZ_?nd^wOjPnV+*ddvPqLEvh6StHSVz9) zaw1zGX7rv5pEEKW5|nA-mfAE*dF&O4Nlb{)Sj0ixc_}mQmG}I_5k;4uj0B3o=q1I` z>ogXx3Pg~cAUOUrg&R=mhnYl_;-CO@PbLY!IR=Fo?htr>#izm}(DhU*Y!rj$flW%Y z^*6Bsq@16_QR8p;j*g3r(+U56a@Z85$&hY8`mQw-4=kD%yt88pdHHojd0tsC4>Jox z1In!@33rmEGh+9PcX~6GmO|P(#J~@8iAVzWt!$0aai?=FyF3cMh*KpnX%vjDD|!o8 zLby^56Vw;ztrXu223{zf>TNj^wr9|}*H?ROYF6}T`q=G=r!m}5QKQRzz$!hi1oMoUs2uSucO&$`78>s`z9Sov(>!(cOyR#NJLdY*)fOh=-IR(D^KRW^ z@RB1{UqEeboX^r^NLK+0*46t5dmEomeAv0I>0cU6Gegk&KxDPrs$We5`9e5 zStum2<4^Jp2BaXL0lJtZh;f1Qtr`@|Z*t+a96A$udBxtZ)AY=U^w|SqT4O(o3(vU* zhjIzTwti~ky5nzbHt8jy20nVDR4d{Mkv*om3FPbz67A&!hSCHuN9@)^p=RyMH#b&Cz-xBeXi z$*!@8{vQ2gbJaCYl9BxAHF=HuU_=Bwg55S);pYz+id#gs8(VHK0^@sG0BmdkG!%Au zIv^g`CrThU{Hg`KZnkNpU^^^i11E_hx6$6)v~G(O?2ny#KfdKD7H;xHb}S4op!7OM zdnf+zhUTfxf)IhS*C9eFrrGhnrc5?F_U&~9$s8=xiV9=V=WYwDL;q(T+no3_Q{P0w zcb7BTJ`V@>cbRE+q(>9vBUk4Lyr>Q`n=u0Fu+Y5#WawlF$GELEbGQydGkO(axk{)9 zAPP7QG_8*_n<*a$NgO4sXh;t>Hm8P zm6v;iKH%)whw@U64P9+knadh350CPPb)f z6}lAXh`2!Mjh5@rwrI;!G16l5RnEkfg*U~J4aboUwup`h1svFmd*;tgBqqzo*Xi_L z>zhYnk;Xo^p{>z`mq;QbugA~=*fPu-Aw`8?`g4|9%;T5wQ#Jqq2eZvH0<|Ys;W|ld zOB1n!PswKM2oS1prh428DM!cB&S_?W*{t4jDzPuuzzP^4Sqg=su@Ft)X%BAE_ojAy zBgb+Sgq`u<`7=qL#q^?;c8k3=AsYeN*`?=c|=f8uEahEPzEk`A3T0iHGb)Q;(3W7Y%_GuPyID z;#(NH5tK+LEMsY@Q_aazEzp|4f>Fx5)G`53j`bgQxMPVe_dA<%Y!uLxmkYI)sx3EN z*J<+silOBQrm&gP3EFjjxlaqiA7$)QtA3PL<9I(-SkZ&Y{FanxO%|?9W@@t1V5G@M z9rbz5QH{Wnv;@>QjsZpz9j0Cps4}`!Jf+#VkQ0i37SLz`3D9Fq966)_r@`IuX+IEy zsW`H9BeNa5mhk90OV6PW$vGwGoq<^y99^FsiM3rR*U{)q>I64c63D*aSKFW;0-uq- z6F`lBy~$bUmSc>GzgTJFjt9gm;peJtQ)A+NtwA)md`32ulM~*GKs)bZx-Q!s#&QEA<2r(7(TB;j-2+ zg41r2R!*7ig%6NxR50%Y9(ZCM84qV8|4z-vnkS&aK;&x+c~0ySgBf-P_evGg^cp0Z zGS#`r5h`MQlS=DaT^zF>0`h@A6{dzWs&i;05wS;}Nx}~qNmIdR^AU|PNLWZrpg9d- z-*|dE+!Pq%CT0cIK)jub77KBxwgBvW9@F@n04ql>Oz2ib|FCt8)Fjq_;x)Zw+C*14 z;1rArqIexDEayDWmGza<)6_jP{;8H=i29N&U`pZ=H6yy+K}<{%JfG{(#ceRF64l^l z-4gHPgq5zwz}<7`A^eIshMDYs2XmC|pUl22u`P_F*Ny=yVx>!s2r-x+;fTVAepB{) z8CH!)UEh&fX}<;3RNsK!cC7FqmL!(RMxKPLEAXP*Q4jyFzT^qV5JXES1jkY z_lv&fVBg`q)X5quF@NsJBco%tXfh6aJ4$Qcr?^bpp{y%5tncSQ3n@+w%}g8!UScX` zy!0#MObH1V<;+CNz8*g?jrq(K|NXjS(_RW_oVH?4O1bXJ3uN1X~x5i5w z>j>$uO>pEi8f9aM2qQ_cm43+p!5VmTWivbONTbxW9UD2KP<^b_|kKyrB;)ZIF4S+ zG%v39$>skGH0*O~>fio^4xhF;SYna?5^hz}*;(ey=Zh|ym>yLB<|b^@g!`fqX#?x8KGrXCbn=h~xrW$Fkdkhkt9OM*y7UusJ}%ej09zR@qH; ztwSZbH#bH~z98tN3pYrYi*^Uqg}3l=2p|w{63&zR%~{_hY%pCf&uB`^KQ))~ zI;xz_Lv8J}{mkHCzIq&5al0|V@$%?Dk07ZxZ*U_;wKw8{JwZ;cb8cC9ZNmJbdoUt) zYa{BodAZ5K?qGPg$$OCq)PzSG$;x#*Kh}`tV8RYWw!G}3=g0>L^Eo=X%l2Yq7T)Cu zg7f(lhCI8>>sSq#i~?s%?I`mB+kjc>_mo?43CquQe_0)r^4m8B0r|8jbKwsGY>rgl zHeOzb6yeEuDAacNSim{5Zae7WIP&18ocg6Mpq2 zcbq&*aEc9mV)mwS($J%B<5EDj5y$`!*=&e0@^|rC3aywh#8rtqTb@md+b9)YAk0QS z9TK|Bc%1t~)rLX?@!5y%G0{6wN_VPElo|D?Lyf=6hbdPz^7xg;0avV&!nlWENGZOh z^huxOOgmt@ZT@E(3xT1aB#`PmZ)H1QbWb=4QRWZppFhDiZAGWFXu$~~d&wz5RACh{Bu=YA89 zIX+>|4^#JhGnL5dW3V)!vqYe4wcPo0%=b=i!N=Ic*ghO!_f|^Y)ZLmNi{>vA7#^Vu z!dQIX@t(Gt|6RC5T~Nq7ZUWAvwjFwolG*I|SLM-iEm+uC3|wP{5L~9PQ_FCJ)GK@M zdIl-HJm0Ddpvgi7$1pSBoX8~I%{!#h0KZN%Xmi`BQ>DWW_4Hb{-i^-dtL$EbvQm_f zNS6uCQwK;_!kc}|Y?JZbSt1Vs-;N`vaLX2iuKz`f?hsrXMc_QI(YDa%*ZqMWj!F&o z6Q9qEEuc(i#&@Wo+EA5F;c)S#s_t``$RO5MjlT(Q2cy;I)8-&rDqA$@necD@Mo=rCTz+#|u!p{Gt+du#|!-NncNYF-9^wn8_ zC2PPa`jmo18a8ssPbHxx!CKlER>iHkwn#)_WpM;{tbSek17S0@UNY|nuE`lJ2GAa< z{H6zKDLI+0)SXqYO8Y!>D-mz$%EebA(B?O1B*_nQ{McAfNOtA_X^#^Ydu<6~XIEjPh>IuuSJ(B`{7xrVw;%!jIXiSfo4C7iTpJjLIG zsUe|k;KoYUX@oVLRFQ9Bx75h3=>cq(?#!Ob&7FS<)+6rgUL+-@VPe_UEuD;sS5=l|CO> zouA%{aM-ZSpo%;e+1rRCq@$e=;;PaY!g3CmFQS;+X%>omJ&%R#D|&6Fq0Gk=YP1{o z>0J4*Hk&6_7#V;53BwaNeI~Wc5;vBah4O9p5LU`&cs>yVLnZFVTmuaiVW=Qb&biDr zPoUv<0rZ=sXsc*i0I7{MRqO(cXF@U2zcRx*5vs^Ez4;ipUZU{Pb{;LK6Z_^+3zNWM zLKYslR0b4%V%X5Yx}lmSm+BmbO(Vt5$s%JTW7&VI4?tp`i77ybJsh7jPq1rg`xO;V zdfux~x6I63J)MzIds!yw<6_4tmk(oJud$wZ1ax_q#N4tn;|U9fBtmf9w2O81<=89a zUk7bjbstRy+GJ z7NSe3We&z~u|=ktEf5)GJBi83$Kuk_f(N> zptiNzg+D4SUc}!~Gwfev+*{iZg#qhIyZ+0m?}9{qdM^&YN*{@BM+PK^-AX|rlKuFu z?*4-NMH7nSCCL++a}eMK^3W}biuXmEC(^%(_?ciT(&?~^Y#HK;$wwmXgZv7}SxQWR zgcItcWy<7^aslZcjJ-ArXw4d5c=>+6AC=rl^)Zp%@wUErh*OEBxtc{Up_1cN&IBg~ z&0&|;O?9^rHXJ#bSPg5|sdaFO)UtltwBKu}A-JFQ*Kut)9$cc)sek|)v9vOLp;dg- zKAC_EEq!y`J&#XuBQ%OAxh3z+p;6;8K zUUG)9SH(k55?mQVEOdg>_e4@OXTlc0wHcWKt7(XZa zmjEFr{$QAv%x(E;;CN;-ME2sj4v*bNe~YHOjhWE>WcaKmsO86OGBvsSG7mtPa3MqIp?2ZkAh4 z)rFcr0ifYpbo|k5>djtyN~(SIIa5;FImo;^<@am5Ul2yjCOZTXfGn-IunIKhXU+PC zH;wuC8HD?QRexL48}q)E_mr{z+MOX5I$z&=FL*v+FoEeA`!gb18xPw(Pkwc*5VeX3 zK$5yhv``KKY^HEFIy~>3|NX-vJ%%4(-IlQzxOMn&!y}N(V|Lzjp~=;=E6iiy-KJpm z-KKtzKLR5&0nCuvF9m)eJI=gCvKW&zZGPeAg`P_wV55dQkr!l85yfb)${|KJ_pKtc478RGETDtAtvdV)>HdRFVyKm0We3g55* zu|f}*4=QiC=InN3Hb{NG^t$EjeRbB_fdvYB0{Sr{nR7daWQcMG+-)O{PP*CbZGaSvcs`g0ps!fJSi} z%IH6-qB!n14x4bh!5*bq$~t?162D!yP0Zc#cwRu)S>)w`@Yz?L;W}%TwY@ydr#9HR zw4_}FyY0D$X$_dNn-2aP=UhXFTrt`auNxHPEO@DSNTkVP6!a849g3`fXXmm6_A_co zom4y+dq*C8v8T+^N;hb6x}}j3<>;`)c9TRjFL2h`fP!Ck31`7`cIelOQ-pJ?&^XR( zW#33_2bwN*=C(xo3wQB=4NJ63aRRO|7*t8o z@lDS=1}d-C!{%Wa95x8C+CxfZZbYHcVmMb*S27@LmKVXT8OHF+Re2)#*6d*0KJ_;ISujQbfP zoPk~O;%}u-MSo&AS(ia-d3R*s2f)CcHeALq@C%g@eg!$<*wdmAF`Ox{s5-zcQd7sM z=Xt;hdo1SW3I^Co@W8Gt1J3%Eyxl}c#By8TvRzmcQ~|f21A5Wb!9-s5|90^z2cqcS zSf}n2fY($Zh8~%?z-vMpidl!Z<+&xRmemNb?TU`fUyCR~oKP@m>xt$-BGA9Mbnl=w z)Gi`)UPH;!OKyXPoNn4av1I4E7|$ohZo!IJ)b0?+eUN*@PA%Y@tcl{L)AQ) z^`A&ZA9fZBoQhrj_*&8nh*6x5DN4h{fL3>^=M7`ccN|UyerYef<(+Pi<)y;RfJ;#J z{ezq?iDcs{N#tSUOI4}N6)m`VyWC+PKSR_eIc@)W(5rWdiFdeN@<|+PQo3uV$&J$U zvwE?TnH}4<{bdZUW3G!f2_|D&Wt1@MWY(J(tYe8yRtCg1f7lRs5CpxTu_BjFT0xs1 zyYmY_zPal)8ZK3`Con|LDz< zJaRsOCA>W(x*4-Tu*=YH3P~H$PCAOPz6S-^mF*wWE1}$bho5%H28<{$r6s+JlGO(R z{c%)HjLcBaSY3DYU+$w-XgI_Vi8u|-PO)~t9z=x=LYJ{D_^6BwgnPR?m9)mkgcR>dgm5ge!P{`wh;c`_4EktS3=Ee2 zlak zj7>*|_yba>iwQu@B}SWSA*tl9!xUTkivKST1v7^%pa)3UX$9@QY~E&6G|$i}B*kaS zLWMTbeH&qUXX*W_PWmhbui?r$rZiJzy&@e0#V@w>cy?AcNj^$H4PnYH^qv8m-%r#v zDUwEF_>+lSDu3iD46?K(SGzr7wuWO&4Cp70!sfp-%MyJ^tCmbGHvgAz3S~;=w zj}6cqZ6(A!oQULh__?y1D z`*_EoB&j=_(?_8mPWRwW^LtRqAd)15=f=I_u4-D(0M4aq#G&a{QA=*!5A6Wo4D$d` zBOW#}q^`EA%3PmyzwuC_3UJZ2R;>8EAs5nwSOL21woJi5r#W{x4}4?h{(*thavs54h9ka{lL-wue!i767Og)YLh3dm4q_i%#*cAbniOhODho|?=)k!V;a^o@ zN{so~P$RtY(-)RM<}=kD}XHw59#QZ_yLnZ*dnQ#*x2Uv7jT)wM66*R&0w5lWwJ zkmlM?u;%Ri#BuS4&QtWjov_4&k*WbwUZYQPj>r#Zsfd3ao*G8xssG9p1yPEo1?cO%&jPLG|F! z3gNe#)XpBVi){rSE#CU-0v7%gcuT zVAfEyA`d>3F`YY5nO8{bNi`CF6*IN?68%0BYL9!uv+hP`76yPX?gKv(1sd~o@Nybx zuWo0MsUvNsIMH>Y2uFF`Y9buMHQ+X%NJ7V2--{r@?qpem=jD1sUyI|#{^I%s7}KGY zeVnhvA>O&~AK?P%EZu+>b+PDj9KKdWvwb5Y&nkrSzGr9R?VA#B?`&NIPHh8S% zvy6XiPNO2(QY!x|ryMqw{0QVX#0WAwk;^RI+}7;`)L5~jko-5;v-7+x+0W7RO92^n z$J@A8)%oxSnEzn>(EI&rn!y5mQDqGE5uIj6^s-A>%Uw|oG@=oJ$@BEwiiWzy*@ zgboi)tdL)SAjuy{@(S+fB6Bl-rQ#)GY<*u9a`)=F32efd?0~>AaWO-mJX)TRoMOHD)P?Nx7C8E-Jr#g$%nU|2cJ`2ff98R(Ux0=J&&kCN z-&Br-^DN-1K?7YX@d|5dimESihxh5sT&e6%=0&+3QZnQswLnoMP-Bkc1d46=x_+r)dDhFc!WM5Y!p+#IP;q{o&kb zL>_mmyW9PwMuG?6=(t0dzAiJjY9M0I264lYRY?Y6e;Frf!80~_V{B!2sMcD?U~V9Q zu3B-kcO*EiuzEvhmJ^0UoGH(V_#oIDIJKzxYQO-5f7)kA3IhH`;zV3hXaJC&6rqGQ zfFr@!5mH{9{+;rSD!lR=@er95yTzy!twy^&2&Z)DJ$?}0v~KB_nc{<^}ir3#j zRoan24g8GiPyjB_8>}Og597x1Kr28M)KwR+3stYs!6zaKr07;EHC!e$b)5If)(xuVKgN3g10zQ zKSZ@1iD9J@#S2$R*Fv}_qI+}3nkoJc6#!5LpQ5xz41o3ij~TUJ$2+$0R3|>Nr9+hs zBJ2s{)?;;t`n*u=4=>TTv|)+RDk6*H5mtf%GVY%XMBjHC=;cQh``1CJP-gdqlb0S% z|7wym<{*&1~4Yl z!}BN+YgfTB8oL<5nuUERZE@xIjX#MCPMb@2HSaapG6}t);eem?l{61|uCe>$rDM{^qwK$ z$GmwDgz5%9msCZSjl18lE%S2{kuBS}uC$VF%OwO&8`+XQAv9I0=%Q0#-Ofmdwih|W zlzPMWP7?Iu-q|>tlb7IM`+`w=HF19417a!AK$)VIEv5J&4Bqjo^!v|Py2}RKAG}yE zN!+GfT0~(x?9SZwzSFV|wUHmGE^IsxiQj^ka}rHz5O`^|c4=)6dUA^&XVHt-Zj63l zUjgCbd1VQZt7YN$w6lw&?U6q13Sec)&P4ds9vRrg`1?kUFOt1jb0_#Fg z=j%U?&>UW0UID08N8IP~lO`eT>(PT374W?Yp^;@C9Qde9ISj~OpU#kqW~4fF351tY!ZKZ|@$kmqJGT+9f>#Im(9=QtPT zo4$tA!HAbVtu2U@I$%}rEexW95qYjDJSP5yPXZcl2|p5mutZ`N*+#}sJq5WG{o6zb zV=frs8-m76VUxW-TYYfDQOPB9ABK`z^^caWj1s{N&wt&YBH2NxwRunD0fB+ib~2v= z+|$2El*8j<-R=^J%Li(7P^Gb#X0ZGI~XLtw1u^d(LVUmeJy1z|*eGa^g!% zKf>%aYHOrt!rx7&lnMV97(m+e4aHx0&lJOt0t@-a3x}S0`OIC5jjusLMw9eaQ17o( z@%}}SxP6@foks13sfG3^_{`QpU#?1_;e2`dK^H*Ne)}c^yrs`d;`jm$SU88~f6;x0 zAyLsieF{i+ZE{9HcarZPW?;SljIPWj&-e6_>nDWS0CqkLZ2bqjo?J|i8&h{TLw@U! z0dK=xiP%EyWFmP4DYtQ?hQ4kdK?R5tLBq(F}4NTRKv+uk8ma3DeRibd2M`xf{d8V^<@}-m}I7&vqcN z3aXHmQ$l-!m|1D35RU!MdzSS2imRy0$mfc*ZL!gS$}_O4hn~3~9uTe223lN@|Du0IwCg4SQ|u*1 zAnm5(r;BnwVct8Mz-UNDAVA;~F_}Dkp3k8qhd2qcIM)cr42vTR4JG`)D#nA1%{$CU zZ{UrV&^!R-AF$qbA73Bx_D-7ltydXN`Adn{eVs}52en+~XG#DvhnSLiVkF4^oKN0q z3p)hb&9<+NpQgl{a3)8kkZ@c_nDCTFUb(I3)i!U>&f8H_ z*daigB;zFs1(%dmlOiw!{&JU7^$To!kojy><>_UczTa`6C5flOo3(w!!eHaV3$9LV z6EG^JB!#AEraFbgink)6h-Y!wKt=ew1+Og?IXic%GBd>bmZbx~0N9jeP~|9>Nhs)} zB#C^f{OcVATu=K;NmIo3?^+L@&nefmR;7_sWd^m18AGSA*RTA^RhKNSWQa3zBX{X_ z)JcLq3dBl6N*)uwTh(;g4lR)%U{sba7gZ^<^}Ie1^i4i2mSG-RWh%=#J`X+xp{UD5 zIHWkJc!|t(OV20(L!|_>B~OrcpH`50U$dz=01Sh~xHsnO41S$UjDdO}OW>B6uXP$a zOHA-3f>*T$RR!7|>`0{A5>;;D0M~!nuf)0`^h&cGLMTOt>Q>#$>R@^3)h*aV{sX?R zGn~ zNFzit77tT)9`%8{iC|mU-vtjfhD<+0T=M_4NxHMwj=9mXl8ou9+gVV@h9Bvxu(MdJk3I$qrE;xn5 zrlg@xwbyTaoI(dU_~%SX#Ga*EiD*i#VVpXnTv#k~2U>T1E&z_9%@R)<$Fuoz9jXWss&1*v>_3?Nw-D+{5_@G*erZONocEo9c`q_>G)+Hk7x7c*l#;?| zV+77{6JBENlA<|>-qcZNOF*>t+iJ?gqFSi&oPE(M!vmm}Aq5~2X5H>{3)U?etc|R) zZuX&8Z8Z&)*tJ8qUR$dz)6mr<6Oz?O|J#)T#JK@SN-@OEf!zip>{O#fXF3h{9w=B{hz z8waLEU*@h-G*uzgNzUT?FE4)J{&rprvy|UCq;aPX+QmLLG6y6$uiL!slk#SEbIK?B z`(CbUnR5#vhs^Qu83qN}lo)=T@o{!_LXtL2m4!YaOAc^dCMB-ZX@wC8Ts8-XJ`j7y9uW>nG!9Fu4GCXkb^%^ouKXW)v#utXW){J8%IBi(alj<9uYrhm zi3+^qr{cq0bFE_9FE!$~@qV4ChPM|6S7+jAGiC(#@s07gdKI4c<@B6q*22SU6yt&- zes4x*6xoQLKwuG-zPh~bq}H{y=-Za;?3C{cKpv(al;D}Jvs0$l>bR}5@Cq=82Mi;< z)woi=2C9;1ibfp>A~^IQW^yarlb&H$C=#Sl^5Y z1LyZ$TdelUhQu}pM-kDFJ!_k4CJdc`IZggNCYNSaRqCy~ho>Kvs-~R+yZ4VfXqsb+ zPP2_qUVM{So1yvM#?`BK0x8=)S`8dyCDZ3GIhzxUCZ>-!X|c)23QoAOEbutA^wn$b=>?=5jolQVf8Ryr6f1N09F~#lMhCk z7@ESr(McW!KqO)xghXTiaNFU?0xD5BLvbo6=Xjoec9gK*B$Y-%3*!wsNYxAt0{V_% zK@}w1&zhtXSk#R26vX*wJMO)OOqS4aalM@w5WmD?;oEoeoL}l8QC1Xi^A;+ra52S) z+Q;BD6@BPB;|*3Y2RPc18zTh*hYId^hl2P&3ew(9K$@gYDRt#B;1W#S)0my^d>Q>z9%H3eG5D$!0K;MkQ!fpV@YVVFoBabNdzgvX+1IxqCgn&>&ZB-uw=gxP zx9DAFs4ZN6cdBQ>_%#)ADqM!_tq5pA9IJrYvF~{}&Nw>8G9;O|)~-eMZ;0~b2lHLAqAKRxilaq_fH zOMN!r$pfjJg~U3}UEIL6RM=I+TNH|NF=%$lkk<;HprD@RdUN6F9}9L~=*9Q5&J=EH z^|L!QG#yLOS0$MaxOV%>*3fxv6x-N@g0C)xvWNteW|3r}XL;a{DpC6JMP`nn*j7_9 zFws`g{Q1mb1n)TitN>rwCOdd_crK?v5y;`D=nh16;L7);k%Q{4Z%F zUp_R@Ag$G`dVkNtb3;K29{iAi>$#fb7>9&tbQ*V)_i9!!%qZ$=pHpuY;g+?Qu^vbe zFJxW$7FU-6bo9c;}QTvUZ8Od^Plk_;ifOE$IMc6%HH-&G)VI9<^b@faoni) zaUq~+RhLu!zHZTUWk6$aa~~vl?1qQQ1way-R)*NoR||0q%!m6(Ju0T#nx~vt->b^L z5|St^ihp{ozBHg;ScX3O)Tyd>fI>gB(!F_iH2AGA7U4@wsL%8IlMKCMU69H~sw!T8 z@?QSwk&;+@1P@HP&`5a)PI`NmP`i`K=K=$rh*O3yW|mBd5=%RlW9)@kC>UqDbCJ*X$Hie6mo-Xef*m)hCxUz;A{MUrZ`Yu)V}ORpe{CVIS6my zcD8wL7!OZ928CX1i)T3tDgLHZNRi>8V?Sx$65@awzH6Bru!Omgg_TO6HZ9qQieU#N z0s`@fk^w|OL-P{;Asr9Hil?J(vW2FbdHogJ6Cgh`ys!6#k)aH)M$4re{@+`SIJMb~ z*3waOF={w;@ap>%8AJjiae|A5kzHtTwZrMYkd*`&|G}=18QcyRpJjYHsi$eC)}|WE zSCTP=4E@AsO9hv`pW^|v%#pPB@P5DmsY38X3L%iC1jr@*jeUt!Y`T3;8C>FEI{FVb zzAxc2J)H7hY#MiD$!nPesU)m%uaoZN1lRYchKMRq8~t0pC^9oR$Jcd;4t;IY{p-7q zBSnnc4(pr0nMA8;SD5Hr}vx9#%AEzo5R}!z2D2C;7FjimAg>oHwFS}SfeAL z_NNKH!XDksJ|#)TJRQGnfWvv+=<>1>^JWV+>Zv-E07V&0xAj7p1Q}uOr61T$jud-^ zk(9;V6bE{dw4c4aR+$)6JY?iCN?hPQT;6uvjZh=)bBQ%-HN`5$tQS!n-HX+Zk#Bu$ zALa+NuoDUfx4G*}$|ODIo?Yno4%1me9QG^_c#oB4O4CkdKJ%0oBsGt&NKnHr$nuKU z0(FzP#PtTa=y((mAmRgzuZAdBl7qPq-ysY^(;qUAKM9zh^^}T0Az>z1N?ElH>M(qz z_a0tsKK3{&!u(ROQ zQP=^>D#Yep1Gu+GBVCgg818&g!aNYepfncjI%*4x>tFDPB<1yj8nC)NC_cI2_Z?g# zoV$lAH+_VOLV!Z^XM1$0FV=+smI74&xW~SF&H8YHP7G(_Y%2Xr9@^mNb-CUL$CFHO z>kRjDV8n%3-kuXTzaA$UU<|o$N*4Ip?1XIFP*2Xwu?vt)t2mW% zou-MTG$hKQK4mb$UMJ`#ILkq*M3N{5YS5 zIAuvo7tSyH=r`@`&%YbBhv2{}e;%z5>{}aAfzWpwSysnKvcAFtuZ9I?EYWasa>TPL z`@xPtER_N{p%Aw@gcKZzWlTTjG~f^BOan)Ba3%nMr$fnNp*d3e9~zxtbZ05XH7~L& zhn)-4-ksCw~`*K3BUNBaY4fBBr^zt~g*FrLFGp%DLma97!++=VGd}hRh zVDKgMnr~j$z6txadB7vLVc(h!cGjKZ!aleTjmmd=KG16c`nHBuM*Co71Ke8(;XrI( z@>#Dg`>u<6z)u8TTBslA@ni^e@(;`0sIE!GmSy4>^Hxy)*GSO=j8^w#$UCg!H-Ykg z3(hJo=3_t*!^pFE=Vx4^ev^f^C&D^2hG%~g{z3XD>j{9vi(-L3DNr<{;BW$g!-Y_p z5JQM7of`~GBCMD0WLc<>lV&_zf^@W_%zYRcx}S%i7qcPG)r!5km9PoeJMBYnUvl-B zmqoV&o4EHv59*!}K9GzTt7013z*9G7^8Cff`al2xs@H69_#&wqFVaQ{fNg&q&GOD) z?_3KQ4?+>uX~$g$_Y5zqYxAK;?!1#rW6_wqfrbdo;(^acIheW1C)YfT6myRu>7fGx7L5Ct0{UasJ@5fh1*K z9~MRFV|@}g48M6_CG^5&7EV_r|Ec|;ul z?~d=)&si2DN_5U6&i&DY@e)r+DAAkt?H##WP87xA{2gu;#_N`#h5LD=sKR>5KtQj@ z2{)Ev!&pFGs$@8DU3oX0XkzI4i|1XP=YX}0Ym)x)=>I80C=WX=pejl@l&R?NFmo#K zTX!mRtH=n-0@1v(@6r9oFm1g@P*dch*NN*#>R^G5PRJGa^O#>t7a~pCgJOX?RXpO4 zXf{p+Hz9Z8{a8+qUZZ)0PDzom>6-74J}ME_yq3!A6C6>QG6^aI#E>Z=_lCq07X7| zS%&A`6zB&LJC}B?gn3L%jp8rcyGm8j360;++M#3e3t@v?Khq@3EJs0K23jzkgy)sd zi!+~h#w=)Ij1n;RJYDp}c!y1mWG?YtLxIlcP3|U>$fh|9wwBXQLc$sXMY4$`$hpW0 zFnQz?W3tI#iw#%Q{|~GLie9j9)OIm#;>UuEI9S07UFLutGJugdhPcMbt-&<(048ZP z00Edoy3@IJ^jZ@`VAUtu{tYPx;|uxhgf053vGC)8ag$<9_7KxxULg7(!(6oAl}aIf zPLB>C5@J+<2Dd$ox87~hx?mCzq?8#5-q3{vR56k9O!6^T{5MrgpN>4Md6FG+Vv?q00BWUr9{k0D1}atGsA9vQje0ZCvB+slO4p}2XsVC& zO##xM{m~8Pz49t-!Cxw_73fm%Kk(qi$TWfzdH@A_d`0a;DaA#5dVz}HXl$_iY*S5iv z`aFX!Q_&$$PNH0Nx2Fkn*wlp@j^DyrlBu?b-fiR+W)eg$;M-HXZ~5*MlEmO+&pQQ+ zWpCFCt>jb#53;Z}x3rf)bx^P71 z?6P1*9)#nM$F9OZ!Q#>#gC8tSrdX<} zGPk~lK$h+j@KnlB1vrp|x<7zT1@ZYqd|1T8oCs_0Jmu@m-F!|~!c3CFF6z4@HCw^| zS+9h+*rI~^mg%@}+5Z&4h)A36{x3*>3}|CF&(=cHCm9%oIx8~fE(k=cV)#o0C&& zyWp~6#dJ^!t>eU;;X=2*XIL29?N2YSlfnh5H0>Qw#CG;T%@d^NQ^~5RRP{U{_%vxE zU_3ZMJATwm6MJ7L&IO-;puw#+pa|Aa-niIEqRqQV|7hcQ;LsQ+e7r78IQj<8y=HW= zb`O>eZYBk&8qdBy=BS4J%q~BwzGDg+M{DKCHUebKiJkoNx+xx&v6etOL+R#a0H)V% zO@6j2D*t-ZPa#({&?{vQ`)7su&$}XwSCw9#VbI$Q>Tm^Wcf_ z?aUW1JdVh`!_5eKcaWQvLjG1f$%SR#t2TCisPMF2grHGcM^i5b-r`@(wlXl`yDo=( zh~Sf-Dxu{d*NC4nw8K;QwwWiuTA)K`;`(=s-g*-4!sz+##cg#B9LP?tZgiZfAGBCF zz;ItOHMF1cD>JYFU;tTfES0)5^aEja*TNrkANCHaW9rKc-sw97^1Tv9HtyN|@j@Z6 z9W7}!`NHF4c1UU~pH*+)KI-Y5jp>wdiClh?!pv4Il79(iOP_^Za*|Qnb3lNFkl|ps z5=sXRSz(H)_}8#;z4dX2>tPK&jmToOp08f?OR+Lf#n-Nr^s zsIb<9&l!h;M({Q}u+RZS@PuN`87HOwkLTKX`V7Df@;B31U>pv{7z3In_N8v8d*NMr z+WvPd`TWUqqCBxW5p7m-_wCR{g!84&Hd9jWE4*s}to)(%>z0=Y^Hdok{u=D&<)cE@ zESg`{(k*_EM~7Z|4_eB&>ybz71Lim%ib1bgC*MAKE!WXPg09lLz? zs|&%_q-*{1MC03{n+rIqd*dkk z7CjGozNzImd*Fi}lG~zn*FsqRWisdLU*P;u$x>hXWz?1__*A2z zqeeXy1Clg6W%hTM9;u9OS~K@iO#@S>hI+!mhI;lbgJ1Wo#x4Yop69>z|I`-(74lfw z>{PSjQPS&-TTZ|7MMb&|i85>CNM0{WZlAi`!(*|xrP2eXT|^6+bkJ&`?xLLLNB3xlexfjFK(W81S#l9um)#n*Yj>d%cB{fgR-KA=PKi(#%NJaIbvfS zKU#U@l)WV=f?*OQmrK3{X1mwySWE#zalr*JpGU#?4&ZKa$)%siZ0VAR)M`Mm? z@eSv^iT8Wf3pm?D8dJ}oz_o_x6uZv5h5=V99M$1gcsINP{P+dKOB;|!k`?{Gm}`r zVpM`W(L!O6wZpCWT8?O$R)I3nfBK-%>zdxH_xtm*`jJhC8!nwdhH6H`3ytRqO$<)= zD}#x{Y>4C_uQN_;yvTM~GD2T%q!|*AsIm}h;7_)d5aUeNWv6iEkgy%bV#T2wtAriq ze;WS1e*j;u=I~%Ee?!$%nj+<>8t|Or_?Kdj%}0e?MVP8q)V8j3+oXoz*n2qcknNSO z8yq1Czp6F^|B7yDn&wvVcpyu#NP?J2McFmSn9#fX?Cb0h0zt3H>a;NjbDR$>9qS-n zWd>|_|5p23NH(Y2MbXG<0cu?v_hl z=;3!(8IHVU4lH8Dg7;tHMIVJtWBWh!#+pN)bKw(Y1G_;O+xI~RKk&qtNy09acpPLt zC(cy*$l?-ekey#wY==l<5oiILcJTFS!50ABE};h70-@sQi#g)t<%xxI7X9OK8F<;Z zKkjTNlGGNEFit8tt0qKyy)GP94E+Rac(HEBUvtHwzjS`@gtpDX6MNuL;JNd;&Aq@E z*qU(xbQLodD_O?ZgPv(iJs>VFZOHUMUzqn<@nw&bjO{#$FD?fqCeLGL?I9AiBUH7F z)gO3@01n4wepW!H0mUD%Lzld2SEw;!0BN@6nY1bYIRR#(m(y9tqLQItR15RoBOE#) zEmZ1#-Tw%9*1iWGT40bs!R_9x-M&vwQ!@payLk9HC&eaGv_QFl3W&$0!E6Jt?Zvz) zu3G~qGY*E@yaisS;Y#RsWQ=3Ipg-rtnP~>D{*|_zq;aFIPYIjycGX$?E#86>agh9@ z5FryZl%BtGGyr}VbbREh<;NNsIu+Vq zF>WwS`S`*1cH=H7T|fk-Q1uT#lK$uRU`3>sTp?7HsN`=lqidN~^i3T--d(lEbm;Hi z^wG(+W_gV~#D0k}6(k?)&2y%@Z-u-d!$GTtr%Aq-CK;#WA=2bBUS(q^pD}o;T{e-c zB-5bdnyRNRzA-MM+uxuElf5zNLqw|5p^cJ--=^zhDcZ!*o=K^*<1;GN2!%fp`qunO1aYm@1ZPzpS?QC?76S1z4?OgWHpm>g(Q~|-@bxU zg9hCE=9zUY6a(etm}`OaUTC^FtLESaTqRr>4NUW4PS-ynJJlG5_ri}VMu$2>;18W5z1?t2I{%o zP$)j=0H)p!%$48+yw;WqDr~)g!TyqFVPOpyxaH?V=3o~zzUvA_%n6i0hUmlyWA%fO zVC}rQ$-Ck7#~u^&Jo?mWj&;pi{iqf9S&hDbI7WTrhRFOQswVc6t+R^185>(6*2=rp zev=}vPckZ_TbNt?UQjc*K_G8{qQwe5wJot!iJ0s+7Ocgf0I6^aHh$*z$P`Qg7Gfjb zs00CCRBaV^KtpyJqu&QL430uOC9YpkGR#Z{UKvC8s0j~H2!A&{lHL))WO@sOy!wU5 zlo&Hv7YTTK)1EgwtdLTIFr_9UUjxE}^3+gc`m@3pvFx zMG|j1P|sdL-7t)he+oNBiACj>=OL19?m;tv6CfioQInN%tbbK>Q;3~GY5R+>VZA@n zeAu61zXMftyHrHMB5e0`uhqgJjOUS94F{;bFz=D@f_m{=lf3NGWP1cKaxsERXWEf# z=dF+#IC$y4Z7Zn)|7_pCZQhaIeb`Gc7(|5hLed!kAK7mWpX}{Fqyh60=RPYCYTP!B z|C9*`hAjhtpt>q}`51!p3*g|1Ag%0AxVgS3`X!xBzI0=No5-3t&n5}HV4ceg>l)g9 z8eh?|^WsRrcq*fLV)xNu?uSav-wFvBA0mQBKmwnD000OE>)sC{LX2~T|KWI>S23tS z-vA1=Ggj^^7H($@fL_FHvrB(b;gp|Me~m3JgG4Nf7>3Lykv)&l+b^+DXi{Pd zKpKvw6f-YO55Wd6`st|(Qyi@R2A#+4up%cra2c*YA-WzcJ9)7&+7Kb^7jH)gq}u@xU3wj3a8N!6 zP0*C@K+Ehw0ciLI0(sqz-`13EWbbi^$l6h5{G}2tjq-FBgdw7o4fl%B3Fb8#p^B5b z2N5t=oG^?$tPgW%7DJ*O)VTwoiu=9W)&HwGoLA`FwDU%|uR55XK(ZsW@sqa1X_jc- zVsKx=2Ni#9wkO`9u}Lr>9HDqbXRrWTK&8J4;Go+C_4UceRI{OrBR{%098J_<9E_wH zgm^{|eG8{LcUGe;&S_&J>qn(B3m|XZQ*K+TpC4Bu^_Wl{JxqL1;F^o)Fgdx(`(;mZ zGcb^%pnahO49k$0B0I9%o_;ak^F+kxqceF-n65rn^)r4=kV$D!_lf?sCJw)S_^*x; zw^M%pw3JxvCo=~!uc=cTrM@)`s;CIO3F?U!UhEZ}0dLfZr1oic{Jrw&{PH69_=hCt z$v2GFi6F>i6JKH{`}uMuQZtBh?UvDxZQ}dud*o=E(lI&%#jnGZ!rL;TOw#ntl@BxI z`g$=KBD`VB-6aJbl6p&gY&87-Vx~6tn9X9RD1Nnv^&;Ufn&%gA6U?b|N>Gfh2Te@a z>>S9dgkjA|2|^Nsn}+6-=|w}+=j8N_l!`z(ttLdu$mM6IQSIZL6^||m*l3{BPXL;o z=J+Vw^jjFknFt*Fg4OE^@iM7%g^7uhMJ+5LVp6o`p0vI1Q$|Z7!Ds~!x3nlp3l7FB z12CC!0FZ(Pr=jsWX@SD#E`j&?!Yb${(1{QMRfED;K18^`9L1TJc5sh~DkS63oHW{` z5PNHzuu0|GHRXqV*FKhg;wWj+Of*HTtrmnNFc})?{=ng%zhm;g^`fR6s{p#11g7Of zlQl%$YdFZMdQintIrjC*c0iJMB+q&Bk7zSVYpFpdBZUR)&q!#Z+m--iWBS9>F!*ZI zt0!5d%R+Ogz!CnSHzre6PP-;*EB7EI7XuqkbYTRYx86a3Ot?rda$?l%1i8#B!RFG5 zV9}-p!Zf%UNC5?@{_U6}njvYZ?A`ajaVB8r4uNOR#S6CGnT!j_`#MNThxK)Ny94>i z4Tp!3^mhj-w~49Rs=diTcUK~T;U4B0XtQ>1;GwA^I_+HLnAhA7suHGyPN}Dd%CMm+ zl~$F8uoSNFyalcjp1yr7w2a4C3zM~i+;Fr`E^{`62?7bHx@677`V>xupGMZFh64cJ z7{zocu!H@gRcXFpx~jQNquXgDrrKFrW0{oI_F*}aPu#;|?eA6yYe~cxROesjjLPF2 z!~wqhytF%R<+y*(2L5gqbxdjMkY? zTgOx=5&pynZP>ROsnn=Wpd57#LpS9Jt2?@DW&xGO9K=?kv6$6Y%ku~ae6yfWS(&PCZ%0>d^F=Y@!!d1!)IYCw*PzS^iDnD98zEG&+ zk0BDA6#xS>V<2B7oCPy%I46;LZ@^#`gH{v($u8nn4rnYz5W+AGkQq22K1!Ohd2}DI zS*Wf#4PJh^!+Fx*iTfC|az=~y!0FKNU0`8rO89g)Jgf0bsTIfoCS}4DEA^psMjXwRKcC*#y;j@~{+X z9bC;;82s<-BlV7w$vW8vgyXLEN$fHf`9|1`K;#AS?D~$_#-DSI;Ju^p+Gv@#l2qS-mayWkX#lI?yjxZm9S;i-L=j;*>M}pj*9w{Fi0%sC0K0ar6_Y%!K zUvKn+N@4?Q0;)ILA7fc3(>lVkk)H>dUBcMxav1vty-uMa|!7l9*aJ#b5&87r4AW*aWJFHyHvAN~KJoD})b#7bo9T!MMF% z3&oz85$x*Lriw=)vu@0*CHWP{(=Ib4rM(XVaj}7K%{-8G@LMe93h>zF^fdi9(@l@z zTg2xJmn4xTG=m;4E)NepS~RBAn^u2dPY%sbE$K|U zdVO5T{I2F9`r@g+vPdmdb;dzr(`I)HCAVjNdDB7VO=>{G&E-f+9Mc9zj5+0`I!vC) z&ZJ#YmMt+XXuop2JGAwEbO!qUFv zp-0HiwBjA=6^(7vK);wuXLtR*HPxOI3TVq+@2lj?g7*w(IeV69-pP4RiE~9qb|TzW zhGRC^>9%0WC(g{?V4X=s;m(Ji7`*x*G;rz3`cgLtzClmv|iI+!3}a!?ycd3*63lV zo|UwB8Et?kTjrp_q#iGWAV5fIs$&Kqdq3czj7CK#@&dO5EcHdO_Wee`$&|5{peMl;^Bz4?ots@#9CC*?3$ay_*AJQChmFv}B zaj!~Kfs&n{B}jLlrWVRw;dTat-NN`>x?&fDLuycysRQ~*2v|s6u(m=D)&tnj&y?fI zBj~|p-1{eA06G4v!xpeyTXoy9PPC9_3TxqNEDwL`;-S(M0i@LAL(WqPTR)&46oMb&@Asx z0m_q+b~2L1e2}SM>Z0s#&e|c?Ih@;>`tDM@CarHBYY&?B6|Qyn2VB~gt9%1oq_$GB zW(0gOlgcgOa*imzT!t{uZgI33TCHt-Mp^8p7s0lP5!lr3l3A&r9LO*l_yzQIBc~zU z*)Bnh5y(`iyH>l35F?U}Jfq}6`e3V;f8oMcsUNNljWDJQ_PV29Sxk%20yfK&%XmD3 z{X(_jvfMJzcET5{4h+A?7118aYoMSy4kOL%!vt7+kB^^|x|yyd3(w*10N%?8LH=== zcooMd5-EiV;hWR+NAq`qp|k5&k149uXeurCb4d@~3XS=}eTw3FVD1XFMljg;yW({* za7^-WXTjivwR^qk%goEbYc)c3ARl_ZMV20;FPtu^m%@;Ox7;>*Oz{#-PtiL6sxs#| z#N`0F><|2+PkxNMgc<-3?f?R-Rmg+m3@15Tiw9qT`Khvb;yl1Hc?mBAxMv-Il7lo6 z-_u0O2fr#L&Di*eGB)G{1dp-HWw{$v#7sT9lmQ!G3>osWYZmu&y};Wnx$7z{>o~rT zOUHnN&$=+gFWAUA$u$JDmofFEm@X~4?aR^BI;na|4N1#sFc{MgGOwNUoCF}5=Chkq zevI@6y!hw|A|IsZ6b<>29E0GC0wJT9GkuL5bEizs&j7{;2bEvMS7`Qp;AyN;QLWupyeP)iKjR?O>s_60;4I#ZtXd1#Q>YFG?RP z8eIC(lwsXZ`VSg6&~H&^Si2T*aSz8B-6@*A&MhPtyr{eOj{N>4*U1^Xbl>j*S|zJP zM*mBVjX(Wy0{;`vmZ}2_lhzppxj&1k(Y#0&;VZxS2^uP)0VmmzEE~^A<7UQ%V#oJq}37n*x53e zic8gQCH>N##}PhP+#{0J*3RP>VLru$qP*+~B&68Gawr|Tv){5eVt94u`NBmdJ*rLr z2xp9)Nk28_HkKrT+nXh2Y*z(zHE6adP{+h8$pDzpvE&#CSCPlOLC^@##oK68>iePj z5aH~T$QfS`TJ}NkByME55$plYlwffb)0*B!$QY{E5e0thELFK=%Rfrh>B1cBAfr|8 zO6ME*V&;hB&F1K2pm;qXwde)z0w;4JV7gI?=TNPXs%jIZO#r~=tVrq1M5ckz5K1nG zR=S{+UP0^a_=ezZ@S4h*PMF(C8N0GGLo1dH3KNku4w%2qwfo{=%7`(c4RO#}2Qxn_ z8>OI2$QbXi%Z{$hfCLp~^d80Z(xResivp~(oIU%100jt(10$s^gJt<&K);Chg;0kX z04#Ci0lXn^s?|+=fomXdL8%J(Bq)^u9C?nyypR`I(!+vGKF!L;3nJbd-YeyX#)&3x zKqd8e^Ibs^RfVfip#fsUEf-V61tnlX2 zhTjf@X~Q&wD9U!w1t}t&@2P(sS1W12?FZxh7p}I-U-__r6ZQQ{i`b0IwAPcO&f#=x zI~xjzqy9{o-`Z99=MnTNl`e+fdNvotW73$Aq*oZUfq zElqxTR%t1z(Z=@WGEDKE5PUK*nwnHm?X=0^3f3z2dr&u>iIUJB?SmlKB3~UT6re6x z+tryyy%~0|_kQyT^TqeX^IXr;+;r7!vHr)i%tYRr4Oqi1AvXZu4P^x3-x{BhJCFS+ zdh_+*W3FozkVrXIC8gDA4~<+OCd*=JSucCS@%kGd;QDD271G_T6Ub+}lvkHsa}0e= zf(C2nY4pKz?N|nSO|3=#UL?FvXw>0h$fX0jO|#h(b^sajy{NQa&3YnsF2p0;{t5rT ziD|lpaI6SAkmZH~Jms=CCEE$pgI3Q-^(g|dbJ$ruNMo{650*@ucZYH$cG8aBsTPt4 zu;J?l<#W&)lu2q$i~i+ExW6ugOwGXs9Hz~qhG&EYe#_5WTqC&)jAwe`_BnLq7J_lA9{DvUrC(NTu)0`O4`wSkJJ2K zoL6f2L(}@)lM5@FvB=?VUc+aWQrw*!B{R1D3*oZf-^Vy=!Ho2xM^T$y88`j#tb-0P{=?-rF%_BJ25*q&e?UD1 zdf6aTtF|cJ&v#^!uQH7{-OLRVx*Q}RI(iF{kt%^hC%EPDij*#$vlHq^Tx#&PXy(GR z+Y$h21*W7JBpdf?A`T2aE0&r1AhG2M8thy`xBcG5zS3Oa89;#6KovV+o?rS&@(d6O zZ@53q$bH6m2e=(AJUVQ2_775pN9a*=i=uV)GXDk((Gyy z;$~rnL`gG%v7s0ttS99_BuhT_HB#hkFjXb|v#sW~<5<&m{uLn!fni_O7(b18A{k(C z@RI^RpvsDXu#_01!WGys5zudpi(CY1{SX>C=v?<5`_!7NG<&R0phlPR!`y0TKeX4K z!U(H2=sQd|XU&q4dEPE%`);2L(McXTCas`-BInH_RFipk39>QwmThB`Uu;byPG+%6Tdp3+~0;NVRA=E?;E-)3AO20 z1i$P>_ByffzFr2_v7sCh>K1QueKuDQCS zKXU-rh9XaeEE*#sBlper5_Ha@qobA$7EI9>5~XLl=F6h5SG;s2`pdH$MRQDqWjfo7 z2y%xlxNE^3Wq{%I@^k8w=?9dyv7m~56B5X}QRUZvm?@t>yTFXX@`MXqi zM>8^d>lKylaedh1e^9w&I3t*Z!B!q;Py-Q~OB(uk7mXl?A8aWNbjjD;y-Kem;a~1$ zsmT)%1VQyPTb`jN7h)a?BLDyj?NWu0cdJNR3h;-2rO0&^@dEtxJbc>aS>>?@=yx2u z8gY)SViMqCH7t^&FRopY2$L&jd`c5p_|iQ zq&@p;KpKpE0nAUu)OtWCWdqOi?B1;Pen5e~n{jD%*6VPTRKyBBaX6VB4s@Ra@2$=5 zNdy*c&TS1(yXL>& z&!B5-T(2WZ)|U8ZrK$y6F(>eRYg$FC8jX256PR?9VJ!wG%wKt+m$@UDx>ENIi@o?u z-^Tci9s3nB`!{D1g;5D%&31LeS-B5JRr=(3+-Bg4a)!w%Kmm$(*lF$Hd6j;LW~+c7 z?^^Wj_A(=WVYrGqhN29u+EhgYIt%!h8TnRM{fN_&~d1rm-tU@IVcqTc^qZfD1@K{$B7;1@b;XNwe2RlfpdH9 z?a9~M36JoCo%&Nu(q&B@!2v6xY>7)?U~5y|fXzmlGJEKr_3!rtc+3-X#U>#UIRV!mk%*YdPF&5nr6f>qTD3uQ z4Kq!?S7N(K^&NLMCqF8W|61tJ#d{}r6^yLf-8GnOVRN0zG>kb0cQK4MPv5Fsf((vq zB>(oLQ!sL}9P?NLS;(4jw*chTW$8R&K27#4VcU6OHx%j8z1La*sV0e-{Vyvm$2ID# zT0h96#SUYA^rE&i>5;&3`ZyXmqSSwWvw!?BIuk`S0o9Quc_A@Jzb#3Sl)K-vPQeLj z15L0KyWc_ju;Evm&<YnU`&D!)&^h|q0K?$iq-`10a8RX5_we>zH0Wp(5DTyVAurhi^%bW!vLQ9Et-)}gn2yr4W0wBF zdc}fGBXV{n=!9_S3|WEHn&f^BxF#n506I1B&9`BzL&2x}mKsP%7id9A<49N!HEs+S zfYHw$+|kNN4on)bF;Os1Z$N+h&7AAE&a(kR#taq~HM+BY*%WgeRQTnbzy>T2k#cx& zxEX-v>YVD4IQE;Xi9j7rZsa9Kp1h03BXv2ra^}SGB_wTveD=LFKz(8TZq`=S_MiJ2 z57WlTLQDx#T`*Zvg2&LD110YFO~RSVg(tIYdUG-52x>6Gd{SY{EAeKyzo5sCFmiS> z6M6__nfEtP^lW#a#hAR>NxbT zd8yf1#Hqj&(ON>l!7?^9@hO$52R(BC;$gB4rp@1#+0#-9vuZkA{9qPH);gW7=zPHE zvox==7NE`|i%r3%m8#zl#tJDq?x}3o`gnxd6-ao4pFrm(1XdrA1Eo}3_>{1f7at(`~D04$vscSIO030;(A7J|4m>mO~FN;P0zfLB*u z!1j+G>0f~yaV1cjV=1<~27=d#+AL}N6lE-5Xg_&}i+lwKg1_&3O2cJO&$#8y`SJ0@<5D z23X;fWb6v8$g;}wx}h4_^cBZgBO&E(S?>I}kJc=>Y^)L&2GIleEqG_pKMG-)3Nd_b z$7@5A1OXwP|0cJ4hA~Qv=uW@^Zi=?Sh4)FE1YbCoQaZ25<(H4wZA`-S-a0UM9(doM z@C5zL1Wc)y5H09W?ZakYl!(w*D)aq<>0=`21Qb4Q=s!cxMZYFyMwDP-Lyo~KU&K@L zlrtO|-4p37Zd^cO0D)Y`t`W8dlcyw%WmV|ST!)em)JMpGN*FArz}G?i6g|m3RsG2g ztbPxFq7yP^UU;7B!Q0Qse%Ow1;-Br)?__csqAQlY=gOV(t_vF11E=HDc*n}6B=Xd` zWCscm42drd)r?sDCLVTrjf=PlZJh!7kFJLOFpRa;?r6?i9nX$_g@DpVCe?p|;>2Q# zxU2kkMbn@Cdh4&C|1BGHhP5V;cB56yjmI2H2)iODh$*Q{z>EC!0v#~FRXq_+>9U-F zp_^ZjO1llqn-uC@L?Hiwb69yhxbjZ~5fA0q{RrfkLnk!25vJq7jGUBK|d%2=P^l(-A92N|!=qWQu+1>bt9Lk_Rt2BVr`>^N!Lks3it~>Rvuv89mJ~+F?3?pUNb3ea>^nl6Hk3 zUIB1#6s{&{U_k4e8+sf;&@IH`N9UH%0S*9#Iy#gk!%gwOKJ-Z}cgsNenWA!0IK?POOxW?0c1q(2IAal-J06u#xk~9<=?@g@jtt&ZaAHq-P zL`ehhSj*vaNjlm6XH3#RDVN}Yw-0>^UZeCJK(oarRph3{FPbNZ@Cd5LF*+4~%bUt8 zQ#8IGR@4)v@wCc6_V{~opZ>u6%V|EnhUFs?zxP4B%H(A#%;=@ zu%}<>>K_(agO0Rg$P()c7^xP@WR*=@9 z_heJ}yIfpI4Pq#ImPn0@0spC+Ct9a>kR1$DHG#K)KAGG#o~}{H$q%1Sk|^?DPAp_R z!vsWP#bN^H^Sg?q&f|#YfAV5bA%Q2c3+isyMB2EHS^^;jjpeg;qN$^Q z)dopm73jbb5j6{EA@zdQ2qdUqf2P#yRTb>8DScI2_#oK|^{w|(a*a&CopAa`vN{%> zwzL~s3?8;>cI>bKtbl7=u)E3VZ9~Yqs`3K@tPF%dO*75xn3qIP2GOUR1-`R>#N)Oz z7eFRNam)BrcTeY;#Rs(KuZd*U)da8)hng1!vo;eMjHC&vig;g^}U&b;X-zx;Zh~y=LK2t&IHd9+1g?T}&>5!{V&1T{weihzU z2FcJK6Pz{>@bA_+O@FO)VQp&ZtPoG`7iz`!J zlq|pSRP;`RLwOVIAMTe<#n!h~GpaTSXc5SJjmA@umHEyO`heW5w!vPg3UUpUrrmKIo^JjyHc@BPdQptaQ7{RI3=1LCfJT z1KVCZ%tgxQMR&KRKH2_9Ho|+QLs=Z!HLHA`GOyra!F@?T6dX=^f^^7K-5a(HnEG zpMf-ovwum~cWp|=I$F_=XgZ3Z-sBJ* z0cX;8|H1t-0R4S<__i%}i?h`Pwhupv?$57yU_*s_lXcD53B7snj=^z()@E2-He;#>?Ex-JI`x$9|B%uP z3Q4Yz)pIFQma_arWPZ26w$rqE1Pv&PCEAv#H4mJmbg z3$;=HSgwgD{@f2@f5F0Mvpo%OC+rtqM~w@ zdseeB{W=WKbGfbwoM7;j@7?yajHR-ZCi6Je?=#nZgCQ08WH8hnI zwhlkOWmDbXji)|Yj~>FWdd;mfLx5z9*u511$v@%GwnR2I`SlhlZ+&%Cw_pqipRkGU zBF~Gum#!1Rd_l4^fQhK&)*=bdOR$j)3=}AGyj30o%!4;rs??Ud|GsOJ3W@S+s6#*v z2-c#(o7KCr@YB+gvWLnSv^fSC0HDvs6htPe`5_-?&(lg0gT%~XF+b0*)7&r^O)0A2 zzpESQ?*693`s&Z#grJxn7zX$cn=0XRhJYZ)?o-FP0%e+4Dy7DWYd2zK1QCG)8)vO% z51U~n(boZ_)0UltcynB0-`sN)N$0ixh)l_udE$Gk2X8+i`(h%=_&n5ky6tzaM65pJ z)Y*6t@O1v97KMLZ7>Sn~%pISU-pYdTY^3A2h?g(8aK#=QI6obw3-kxWBKB=%x7y(h zc)@pzZT8z5Xm;1izL7pmMLg8I-#B57O~`FL63Bdp>M{3l(fJm3Y!A@yg&)F%hck?- zU5%NFl|VnkEIz9ZMPrYbN|65hUBm?&!oeA z)Y*aOG4bi{AZOhV2wW@0=nQ|x*~D(f;>Nu8-h@$=5I~}>%M5g;Ot_%?ba5lDmNZMX zpXmb@`maM=l6fQCPYbM{*+GCRt9dvHiS$@AcU~7sQb0;C0niL)H`azn(@i3c*AV1D z%c#EcEGN&2`RoE((jSktK8!PX3$N>D`ayXcKVzNtGgd4Yrwf)Eto=}HPYxP$rj5=7 ztD7w^xP|M8hBGpJK~h%D`K!Xh=ingD18(@ufryZ#p99xT091aR{2gOGOrlX*U$D(5 zjAe4>xVE@6YpFXKl0HcKr5!}}O%+pYAReXT@wd8RNj&!1evc`k*X9X0Dh+<6KZMU* z!X(I4lJNIS(c+Q*T-iVj}X z0LJxXTEw#;e%Ex{<+HEFN;t%!gs8)exs(o7Tg%Cvd-8^7^)zc6RN!vLF`1zKN?n86 zg5|m@Cz%Ln>IFV~cW-6KC3cfep+4x?k(j?VEooJtT}}5MrcY1oKj<|1*}SI1=aL#m z6=0;INwBoF)ChOt|@AgnJwWOU+rHX%wu{Nebhi+|yFZ$5YvKx~D@{n|~ zy$0VNc5Xpw!#CSG?0%zf5iXZd{QV!hX}!(Qx;nJchm}zjw-0T2DM@|naoK`;^~Lw6 z)yJuf1sZJ`xLPxp!u~V=v87ayZdqFeA^tlQZqix$F>ID1`!9nbs-DVA4jVWVaIOb6 zG4MX;*u6<>Bhgk*2t47Iap5oP;7clE(c;1MbL+ktE){giS9kDPI-rG4sskkzvXS)vt>3PyiC~QGgBtBXqlp3WTs~}Z%z-gqv0NMhZSC$-TCMk65!Rqh(KSZ=Rb+f5+QL3IQi?^U} zPT%ka)!dP8|AF#yi_Jou*4iL*AkpB%35Gcr=tj#}5$?ZmoF-@NKb&G{We5^d=-)b; zDPr%dgHB8fzRL{|HU_OhPO%pc=(BZomhxFHbr3W#pGt0BdEhrTFm&#Ugl8b~<*|AH z3jl0ra2RHX+C~87`n}oUUywP%3myjv44x{rWQejhsN7f`&f+^1)@(F1^rNv;H;%Y7 z1_vg_=px<$POs$5w#c7;>gEtzFD4^su|ve3KC1ClSjlUu?R>_-m&I|f%KJ~@f{&$?53RxMiK@*oF5`v zBTKB0N57hNh#w?ld%kAVKTQ0+aPe8Q(Y1y)WL?urg*^%Cx=p(-!iVRk!jnxlEqyrSswZOPP83&*j-)uZ90AsU!-*nyR40@rUNf*<6) z>Y}7x@*#DD30~cdCAf0|#9gfpa?RUvg};(v2!*=l6zT+8v^x3Lv5W%lGQ4Y7Y(hy;BpUQV<#5|GD;I+V1!4o z<~g_14m;}oDEn)9T*e{&+SIR^0y;#5MO;n3i*S2OJAFaZ*+2jQO$Oz^fa7o=PJY7a zAVzt?y($lNY~=b4jqPx_L7bEPo1pE=Q$>kYD?uVXk)nSHf-hDYw$EkL6CLgQpg5aW zydLQE8dM$1=xy^Mi4zx65(wx7C|!H%+wp+Kdib8qe(!cm%f_MF4y#FEK5GV7 zv`wDNgj(wd^4^=TY-@;tI~V*JI>MMumy&!_UL>4aIdC-a17bgp8C#tak94U~euIME zJVxHj@!p$qmLpcOC5j$eH&wJH*CXP`>W&D5y!fsI@0dvle#{XB6Ruvmik6E70zOws zk_}4-!b=_xaaxYV$lf)eLZ!@VOxGg)Opm!D_;K2os+?1g6lST;$yz=g> zdiUN{+TDvSVr{J?ME~Ym1g@3V>8haUQ?UZN1~hhYr;NZ>BV?-5owZqLCKP8(89tr> z15^xkqKMPB{h$>>VAPj-iK;Ka!=NH>Lt85qw5gd+>q;S<|HSf*8!&zKc0>rQ$3e3%bK0rX+N{xRLVl~CTW%^B^j$3 zF%qv;Q)+@awq&E!G=zi4$REO6$km4w5$O#dH(jFgbB9)~h-#Lr{D~oTuBYn1_^dW% z*xi<0Z?bZfp5Jx`pKfV9%^dJU%lxpB2%^-M%?XAmI}@?wbL|cn^`oXb*!GW-o;WbE z%d>}>!s!J;uhggTnTPOO(MY%@B^$6Gew~A1vP4*(SEz|#REr}R!x7)?k-gbEFYW8Y zi*q%yACuk8QwrTsH>Fg~i6Zn|&H-BY@_5a&xzRh2*hb1SFRy$Gn$(H0<4WI*C+_ke zzc)zNuveOCIV#<@l(Iy@JZkmIyaA|5D+&b=B%TYpo53*V{}GuT81u|CR_R5W+rq+C zg+#A>U3Ncy+T_9`lhez497kB`7DPr37bEd{9zLIK?iEY3{0Jwjd3ESN!C1PM`r##e z&n5o5wB^JMhjZ_DSQ@>#WF)(aHqRLYLhL>-PS4c_fcD5%(~``~uwkS*NxMXTU&hK9 znYF_{WoNF;2pw;xQdqMm!uO}jr>9PR6gFV91S{$b7}f=0EyfDRwyBB<-~1h%WJ?Q- z_fmLZK}PyKa}+0?c3)-9U)FcFIbAACk!?Hf-Hk~FEqyHT_Xr+eekBUj(D-uU}iIa53(F6yG5gzbw9+xy8fx{!_cnTR`L89z{ zKT{YArLD(U;UziCpM zm6|#hecSVP;U|AXre*t$9(s7+jF{w*4#X4sfxn-1P-VKYI!h|a;k{dPyR-v6t|P1J4(HYmHNUx^vPO? zUhtKdm9Ev;-&@Gt9N#W2F=Qpw)`n=){q2}tA9%6xD)W_56I>Cz+N$wdrIyOD_$44% zS~Kk3DfPJZ!(fo4wHa zVP3E=`>g9YFq zt^#}flDBJY3_L9jdJdSI&AanjPAGN?2aHQ*3D~TAmiBR3s~t7QmH*|_Ztm{co!C3@ zXgm~)q}g=H#8=I3iW7BIb^Gu9mrv3ok~Rvqf_vF8=~-Vhm^>vBSC4j`9vF zhMV3ey~Jgy$v&!em7~t^J*fi?x(kOsKp#3BF$$vityk}nw=RBA0VA3v-=R+|M|kOM zh~ZIpx&%Cfdo?j^>78`ESuQ!(MVJA=1625NC{hYGT15{hQ6g);&1!=zF9#y_9V*Hh!1*s}f+Zi@oKX5P) zDm%6tMfZh-=feXVpv`r{R9UX!dGLF_4dZ(3G3-MGeqplMfSbdpQQG5v@@e9Y;hue| z9IgA$P*edor~^h7PKb9k=dWw*-ZMZ!o^GV*=nq-Q$nJGk=N04@(P)Ck)2PjaRN54O zC3Kb;6nt;wsKmz09m*pH4&t4_`p2;~S*abZE`if0FiXtuOq zb7})5t8Wt1#v4sR?2N3I2j~eAvaXWVmRt;gjs=6FRO^vWH3f!nXVv4&+_#0zhE_w) zGrB9y9Y9b&>7{b^vF9))FT>g0B@Jw`v(5dCc!4$mh=DuT(4RL_o6zTmm|~*VID-2F z0nULXT__kWOs!sm*!GW-o;WbE%d>}>*~%5+VZ`xpH$t$RPV;uNJiG;0S)9)HegO15 zu@&!QYN6G&aw%BeUte{;P*hp7OprjQSmUh?Ta2aQ)S2(?C(=HV(t3<(S}6%`GuT5^Hv2Tj{sirdc{gF;xQtQ;h}o;CQ^@yo#+S{v}!=$jN>1c z5t;epc)x;CU`fPkHU?Sx39_TB{GkOty>~VE9r2NMfmdrf8RPOO5Fdz%mYPiD*!#wh zU9bCw3D}2&VhJ#0szT6}F6kX6Bjp5{N%3W>Rx&$)B zbB+$UUx=+&H%}3c-{?>iB!E>sBbK$IIT?!z(;115=zGA5=ykYD`{;3+tE&*>Ebgaf zIWY*}BbrIjO(@?|!ZV2937bq|5o)b$OfdLtS4t?=UVw{!}qnb@8Sa08cT!2H&<~Rq{ z4%hnm2k9z~kj#qJ&zXq6V2%o14#slJVk7lh)p2<@_#Hc^KWDQ38lDZl*)mk0i^Utf zUSq#kqNAT4xIFy%!VV!r^dhWjizIc1;Db`!@EnmZ##&+P6Zn>lSQ;3Mz#H?Jq2iHr zKl{#T312Pvyz6j|B8n7-AcvWD~UGZ`=*febcHgEoN-+JJ;~ewCBfhPxI+`i_-TOq zDUedRW~v;|0r>U{5Hxh;j9--N{bUHK^b$`-dek;u+Gwq zV#7|UeGsy$?NE*`dsL}W0000t#Fi`R3XZqV7+)SpUgO{5nbZ&M%}}B!tfR-_2mt{K zx*_)q#$iS|4t?ORzUVp=^MEWvzEV^T|O2=aSKslV>V%VS0>t>Rjh39m2j>`5t z)YMHI0#|^2`Ko1K3qhpWZ(*I@tpPCz5}}^OREu$aPLzi$nW7!%`p^=uJdH1v9*@29 zwmJa%J|B^@0cOfya@`f_v48rD6)F)Az5KWZiKS5(EI@Jq-mHE2&$?#*~G)P7)EfA;g{T&Cl57!iyW!?7V1=9R8fLT~h7pHXbGjHl8B=0p7 zHZB+iND5JSm89<6Ki}`0RiPat(ZEg2kLl}v6qcvUPJSlFN04;L$`;~9FEf*D?=`1Z zrXi6%Y!53KKeHnxV84veDb$5+SRm}ao5F3(DyFgMy>MgLjLwr3-$;rj)|AP8-E6}i z(d5!e45O-%ri+v4a<54M11MfzKUBtVl#9W=fN^>yprD$+WFo;x{cNOC0Y?;==gS}V z1i1_7P7pb20T11s8c8gV9+M1FX&JkL zg2Q(U{y>H5?%{IaH~O?ri~rR9t$K|N!3%{*+oay>uc@zs#(CV%?yEu zGhSbVL}{jwHA1;lnr;ea!VWFwg>cax5{g7*R1cR2t@MxM_%_BG%9yO6~(K4N@W@TQQulUt}u6~ zl(NZ!EWN#w8?xm*jAv54RuHQJ?LQb6JN~!(t(b&@qod5!9+EZyfdOHH+60mYe~~Yo zS!;gi?=cci57rB9%OqboYQYUiPO`?P2iRQ3&rED5;RncfpI9ovAK9gCYf_Hx-VskY!QyOJ~ZbduGcso@I zkr*iXrC-0rX9Bs6D8AVeF_07vQ&-`bIwaPW3nO1*G4sd1+hWbI?nm)IZ;-&2=yABu zSIt&9I~xNm?E}UVaFlUl7jRY(Ev(*zf{qh=WVpqx$sXg2>W;Bnztn^UMm@t?Ly-{$ z@yGv)o5n|zevx1zc&~YQ;VsrN^c2Df$>K8#kVm^LEB23wB=GzKdh%8}wL&+Lv;|?7 zFqS2z;&aHy!S|5*ov6g#41YP8?%^7Hf2Y*)U?fFiGd-HC)xb@Drx(-NE@-n#xn zRmfdQUMTN}WJhIZT~8Yu+I>WYMqb%hdo zBkimtQ`h0&iaAyl2Nn0KaP*`C3o&K0d28jqdPwFdIUak_z$0r>ULHQflE8OSvQ#i4 z_Z4|}1nEP@gTWLs4?461&I9-st$M(g6^7xJf_a;cIpR77GZ?!`ZkyHWsJzAvH);-) zhdQ$(C3dFpIO}xfB)xiOltrZa&4eIED6&EvO8d7w%lPoOR=hxa>-&X(o7NFd%8LKT zft*B!000Cq2j89O7nIGQCVsTp3+))zLP5X{b42|&+Rry-i)pnsw#*5_8h7+HRYmEV zE|Ng3vP}IkX^M5A7R)37e9eDK1;C7jpdDvZlj!75G5vCHohsjDKjh!_7MaY;KuZM2 zx60pG`7ldiqS8f#+HYyzO4e>WMaSadyl_6i6U$m^Xlut+Ce?&M3hh zp>T>V1D-k)K+m!9GLlVE7D)RuJlj1BukL|su3}wEbvtxKa_j(EIY|03)*tAgY_Xg3 zhTeF$Hz{s($`6Mi?VZYVL*h9`5A-OLUh3`n-G&dPZuY4?p*TuqqsQb)xKpY3^87$mfw1@ zVzhD;0tKi?=0>)+N`CO%#Y&Nr)n}t~w|_*W-J#@DYppO}J71!Rg`r(oXD_M@mij|cs(4q+((S*dAY$6B7Fk~rTTdVS>9;yKfFzN--8!5UCmb~e6r-~}@5}3z z^qXQ@Z&X9}pF8=CT0{%pI^D=|ggU9CyG7$}5(qz-B`4AIZxnk?PXnelDJ*8!^Z;U@ zyB#8FFttQcHIlM8*JV!6kIurw>oe5XaB2lI0R}t z{Rk804i|^2iGpimUJ=4bRKn{s1l)~(hyK5dW9URsi1>*mnP$0Iow#zWp@%RsAbD00 z+#4wpzNWxe*(vzVkS1;3y?0h4vbqfLmOivNiOfz0cT!DvL}zA70KnMVVzik_qCEtT zI1>Lsew^iH7hOq(;}%UeKzOu<)|1bvi(7mgMb3<==y4LSo49|deMV2}s_8G!6IsEf zJmpjT6+tcH?h50P)t_9YO%~^Otd6WXCXr^!WP%52JNrTSY8e{*$O9%e9TtIFXQ(fj zPgL>>y#^22qr$EsE`^Jl17ps>Le9cR$;_RYIyiSa*^0$dFn^I8ox~w6dnC`W*QOg` zkxH4!W)|hFa;kc&xRK@q}e1-HeGDJBu!k0nlJd!yd>gC6G>&fb)!G0p&Q&)bjz{i%%>$21x- zspKa`Sv&OA(o0)MYS-mW@h~i#8eS@@ab6x>Duh_C`&BUc3W1a)X z3tXFm5k=N0ru<7KV&k-nj4dTaZ3c_sQvB|8Pg-&mhpoL>!~x^oedI|tJIX-6OPs_k zJ04eCkCq;#lb9Z9i{UsP3qe(-S~D{aEIE@{=(?L{p`XP}C48X-R*|q!ZOr&4usfpD zb+SHqH&v6a=U(wbV= z&Mr}i*)xMHlxkKT6L8fpE~*};(yHG8?JYZ5At$W~2>Em#Rdke8W5%eniU;ZhZ&+jp z5$2ArR+)1}^b{E9mG(0L9Gn|VNLpf&CPg1N#~WhWPfj9Wb&6r`X-s9<KU z)Sx19WL>QnU-Rp90wzmWk@4XusEdCPrIHNZ%jn)OMsq>=kOO=!?|TWIa+Pm$ zXBAbPmG+{C@q;t^^ib2VXs5Kk-ARc!vcc2UGC4mj@6)X`JPA`BdP1GhqtDbukxTc} z7>yFkb#!?RALuwZUuQ31F)<9R%mB`>xy)RH#O-VGSDhm)`;K zuW32ELNnx=FwsruliGo4IMXgt8`Veff&Q6j)PmGA`#rQ=E?Qq2GO}?2Zhq!JCXEC| z2MaQy%hjO{HdEpq3(kCCV_5!Y!>)!!sgX#L`Hc-f*6RMgEM9csg&Q{%%HFl58$E-5 zS996roY+gu=BRymq>-uW_m%PY{?)9cl##!NA#0S$d090Bu-*_ zD2IS?&z?}hCsG=#&SWz#uDXwH`YWBJp(rETPv4+Kp!^KB)dT(Uj2y1cbqcz09Fa&R zfPiQyFR9ru43CSB7AoH;@lfhS9I{;T2lZbZ%hUOp>FD-A3N8IvCCilYk>4CBfAV5= zk1#n94tn=|PF0Jq34N!$=*s;NW|r}Kcg*E3M9y8*VU9|FO(-=*tbyMy7`h|UY=Y&7 zuW=wU`J0v#V_3lLTV>p{r=sBam94^sH$@RmP=Y+_sR5OrOk%CacV}d9Zr2N#baK0& z4=gw09(D+Vw#BH4O{lND_LgarZ+ViWD4H)?gK*Uo2k=&`(nlhPzmjCL*jtRcr?Mrw z!gV7CKxs29kL@dl@Fc3Ka6(LF3m=_mJIAHNA<<&6K53sg<{y0FD(?lF!ZIdc zFDbArY&{IJoIFe}34olGT{iXR3jkh!*aPWUMG2u;846TluLvs}*;yMcI)x%&S}VQv z2m@?i%69Q_yS)C9fI0nMjl#nSh77jxqm5Nmw1ji*dKhz^zwYnqJ}lB%to6e@8ZvtQ z7j~#0o`Nz&V+?dbX)G-eP3KVCsf41+|6vMY(o_asPS>JU3!|z&9K+Lq_b?&hTUA(SIbrJaiVoUR zMT&)(g34rs^Pfu>kibX)(FO>>)0&jF-yuMBd~F0#$07Q zbXjU-8nXE>D;=HUfRgRX? zix6O|Rh8=md8ZJDbFcvR^Y6Zm(d2Wus1pw0QAOl4>=Io$t`%X`cUUi~R+u0vbexLz zH{5rt8Lqd(pr3-AvvDGS7oyKnkx*oNEA!k2aG1u1I;n9AGkqY)K3%%C5AfUc9>oZ>3W?XuE%ySBknZG zXQ_xhUJ<`DJD8%NRtdZT`|g>kO=?wdgH*@>*LGS^V17g~rk_KnfC0s{4b|^TQGDQ?3=?~K*+e_h z&Tg4r6ljgWm zb?!b6a#o&{vRa%*;l#stnuvQ)`{qax9OYpXC~4V>2H|{hty8hRCDd^tf05th;#4Qq zz#E2kOHhX+U4L*5t~R0+Dfz2Bu|enU4HP?O$sM)f%$H|!i{SexvGN<~^4a8D_`!Uo zp|Gn321e;Z&{YZyQI9$s%9Nm{4u6BDAW1Dn4LG2|El71OxpgCiyNU)`Xit~6C#@m= zT`r;@MBNZ@LOt6QICgczv$*8pn)Zl@-mvS`qvE6U$q6@RUkF z6^}$2K~EQV(H2`HQ`M$U6zV`t$XkRi-Fr1bx{~?Er<&ekdR(94N*wXTDE)fROxiasxXY7CWK~UXS*cfSK5tlZ0$m zQYoF04E{>9eQ4vhCX-vF5*$`yXFjVYGDLW{ACtq1HSZ=V(Je-x3`eSeNgYhylne-M zWr3%Y0HXU}m$owP_^m_}Q5T3d5nWXcMunSRQZ!`vkyma6Iy*sO+D{%CgCXTuLTK?%u<=}1;= zLk?87ccS5L&vKp-43pYpK?2F7=UR0zXIj|8jA0R7N&Bq%GINON=#g25+xaK_ZOi zjAgc|`&B`ev#lgg2MfvE94PcedJaQ;I0zmEkK#De*gDDN{n0_>zta25%zo^I`~mO`qM%n9fSb;wD%#WGBP7d)}`u ztM!#(SQ(*}c_XF9Mb{ey7urm`tVb>=eI;EhYOD*cr!RV@=KymyH(W-EjH6UXA5y`J z`5?27gUa8zJPz^;wtve9Bg}wkj;Vqu<+0{P;RAQ!CZc?%hL+vG1>RR+MZr%gb zqyMSuge&~z3C8j_i%__F@U5bE^jvZlCjPj!M2I4Qu6b=hYQBtE8?lhBf$oqCH+=8e zK!`hGG;c+w8(&LzFsY{4=V&VP<5QXhnxiL(?OiGG;UD!Tk#L@MNAfjh<`S;e2)km2 z<7(|o;6h-Zi}}cJCG)gG)pe1d%kVq7VEdjcoQ)V(LGqb>0n^U(3Y`gw7*=QE|UFE>k9E8-!Wlj@cn+^8V{?HW&Ark6` z9^GiUIcrrk-u&$z=@E@cVm7aJCmPm3> zg4lV}u38tTg(_7S0Ad~?#Z^57A+HkJXtbj;+T>yL&JcDm+1WOOBh>0x1>Cq*``jZM z9D>C7r3GC;AY2LfrsWvypo+n@(@apAmMu)#@wvy6H)?~-MY@|n$cW<=HcvY|r~M?_ zAz=DUk*u)*=Y9Jdrbv70YvO4AS_&)JX!cvYzREx*y{LXBWMW@D)l-F_o17ruc;b~D zO%EAN(|tfHKYfMb@PV5zu(*Z`%jL&TwPN9(+s}c$e~p<)xL&yAWfb|xkAsl&9wUP} z)oRl$?v2tPY*O@$4XM}=l78j8pRj&JAGGleW-6;BGuV$ivpuL`fP**XEy;~>?0Uzb zASR;W{eU3{IjUp|_NkmWzkT)>p+6ar5gV`}Kt-h&6NDj#Q}n~Z zXvL<_g)AqUbAbNq-DhS`f2x*a(aTfz*IzDCpo@g?A~hDpf9&8ydu$ zNo#b4H)fToz5m!7qCg+@pZuV}DzU+(Z_ddZ@6N?0J0}>pNkIQ$3a<``aOy!WXXgff zd?!jKsro?1rKuyUZIU%Bl6)pznDMg-zn(ympf}1OZhl%ns0C%K;2^f^Q|@x_K~;7; zzwu{{zbRa*o?_VW`ck>3phM6bOeBLQu_%3Z9{!T(@mR;4BcxR#Rv>VckfWw$=jnJ!qgpsg(Kk3}| zUQf5Y)>W56i$6S&7sLZf4e6WHRz`dv&6}7MI$H4i1xWP%xx zQN#HLV$q6n)Cqj`#c@&dOF)COzzVed-+-NQi4kA`GW6DBt*KgU>Hfj z_x3Y60l$?@qhu+>He>B3QPu^T)frEOL-sFjbE0A%tQK6C11lZ8*D^TG6?f>byqII} z5E|MvH`6LHoW&MLcoNrcNjeOp@}8XMo2shoje$&7I3cn~@NkJ}Rmk)Nu56}w;fOZ% z<^V%dD@sOeg>6Ub|5GynaC1(!jse^FJN7=ktp^7omXWeB9~p>MMT(NN*LYbu`J>`- zLd+NbmW?%6MMH1D2tq9$N5u7DW@+%DvOjUwN$JJ1o>v1}WmvuCU?qOBO zI8l7C(6FoShb!sf385Oir~ryDkr%!Cs-tCjy23LWJ;1DQ% zM;AP$&Zaw~UEV z=)PG@BRe=^K6)%04N|;p;1h1I(HP&neU3u^JXpZF^QIQ$s|qN!ox4r_kQ5KD~th;M5!;tg9VZuyHddqNF`-y^Yk{+!ioAi zumZh*DB#l*+a|47R~12=QKEJw@C!qW-Hpw@J|1rVSe6k90O0Sbwy!lR@f$8(8MhPvx1*V{o;c%8B3`&5A1r#0)sbV0D~rNrcB;N5^W;d1_p0!Vg) zDY##%`~vC2N)$NEY?f}qluHFv?y!yY)l&!+-v(l<1Zw9F%R=3e!DFQDoOTw1??k20w;PD3&GWpu~{lYp-=hy1$ z9<9FbGU_i??g1u3;TD~O9o$T5IcouW?~8$ZZA%(%&;6$ie`Tg+bKg}bQ!ZFcu)qIL z&Un_Rlq(3nswDk*uU)r8!y+*@%8MZ&G|OKX%h-4;4U#(TL64kzH6Ghn)Syv6{e(~R+P;M=2 zYq$Y1PS-3;^KMH$QQ6FehCsEwSA&PNku6Rs_kX8G*Rb|seXaYchm5{7^Z_hhT#JP$ zO~DK`Eo^t8p591UwzJIY@#lTA5h22j@;@y%wb~&mZcb}S&p}j;m)CyG&dj0{ z6NG5lE};XD0S}n!`#dE=a)ACQqB>6&auk=3St-QjI(pKO6qxfDsxNRo1PBHWNPLR5 z44NRo&T~%;959zuLJAl*eW?f6z#h%PA?9i#B>dSn0Srg#Hi~|YePigiNw$t!!xlj7ZeQ42 zCybzBC8XF~R;P$UnNJo7J+j3wY~7Qz-qY_2vY!wEfQ_I&2)c=hz+foQi8xK}Sha#; zk&O+%KZDybvnC-~wc5=Io+(2QL=W$E4Z*GMK}4h!PU2wApVIVow45)E(ZeU~c+ za*?%TR8(8U8|*T?scu(No6G^?Q)C&hrs#?uKweTPs{$YVR6&I1(X3>^`F*ljZ0eSk zv?{XA{?amop>>TgcNVC-LqYSX^Oxsxt+rZw-}{}$=Ix8e9RGJTO&m-NX}rv zrJr(s#d_z^wxc1y%tGd7G9RDM*#Cd}1#HhHN5#MBVH6`h_)fjtJHc7GsLtEzs3uPM ztH{KhB~E?$$Lg&g{T;DSoA(TO!%6Kku?3C_N_@mklaWHJk#XB0hb)55Ys#}X|HyKR zk9;#Q1Xx{VJc7DZZmubFs_jzNAg7!Ps?UW52QDfK`o20Sv9>IFEQG%?JL0M0dc2R% zsS{WN9P$8?@2+Kp3lfh0TJok;KyvO_l`GK0r2SE~kza8U!c_Iuegu~cVu5*W9sB4x z;}2?n_tp{$%>v9Z2-o~SbY#qT#0xlHC!{&@EUnQz%`E|=VwvLD)HCSmzrWiCo)Xuq z;Wy*L1hg=msss0K0km=%o=K7yQq)Gk$=R3}rFfk!69wf7ex!{h14ZLLZz9T$jx%*d z@z(oR9UqLtlMwDcjLsQYO^ukf;ZfuChnr0$Omnh1Rzp8~#c2>U-D@RbW7 zj)V7po4H(0wC);%47H>>Sw69*B(^5f$o%;!L{d%5F3GrRcV`uEQ*V#HD* zVoZz>L4BGd61u&@_CNyMCM~vp02=Fk(40#83XNmGM3qbe%V1f8MYiI1>;uZL&1WCE zU9JQmL~M8+R`dfBcK&cFo6rV=-JmxZQ{sOuacHTBd@LylCJc9kEZIT>CnQFC%DBiI z`LH7>x`{r}cMTF%EFlv;c*rt56xRTxT zWB2*BMBUb%clgB`R#F3^E#^(wr&)>z(O6X=NUs#cVGWHh51_|a*f|OHG9(CfY9t)5 z@S!}H=^FE|l{}zM79BOIP(s+qV6xHyN8|B*QnczQ4iZKfrfJR&a_uZF;L7t9(O&Bz zN1i!Xz^zQ_RE#y1epB~@O#49E#b&P?jQ%I@vCXj83AmQ1Mn%4l>p#wjmf zuSgh@iye3(p)ElX`dn4bG?Qr$x?>CzDzQ1slQRL+AmG&#b&0HSSCsK>j%iJUmb=du z=f2;RNa4d*>MtF(%`&BuZjZ_8qEX%(Wcc-+HLKtey5U4s|h`dFY#6z++72N*~ zE$+N^22s>S=`{>?+T}hj*w_6YicXe|AS1(|VQR)Z@RhTWMUsHKT27bwbPM#1Z|w-m*8tV?`I+kACZmbd1qujWxXQSLQRW%84@p%>CazMofz8P z)CZ@Y322KQ8d&CdeVXN<4DG&M4zps~I<2(wr%AXnpZwKTsDjo*JLgXZ05Nd6bc9kn zdnKLx9HYs7W9lgr0uY?61SgF#2=jGTw^b;O*!SX?>_`U-k7G0(hA-xYJp<)?dZN>01F(|bCpkn3E*eVQ4 z!|NB2=9iY-d=|u}!ndmla0J2>T78mg$W5JM(y9n%P(&Q#_fbsEv>pPYEYti0zimzM zA?n_D^BU?Z!mTEb-eq7&f|;iB-G8ozev=FHM+1>i-V{@FIVJPc^*1YJqLSld4W7rVwCC|K{s3zyZT z+u)#S^2Kq$eZ;j93hCvIYHLlI`4Qf(!`kNwBp$#4#&U{Nt(u5^O3KrIKufL8CqPeX z5*!uI=>)IpHQ*_EFt!ga4gwMGvX6JmUP)&Hg))2t431b{&Pwg4R8mo6Y0k#QZbVkY z=;m!uDwO#S32s$jV-Z&+K}*rz+L$6074y5Iac%ZeHGT3|T4UTk6JF%*mO!vfhs?be z6&7|wy=z-`&}fdQIcF!I6J`F8`Ks43QqzLOrAV9v?|qqJ>Fv9WAvF+{bb6BtEgh53 z-4%){Zt%d4Na^aK%li{XYvAD3%(x<452}Y@8F!~~6rr2$qZRY_nZ~!^`m0Lo_!)7> zk4@|CLt&W*7X?W~zbWd{aj%Zim zR0J$r(mf|AtQeX|Gq$YFLlfq0n5RY0)lhE)yn~m|ij!-lGT%SxyKXAfQ@zPg5PF5- z3S;^Z2`5w}wIBjX%zhbb?m~R2%BYaFZ!QqO)k&bxq~F28sdKMna%B1<`f+_2e?8AD zfrxi0f~C^PP9V132FnI6gOn%dzCsQ|1-`f^j&Nho6pj$kOU9X$ma?Caz+jxIE#)Q3 zD3Z=cl|0{5dPtc>b1U`H)`9wtckv#@@8&Twfv;MP@qTFdX4npBFQmw2A{EewtTryW z>tN|?NXXfTK#hg?lW=LNqjuT7()=d8z>oMhk31u)=@E>7Z+{L8sA$0No2iHfU_A^Emzz?bk;5JQw3ay# z+i%D?BS+X0b-U*`Q-Fj zjRsUS&WNLv^{RY9`%PIz-)5ZqH4G9HF+5{K4t@ahYKomSmO-0QN4EvC`}8&$3jP`iS%NAw1(&SQpFkN8tf4pSIKViFht>cSpdXfg|BB zW*dV<-A-||DdlRM?L94x!9`KU>q8fv!?_nv0M=iauF*!kL|Io)vWQf|+Mogpgv7MR zs4(_*1F7z0@(i-jH_$MsJ%n!iElz$;>gi9_D>2YtGPRB3nHF&LV(o|P1{^bZJ+;O0 zd{fQD+HU~>v>SS^d2%wIPZ_W8MwAG6FtoB<0;w9yG#C$8j5j)}LSE|znaUSua8#E# zwF4$xps+O8S(14MMGRXWbP^z{Me@v-5xr!)1b8V|Fw%^L(<(o=2t$J{n6w*9nnFw( z`YZhBnps$~j1H7d`zyX;i$fG(0zi`UkN+vNvCm!;-^W6;0;wT+bec+%*ZA1k`0`x* zb854+t*PS?c25;)l!6!S@OrWOw84S@OqXKp#q0j79rH+~=M` z1Y?064%CUAf<^+cj-;6=)?ouGcf;>T@hgla+e-@UelI`CC#MXaoIOq zBC(b|50(s(YtWoL?Cq~~f}5Jyst{L{J(BOq1 zyH1b+aAG607Hml-0@ilq-Hl{mwR&X6>&0tnerNN!DB4<64 z4(nI((4zkJMLOH@!oUxRYSuQR_w)BD;2X;Ll|+AyT!MG#+f3>&2T?s@zHIIzH`p^* zZprZcL{a)sk>)ACo_+>qm~eJ}x6EaTAbyqHMerOD%2YmLE{7hw<2@6Tk>~imxXLtP zhxxoAK>Y6hD@tZt4nQ$!Jf?)+K9$Z5nP*5DpOmnli?OrjM*Z7nGU?(QIy)XyaT>_$ zc?CsYt&iePN^@9N?%NUz35GRTT8_*!XgB$vW8M#O@nJx)@P?zWiG}@{r)yLxUb&wc9?!iKO6 zk~6fj29@%|(z`(Ms4?Z6(ykue+0CYPRx@<5eP|JPBd;OMDMOKYIG3c$uHXg+qsRJg zVDEmck+x`xw!ESWmc|c#K|b1&P*fm*%`rRqHbEG~7Ghb?%&e&|EM%JYAP?JRbmKh) zGth{+y1xbpQd=IfXVR{+ z2#RjF^+3d4JAO89h`qK+dDqdTi}TEwAiAb%_s=^T^s(qfVuwK3-2h^|kVCYOpcPNJ z)J+%w|6*5^L{v$XCxUzj2ul)-@}O+EG5h{*xVT5k28ln6%>GjZQ~ZEqF5 z?LB@$>VNRzotDk;SdvR+!VB0216A`hgNkJ|a5%7(GIUP;@&)#zT`E;#u7K9&Iw*tG zty4QY&4D!iudX|3ERHqy&HrnpEHkmUI*j67ARI?1BeMlQmy0Z>b8W`R@1AW+bXXy$ zErMHre-Sd-PJ|;l6`g1(H2*5`_yv}@O?$ZD*&2imKd1CPl|u-APniB!mN0rcawB&p z+N4~15yXDUD>9{TzJld&QW!T*S6YS%2G(lkl9P{SC^$=hea&W(AiFXP12Rdlr-@t@ zY76kDD7}N-@AM4=OK-xu^M?!CJJdd!Ai;-aF^o2A&=;Vvxo&wUuCX1m$Dwf3p@d-)Ug4dO6yN9-4UasaXz0QW zRYZj;rwiwr)b@a?k-VB-w3D*(q6zOdE)_} z-hL^SJx74qWnPN&5r2-r3c^%DqjFe%{o=azCITk5L$j>0^X);&fq6`!w*vn4qy(go z#Wj-+553}KO1#u#@MfZL?7GqLXbRArt4(HY-0j2nZzP~2aM<6HJey6QjT)^1-Mk2) zk>V*i1Jwi|)IySY{!U6B&GudvUUbqJY+Ltjl+%kuk^`Via$}TaSd^GYxKlIh=xUY! zSTd^Wr-#a?0>f%}TL_Vq_?9 z3!SMHnL?qh>Q|vriDJDu(WgB=>3{B{BbMQ0zroi>O!2q<%#^mccE>zBi-|9N?} znVQY$$2SZ47BM>dpFIL;=uRVC`1fTmCcDE9rw49}>bIXyvDBYc!y2QRKL6xF_}(3( z;((9Z3L8zvICXe2fD>1KvC0G8a15~LuT*V66A^?{4uz|w=;C=nFbg! zwYvaF)AW$$`+{|m?Sow;A^NM)Hg3XCGp=N$YY~vE$reo%78#yKO{^ol zxbr#wSkVE($lNj_`%u~rSiB@15xdoJo?At994!YtrurCmk-v;G&bsU*x zujqp!Jfw(_2^DGgV+NM*nV9H3!{n2(Bx5HHMMyXQa)QG$HX9d#qP%-z= zB~&&8|C=OJWvb_Fk}(Bp$A&8B`dF~CevoS9?v9;aGlV#J)SFa*ZbWsinbwnR5(YK5sKUSG-@IXZyK*$$A1r<$-o9ABXvhm zaw;SxT@f<~!-bGokwe{2ehIMp7-%MVhnm`rz0FJFy?JPseKTT644a!;73%qhL#)ZN zNCT%9I79KU2{Dpf$l+_ z+pCxF9)v9uewqj>`E?I%nVV7E?orXr&Qg1144KGd@e@up$7Y1riB*|4;>c6C99u#y z4}|+$4{)I@&fK|$lb<0M>%Y+J!^xR#r5pH$ECY0y>emQ!@mtWNR>MhZY?Bd$w=Pg< zkTs&86*;QZ_A{4|v)%oJlQjV&x4^s{eMaJKiHs?s`OA9$|GFq>#!3^mwX-uOuQLF- z5xlord}Wym0EATzqD2L`P&8bLZv^PJ-o(;D=-MU%_!^q;y;Z{=6|{VqO{+(km)40h zwUtwA?K@Uj@TYk(pSdVzFgH3%8)Ir*~i|Mw)+O834ky^A27= z`J1(63y%-d{sMMJ2@mY;;-FvbtClK24ol}!gt)uq{JWBZ8r>Nb<6mykyC_h|K}?}p zMDsZL%Zxf*g4Tm1>mEl%<89l4N&YXh+@(m6q@lb-3>C_w&A9sV@v#F#@uwl4)t%|+ z$a@{@c5*sO4Sf2hGw-ZPDx zG{g&>(-}be(>RNV;m{i(n>hUTL%??Do3(-~N8sP>eym(G=&4E-OBbGDOvXBqTM>wI z!UIiWFe~4Jd<4ht`Bq(G7KE^d2w<9IgRKPx3g3jH#UJpcAn+Yi5#^h+KkAukHC`_* zA0+O8_QJbCa|keSh+si!A2E6#S2GoE*KW9Vru}Ml;vl_n>F~gYwHH?Hgz4lb3e#GX z`4B+HLEaf5^3NAfSiP*VY&EvJtbrkHe0m68;HQ*dwk~o%Qs&1+ZwpPm1nnX|@>1Lv zi%1rb{9xn0l&K=@GkV?Z;rPu&Q2R$pxhn`K%BD(vkb$6#3;ai>VAR7swGzP_i4%k) z`qn!_)SAq#_?AvWT1iY=2;iG50Sl6>h-L-juOaxqt<<{}5zjyz(iU43ahrO*;r5B) z)0uw`vNa(~llZQ^J^CokSKxN;t8z`LXPU2`rNe~GeT>4!Mlp`F{wf+85$W9j++*a! zyt-_pMmcln0@C_p_m^4}C#+52GW2*yB2;_pjc>c zfzEe^77z_0nL&Qc&p#EwXo^PBwWMOuw$|@@b8a;Qjp+mv9xT3af*8j6P{6N&eo4v) zKtxK?{#1y1%+h<)VeE40_NjDbJyz5!fLx=s^Nre{?mVx22LVyin?zk49#uk#s7r~^ z^uTThKTjM3zykDNgosX8p1iDNFhW5rkG=tXs7soG!nlbBJKMs~nag`_7gV`X&<0-S zP)Ec-g$L2LGSjjm1Lm~`t%pUZE5uG;Kb<4@BWr(zQWTwx|HloPEsw8$R%^hHGj~ZE z^{#sOf#bWL)iOVv6DFmRoxx&oSebLuIo*~Ml!kU6@)ilXOOnU&CVMtba)qsfs+Aa) z-*=!T=YBUi?7ekg((@zEo1ET^!yA?aPFAQL|6^X7-i+;U?$#Th3o)!HXO5}>QFCY% z6NZoTRA293ItPdR;wmqUbAQq`E|A3M=XIl=ytd&_vA-<)D1((Sm}CjcXt?yk^3c0Z zR>NHFaaTb7G659*_OD&_3@9OaWI27@`~xKSr2H3;Xu3+%?CS3nMS#s_)(Q80g-F@- zj))r64A2(Hy7%0BX3=f`@mg<2-i?bg_QPI|eXE2lvzV5s24 zJNTcy|Hu~bfp;+-2n(9JPwt=Vx-7)!{S20;%HNs66c^ribL`rc?9R99 zBM*^UT< AIO - + From bc92ebc65c561c093c49d4e25fc7f0ba0af3f6ba Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 18 Sep 2025 09:32:57 +0000 Subject: [PATCH 0567/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 20 insertions(+), 20 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index e406a494..f089c598 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.7.0 +version: 11.8.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 7a103567..40344921 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-apache:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index c3e022fa..6cfc7167 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-clamav:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index f49da097..417a1884 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -28,14 +28,14 @@ spec: - name: TZ value: "{{ .Values.TIMEZONE }}" - name: aliasgroup1 - value: https://{{ .Values.NC_DOMAIN }}:443 + value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache:23973 - name: dictionaries value: "{{ .Values.COLLABORA_DICTIONARIES }}" - name: extra_params value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-collabora:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 5edd6701..58fcab24 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 663e3438..657a5f98 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 61ad3e5c..a13e5d4e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 6d93dd7d..224e82a2 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 command: - chmod - "777" @@ -188,7 +188,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250918_093027 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index eabd0372..eb744159 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index e94a1a93..14244671 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 8cb961ed..b7433541 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-redis:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index d3b8ee2a..96617fe3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-talk:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index d54a6376..a112e45f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250918_093027 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 9729c473..72b60f18 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250905_100617 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250918_093027 readinessProbe: exec: command: From 5b76d6fac6e105db43700a5bd84a410f7f854148 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 18 Sep 2025 11:44:22 +0200 Subject: [PATCH 0568/1064] increase to 11.9.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index e686e3a8..aa9b30c3 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@

    -

    Nextcloud AIO v11.8.0

    +

    Nextcloud AIO v11.9.0

    {# Add 2nd tab warning #} From d937739ef0c05ff73f865dfd7ce98c137897fbaf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Sep 2025 04:20:39 +0000 Subject: [PATCH 0569/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.3 to 8.19.4. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index ff683d33..289722ea 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.3 +FROM elasticsearch:8.19.4 USER root From caaf45143d421150c56ec689f3654cc63cd18e2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Sep 2025 12:16:59 +0000 Subject: [PATCH 0570/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.4 to 2.35.5. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/ec406be512d7077f68eed36e63f4d91bc006edc4...bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.35.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index cb3eb33d..e6205d4e 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 + - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 1beac885..81ada6da 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index 62aea81e..d2bccbd5 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v5 - name: Set up php - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index a35394aa..67618422 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v5 - name: Set up php - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index ea70f8e8..3fcdae12 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.1.1 - name: Set up php - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 93c4b572..107edc8b 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v5 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 with: php-version: 8.4 extensions: apcu From 2324666591949a48fe15e731a24b5e08bf24c946 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Sep 2025 04:20:34 +0000 Subject: [PATCH 0571/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.11.9-scratch to 2.12.0-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.12.0-scratch dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 88a9cd1e..ecc0e422 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.11.9-scratch AS nats +FROM nats:2.12.0-scratch AS nats FROM eturnal/eturnal:1.12.1 AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling FROM alpine:3.22.1 AS janus From 21c62125f18a8c366f9ba969aae348de993bc6dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Sep 2025 04:23:39 +0000 Subject: [PATCH 0572/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.2.4-alpine to 3.2.5-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.2.5-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 094d3fd5..24a1f298 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.2.4-alpine +FROM haproxy:3.2.5-alpine # hadolint ignore=DL3002 USER root From 68317a1eb3cb0583b36d131ba1ff7c983159ef13 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Sep 2025 04:24:33 +0000 Subject: [PATCH 0573/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.2.0 to v1.2.1. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.2.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 43f1ad90..680a59d0 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.0 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.1 USER root RUN set -ex; \ From 456a06d968f69dd279327deb5bee959fc96bff18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Sep 2025 12:18:30 +0000 Subject: [PATCH 0574/1064] build(deps): bump softprops/turnstyle in /.github/workflows Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/softprops/turnstyle/releases) - [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/turnstyle/compare/bff843227669a0c34c7f791ebd53a4b7c2a3febd...858c58d647eeb05b1725a96ae3fc290230321af3) --- updated-dependencies: - dependency-name: softprops/turnstyle dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 0ab37267..56854ed4 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v5 - name: Turnstyle - uses: softprops/turnstyle@bff843227669a0c34c7f791ebd53a4b7c2a3febd # v2 + uses: softprops/turnstyle@858c58d647eeb05b1725a96ae3fc290230321af3 # v2 with: continue-after-seconds: 180 env: From 37132d805e2e2c0514300d15fd12f43fb2735d69 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 25 Sep 2025 15:10:41 +0200 Subject: [PATCH 0575/1064] add recommendation to use orbstack on macOS Signed-off-by: Simon L. --- readme.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 4c0712aa..7331353f 100644 --- a/readme.md +++ b/readme.md @@ -523,7 +523,11 @@ The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which ## Guides ### How to run AIO on macOS? -On macOS, there is only one thing different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux. + +> [!NOTE] +> On macOS, it is recommended to use OrbStack instead of Docker Desktop which has much better compatibility with docker for Linux compared to Docker Desktop. See https://orbstack.dev/ + +Generally, on macOS, there is only one thing different for the docker run command in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/) (and don't forget to [enable ipv6](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) if you should need that). Apart from that it should work and behave the same like on Linux. Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it. From 4b0c78376d995fb8f236c4125ac9732e32aebeac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Sep 2025 04:22:54 +0000 Subject: [PATCH 0576/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.5.2.1 to 25.04.5.3.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.5.3.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 6438a186..536bec37 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.5.2.1 +FROM collabora/code:25.04.5.3.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 4ab852204febf68a70c7c0321a2cddcc76c53fe5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Sep 2025 04:23:15 +0000 Subject: [PATCH 0577/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.4.12-fpm-alpine3.22 to 8.4.13-fpm-alpine3.22. --- updated-dependencies: - dependency-name: php dependency-version: 8.4.13-fpm-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index cdf31a52..58248890 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:28.4.0-cli AS docker FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile -FROM php:8.4.12-fpm-alpine3.22 +FROM php:8.4.13-fpm-alpine3.22 EXPOSE 80 EXPOSE 8080 From b692c1d04988a3c4473b276e9d4aeec28195fab7 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 26 Sep 2025 10:19:30 +0200 Subject: [PATCH 0578/1064] nextcloud: allow to define postgres root cert during install Signed-off-by: Simon L. --- Containers/nextcloud/config/postgres.config.php | 9 +++++++++ Containers/nextcloud/entrypoint.sh | 6 ++++++ Containers/notify-push/start.sh | 7 ++++++- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 Containers/nextcloud/config/postgres.config.php diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php new file mode 100644 index 00000000..38f980fe --- /dev/null +++ b/Containers/nextcloud/config/postgres.config.php @@ -0,0 +1,9 @@ + array( + 'mode' => 'verify-ca', + 'rootcert' => '/var/www/html/data/certificates/POSTGRES', + ), + ); +} diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 25d549e0..1e0ada44 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -241,6 +241,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then ); DATADIR_PERMISSION_CONF + # Write out postgres root cert + if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then + mkdir /var/www/html/data/certificates + echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES" + fi + echo "Installing with $DATABASE_TYPE database" # Set a default value for POSTGRES_PORT if [ -z "$POSTGRES_PORT" ]; then diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index e1bbf974..859c6309 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -66,8 +66,13 @@ if [ "$POSTGRES_USER" = nextcloud ]; then export POSTGRES_USER fi +# Postgres root cert +if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then + POSTGRES_CERT="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES" +fi + # Set sensitive values as env -export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" +export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$POSTGRES_CERT" export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX" # Run it From 19b1469d85efb0998836e7ae9ae7d0da54c7ece9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 26 Sep 2025 11:38:14 +0200 Subject: [PATCH 0579/1064] nextcloud-s3-config: allow multibucket config Signed-off-by: Simon L. --- Containers/nextcloud/config/s3.config.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php index cd08f7fc..99999668 100644 --- a/Containers/nextcloud/config/s3.config.php +++ b/Containers/nextcloud/config/s3.config.php @@ -4,8 +4,9 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE'); $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH'); $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE'); + $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET'); $CONFIG = array( - 'objectstore' => array( + $multibucket === 'true' ? 'objectstore_multibucket' : 'objectstore' => array( 'class' => '\OC\Files\ObjectStore\S3', 'arguments' => array( 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), From f3c666df9af8280092051dd9e1b6a984021541b6 Mon Sep 17 00:00:00 2001 From: Josh Date: Fri, 26 Sep 2025 15:53:28 -0400 Subject: [PATCH 0580/1064] fix: unify default initialization of s3 autocreate and use_ssl Unify with micro-services image fix: nextcloud/docker#2309 Signed-off-by: Josh --- Containers/nextcloud/config/s3.config.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php index cd08f7fc..79113e6d 100644 --- a/Containers/nextcloud/config/s3.config.php +++ b/Containers/nextcloud/config/s3.config.php @@ -16,8 +16,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { 'port' => getenv('OBJECTSTORE_S3_PORT') ?: '', 'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '', 'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:", - 'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true, - 'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true, + 'autocreate' => strtolower($autocreate) !== 'false', + 'use_ssl' => strtolower($use_ssl) !== 'false', // required for some non Amazon S3 implementations 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', // required for older protocol versions @@ -31,3 +31,4 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key; } } + From cc1933b51f3f9eec92134cfa56b435ff32fb0581 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Sat, 27 Sep 2025 08:18:03 +0000 Subject: [PATCH 0581/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index f089c598..03627c26 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.8.0 +version: 11.9.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 40344921..992e66de 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-apache:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 6cfc7167..2e9ccb95 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-clamav:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 417a1884..07f09220 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-collabora:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 58fcab24..abfa8b01 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-postgresql:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 657a5f98..9dcc9d63 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index a13e5d4e..5e54704c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-imaginary:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 224e82a2..1644464c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 command: - chmod - "777" @@ -188,7 +188,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20250927_081431 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index eb744159..799e4390 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-notify-push:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 14244671..820e6842 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index b7433541..015da80f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-redis:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 96617fe3..bb6f2a1c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index a112e45f..d59c60c0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20250927_081431 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 72b60f18..804c5d2d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250918_093027 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20250927_081431 readinessProbe: exec: command: From f8cc109b7e1c2dc12e4319c79fc55e89dd256932 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Sat, 27 Sep 2025 12:26:56 +0200 Subject: [PATCH 0582/1064] Change ui_secret to use LLDAP_LDAP_USER_PASS Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/lldap/lldap.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/lldap/lldap.json b/community-containers/lldap/lldap.json index 8f7fba88..32f8e7ec 100644 --- a/community-containers/lldap/lldap.json +++ b/community-containers/lldap/lldap.json @@ -27,7 +27,7 @@ "LLDAP_JWT_SECRET", "LLDAP_LDAP_USER_PASS" ], - "ui_secret": "LLDAP_JWT_SECRET", + "ui_secret": "LLDAP_LDAP_USER_PASS", "volumes": [ { "source": "nextcloud_aio_lldap", From 25c80f470bcfaf60e8a400c3f4a5b58f2e8a6d2f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Sun, 28 Sep 2025 12:03:19 +0000 Subject: [PATCH 0583/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 34e3534b..bb81d695 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -391,16 +391,16 @@ }, { "name": "laravel/serializable-closure", - "version": "v2.0.4", + "version": "v2.0.5", "source": { "type": "git", "url": "https://github.com/laravel/serializable-closure.git", - "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841" + "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b352cf0534aa1ae6b4d825d1e762e35d43f8a841", - "reference": "b352cf0534aa1ae6b4d825d1e762e35d43f8a841", + "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3832547db6e0e2f8bb03d4093857b378c66eceed", + "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed", "shasum": "" }, "require": { @@ -448,7 +448,7 @@ "issues": "https://github.com/laravel/serializable-closure/issues", "source": "https://github.com/laravel/serializable-closure" }, - "time": "2025-03-19T13:51:03+00:00" + "time": "2025-09-22T17:29:40+00:00" }, { "name": "nikic/fast-route", @@ -3883,16 +3883,16 @@ }, { "name": "symfony/console", - "version": "v6.4.25", + "version": "v6.4.26", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae" + "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/273fd29ff30ba0a88ca5fb83f7cf1ab69306adae", - "reference": "273fd29ff30ba0a88ca5fb83f7cf1ab69306adae", + "url": "https://api.github.com/repos/symfony/console/zipball/492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f", + "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f", "shasum": "" }, "require": { @@ -3957,7 +3957,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.25" + "source": "https://github.com/symfony/console/tree/v6.4.26" }, "funding": [ { @@ -3977,7 +3977,7 @@ "type": "tidelift" } ], - "time": "2025-08-22T10:21:53+00:00" + "time": "2025-09-26T12:13:46+00:00" }, { "name": "symfony/filesystem", @@ -4449,16 +4449,16 @@ }, { "name": "symfony/string", - "version": "v7.3.3", + "version": "v7.3.4", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c" + "reference": "f96476035142921000338bad71e5247fbc138872" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/17a426cce5fd1f0901fefa9b2a490d0038fd3c9c", - "reference": "17a426cce5fd1f0901fefa9b2a490d0038fd3c9c", + "url": "https://api.github.com/repos/symfony/string/zipball/f96476035142921000338bad71e5247fbc138872", + "reference": "f96476035142921000338bad71e5247fbc138872", "shasum": "" }, "require": { @@ -4473,7 +4473,6 @@ }, "require-dev": { "symfony/emoji": "^7.1", - "symfony/error-handler": "^6.4|^7.0", "symfony/http-client": "^6.4|^7.0", "symfony/intl": "^6.4|^7.0", "symfony/translation-contracts": "^2.5|^3.0", @@ -4516,7 +4515,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.3.3" + "source": "https://github.com/symfony/string/tree/v7.3.4" }, "funding": [ { @@ -4536,7 +4535,7 @@ "type": "tidelift" } ], - "time": "2025-08-25T06:35:40+00:00" + "time": "2025-09-11T14:36:48+00:00" }, { "name": "vimeo/psalm", From b77af1a2f85f6de9d727d05dbe1b3267d58e0052 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20M=C3=BCller?= <28591861+alexanderdd@users.noreply.github.com> Date: Sun, 28 Sep 2025 14:10:59 -0500 Subject: [PATCH 0584/1064] add comment about possibility of migration AIO->VM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Alexander Müller <28591861+alexanderdd@users.noreply.github.com> --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 4c0712aa..6fa95704 100644 --- a/readme.md +++ b/readme.md @@ -52,7 +52,7 @@ Included are: - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive) - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap) -- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md) +- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md). Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible. - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban) - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin) - [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server) From d5761aa52bbc4dd1fe0aefe18b2a7803d37f1c76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Sep 2025 04:34:41 +0000 Subject: [PATCH 0585/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.25-fpm-alpine3.22 to 8.3.26-fpm-alpine3.22. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.26-fpm-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 1955ab2f..0ae91b63 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.25-fpm-alpine3.22 +FROM php:8.3.26-fpm-alpine3.22 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From 7a5d3e7ec8428bec549410da64e47b7ef8d58f17 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 26 Sep 2025 11:47:49 +0200 Subject: [PATCH 0586/1064] nextcloud-entrypoint: allow to configreav_blocklisted_directories Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 25d549e0..cdd0f6eb 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -814,6 +814,9 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE" php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE" php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log" + if [ -n "$CLAMAV_BLOCKLISTED_DIRECTORIES" ]; then + php /var/www/html/occ config:app:set files_antivirus av_blocklisted_directories --value="$CLAMAV_BLOCKLISTED_DIRECTORIES" + fi fi else if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/files_antivirus" ]; then From 7c1cc4c2dd5f34d9dd0024a732cafcbe1f5443a6 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sun, 28 Sep 2025 07:41:34 +0200 Subject: [PATCH 0587/1064] talk: update eturnal image tag to use alpine image Signed-off-by: Simon L. --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index ecc0e422..7067c72e 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest FROM nats:2.12.0-scratch AS nats -FROM eturnal/eturnal:1.12.1 AS eturnal +FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling FROM alpine:3.22.1 AS janus From dbcd5d8955f7d375a5abbb0e410fbfb09cd52bec Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 29 Sep 2025 11:15:53 +0200 Subject: [PATCH 0588/1064] also adjust `use_path_style` and `legacy_auth` Signed-off-by: Simon L. --- Containers/nextcloud/config/s3.config.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php index 79113e6d..a56ce04b 100644 --- a/Containers/nextcloud/config/s3.config.php +++ b/Containers/nextcloud/config/s3.config.php @@ -19,9 +19,9 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { 'autocreate' => strtolower($autocreate) !== 'false', 'use_ssl' => strtolower($use_ssl) !== 'false', // required for some non Amazon S3 implementations - 'use_path_style' => $use_path == true && strtolower($use_path) !== 'false', + 'use_path_style' => strtolower($use_path) === 'true', // required for older protocol versions - 'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false' + 'legacy_auth' => strtolower($use_legacyauth) === 'true' ) ) ); @@ -31,4 +31,3 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key; } } - From fa06f1c425dae052c1b7a0ed42497490fb16925b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 29 Sep 2025 12:11:50 +0200 Subject: [PATCH 0589/1064] delete caddy locks if existing on startup Signed-off-by: Simon L. --- Containers/apache/start.sh | 5 +++++ Containers/mastercontainer/start.sh | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh index 5a85aa08..02a2f2ad 100644 --- a/Containers/apache/start.sh +++ b/Containers/apache/start.sh @@ -66,6 +66,11 @@ caddy fmt --overwrite /tmp/Caddyfile # Add caddy path mkdir -p /mnt/data/caddy/ +# Fix caddy startup +if [ -d "/mnt/data/caddy/locks" ]; then + rm -rf /mnt/data/caddy/locks/* +fi + # Fix apache startup rm -f /usr/local/apache2/logs/httpd.pid diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 0882ebd7..616068f3 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -375,6 +375,11 @@ export TZ=Etc/UTC # Fix apache startup rm -f /var/run/apache2/httpd.pid +# Fix caddy startup +if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then + rm -rf /mnt/docker-aio-config/caddy/locks/* +fi + # Fix the Caddyfile format caddy fmt --overwrite /Caddyfile From 36a39a3528ce3fa0ce1249cd99b53dc674bc87b9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 1 Oct 2025 14:38:28 +0200 Subject: [PATCH 0590/1064] add minio community container Signed-off-by: Simon L. --- community-containers/minio/minio.json | 38 +++++++++++++++++++++++++++ community-containers/minio/readme.md | 12 +++++++++ 2 files changed, 50 insertions(+) create mode 100644 community-containers/minio/minio.json create mode 100644 community-containers/minio/readme.md diff --git a/community-containers/minio/minio.json b/community-containers/minio/minio.json new file mode 100644 index 00000000..ae1925bd --- /dev/null +++ b/community-containers/minio/minio.json @@ -0,0 +1,38 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-minio", + "image_tag": "v1", + "display_name": "Minio S3 Storage", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/minio", + "image": "ghcr.io/szaimen/aio-minio", + "internal_port": "9000", + "environment": [ + "MINIO_ROOT_USER=nextcloud", + "MINIO_ROOT_PASSWORD=%MINIO_ROOT_PASSWORD%" + ], + "secrets": [ + "MINIO_ROOT_PASSWORD" + ], + "volumes": [ + { + "source": "nextcloud_aio_minio", + "destination": "/data", + "writeable": true + } + ], + "nextcloud_exec_commands": [ + "php /var/www/html/occ config:system:set objectstore class --value 'OC\\Files\\ObjectStore\\S3'", + "php /var/www/html/occ config:system:set objectstore arguments autocreate --value true --type bool", + "php /var/www/html/occ config:system:set objectstore arguments use_path_style --value true --type bool", + "php /var/www/html/occ config:system:set objectstore arguments use_ssl --value false --type bool", + "php /var/www/html/occ config:system:set objectstore arguments region --value ''", + "php /var/www/html/occ config:system:set objectstore arguments bucket --value nextcloud", + "php /var/www/html/occ config:system:set objectstore arguments key --value nextcloud", + "php /var/www/html/occ config:system:set objectstore arguments secret --value %MINIO_ROOT_PASSWORD%", + "php /var/www/html/occ config:system:set objectstore arguments port --value 9000", + "php /var/www/html/occ config:system:set objectstore arguments hostname --value nextcloud-aio-minio" + ] + } + ] +} diff --git a/community-containers/minio/readme.md b/community-containers/minio/readme.md new file mode 100644 index 00000000..4f9391bd --- /dev/null +++ b/community-containers/minio/readme.md @@ -0,0 +1,12 @@ +## Minio +This container bundles minio s3 storage and auto-configures it for you. + +### Notes +- The data of Minio will be automatically included in AIOs backup solution! +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack + +### Repository +https://github.com/szaimen/aio-minio + +### Maintainer +https://github.com/szaimen From 2d3780d3b3ea7c7e558c6772e4ea3b9be3b6a44f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 1 Oct 2025 14:43:20 +0200 Subject: [PATCH 0591/1064] increase to v11.10.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 4bcd18b7..8db6beb6 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.9.0

    +

    Nextcloud AIO v11.10.0

    {# Add 2nd tab warning #} From 4153c692fdfeba54ee486c68d29f883412044224 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 1 Oct 2025 15:09:14 +0200 Subject: [PATCH 0592/1064] add minio storage to backup volumes and readme update Signed-off-by: Simon L. --- community-containers/minio/minio.json | 3 +++ community-containers/minio/readme.md | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/community-containers/minio/minio.json b/community-containers/minio/minio.json index ae1925bd..2403f213 100644 --- a/community-containers/minio/minio.json +++ b/community-containers/minio/minio.json @@ -21,6 +21,9 @@ "writeable": true } ], + "backup_volumes": [ + "nextcloud_aio_minio" + ], "nextcloud_exec_commands": [ "php /var/www/html/occ config:system:set objectstore class --value 'OC\\Files\\ObjectStore\\S3'", "php /var/www/html/occ config:system:set objectstore arguments autocreate --value true --type bool", diff --git a/community-containers/minio/readme.md b/community-containers/minio/readme.md index 4f9391bd..be41d5bd 100644 --- a/community-containers/minio/readme.md +++ b/community-containers/minio/readme.md @@ -1,6 +1,12 @@ ## Minio This container bundles minio s3 storage and auto-configures it for you. +>[!WARNING] +> Enabling this container will remove access to all the files formerly written to the data directory. +> So only enable this on a clean instance directly after installing AIO. +> All additional users that are added via Nextcloud afterwards are going to work correctly. +> Also, after enabling and using it, make sure to not disable the container as you cannot migrate from s3 to local storage anymore and s3 is a critical part of your infrastructure from then on. + ### Notes - The data of Minio will be automatically included in AIOs backup solution! - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack From 85a068f6791b8c2108b58aebe86203e4e8001774 Mon Sep 17 00:00:00 2001 From: jameskimmel <17176225+jameskimmel@users.noreply.github.com> Date: Fri, 3 Oct 2025 07:03:40 +0200 Subject: [PATCH 0593/1064] nginx-proxy Make it more clear what nginx-proxy is Signed-off-by: jameskimmel <17176225+jameskimmel@users.noreply.github.com> --- reverse-proxy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 56e42fe3..6efe9026 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -538,13 +538,13 @@ Also change `@` to a mail address of yours. -### Nginx-Proxy +### nginx-proxy (Github Repo)
    click here to expand -Unfortunately, it is not possible to configure Nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above. +Unfortunately, it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above. If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!
    From 742e0906f0166409a639d262a95a1916650e4e42 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 04:20:04 +0000 Subject: [PATCH 0594/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.5.3.1 to 25.04.6.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.6.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 536bec37..593c5323 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.5.3.1 +FROM collabora/code:25.04.6.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From db66d618fdc3c5e5241f44710b3317f8cbd4a78a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 04:20:06 +0000 Subject: [PATCH 0595/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.2.5-alpine to 3.2.6-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.2.6-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 24a1f298..72034cec 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.2.5-alpine +FROM haproxy:3.2.6-alpine # hadolint ignore=DL3002 USER root From 5a4ba1c3500649a0f7dd1d4635b8dadeef95480f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 04:20:26 +0000 Subject: [PATCH 0596/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.4.0-cli to 28.5.0-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.5.0-cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 58248890..2532ec16 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.4.0-cli AS docker +FROM docker:28.5.0-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From 7053a206e14d5a8a3974945a03c9ec1748872dc3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 04:20:53 +0000 Subject: [PATCH 0597/1064] build(deps): bump redis in /Containers/redis Bumps redis from 7.2.10-alpine to 7.2.11-alpine. --- updated-dependencies: - dependency-name: redis dependency-version: 7.2.11-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/redis/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index 98f3d3f0..8cb0f973 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile -FROM redis:7.2.10-alpine +FROM redis:7.2.11-alpine COPY --chmod=775 start.sh /start.sh From ec07ef6fe731abd03e2430c022469880e1d18ab2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 04:21:19 +0000 Subject: [PATCH 0598/1064] build(deps): bump nicholas-fedor/watchtower in /Containers/watchtower Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from 1.11.8 to 1.12.1. - [Release notes](https://github.com/nicholas-fedor/watchtower/releases) - [Changelog](https://github.com/nicholas-fedor/watchtower/blob/main/CHANGELOG.md) - [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.8...v1.12.1) --- updated-dependencies: - dependency-name: nicholas-fedor/watchtower dependency-version: 1.12.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 82472ec7..ec2c0d0a 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM ghcr.io/nicholas-fedor/watchtower:1.11.8 AS watchtower +FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower FROM alpine:3.22.1 From a33ef5d1aa7f75f3716e4d55c266b5dc74f36d3a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 6 Oct 2025 15:12:31 +0200 Subject: [PATCH 0599/1064] move the hint to a new line Signed-off-by: Simon L. --- readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 6fa95704..f48479e4 100644 --- a/readme.md +++ b/readme.md @@ -52,7 +52,8 @@ Included are: - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive) - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap) -- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md). Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible. +- Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md). +- Migration in the other direction (e.g. from AIO to a VM-based installation) is also possible. - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban) - [phpMyAdmin, Adminer or pgAdmin can be added](https://github.com/nextcloud/all-in-one#phpmyadmin-adminer-or-pgadmin) - [Mail server can be added](https://github.com/nextcloud/all-in-one#mail-server) From 7fbc548d2df54904e05c5b374fc37db8875b62df Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 6 Oct 2025 15:44:27 +0200 Subject: [PATCH 0600/1064] lldap: adjust hint how to retrieve the password Signed-off-by: Simon L. --- community-containers/lldap/readme.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md index ce4636bc..586aea9e 100644 --- a/community-containers/lldap/readme.md +++ b/community-containers/lldap/readme.md @@ -18,10 +18,7 @@ Functionality with this configuration: > For simplicity, this configuration is done via the command line (don't worry, it's very simple). -First, you need to retrieve the LLDAP admin password, this will be used later on. Which you need to type in or copy and paste: -```bash -sudo docker inspect nextcloud-aio-lldap | grep LLDAP_LDAP_USER_PASS -``` +First, you need to retrieve the LLDAP admin password that you can see next to the container in the AIO interface. There you can configure smtp first and then invite users via mail. Now go into the Nextcloud container:
    **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management. This script below can be run from inside the container-management container via `bash /lldap.sh`. From c1949573c9d5596f361563fcfa3f19f772357ffa Mon Sep 17 00:00:00 2001 From: Josh Date: Fri, 26 Sep 2025 15:27:56 -0400 Subject: [PATCH 0601/1064] refactor(nextcloud): Tidy up entrypoint.sh error/log output - Cleaned up error messages - Reformatted some code for readability No logic changes. Signed-off-by: Josh --- Containers/nextcloud/entrypoint.sh | 207 +++++++++++++++++++---------- 1 file changed, 135 insertions(+), 72 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 4c50648a..fd8e6136 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -25,31 +25,34 @@ if [ "$DATABASE_TYPE" = postgres ]; then export DATABASE_TYPE=pgsql fi -# Only start container if redis is accessible +# Only start container if Redis is accessible # shellcheck disable=SC2153 while ! nc -z "$REDIS_HOST" "6379"; do - echo "Waiting for redis to start..." + echo "Waiting for Redis to start..." sleep 5 done # Check permissions in ncdata -touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" -if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then - echo "The www-data user doesn't seem to have access rights in the datadir. -Most likely are the files located on a drive that does not follow linux permissions. -Please adjust the permissions like mentioned below. -The found permissions are: -$(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR") -(userID:groupID permissions) -but they should be: -33:0 750 -(userID:groupID permissions) -Also make sure that the parent directories on the host of the directory that you've chosen as datadir are publicly readable with e.g. 'sudo chmod +r /mnt' (adjust the command accordingly to your case) and the same for all subdirectories. -Additionally, if you want to use a Fuse-mount as datadir, set 'allow_other' as additional mount option. -For SMB/CIFS mounts as datadir, see https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir" +test_file="$NEXTCLOUD_DATA_DIR/this-is-a-test-file" +touch "$test_file" +if ! [ -f "$test_file" ]; then + echo "The www-data user does not appear to have access rights to the data directory." + echo "It is possible that the files are on a filesystem that does not support standard Linux permissions," + echo "or the permissions simply need to be adjusted. Please change the permissions as described below." + echo "Current permissions are:" + stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR" + echo "(userID:groupID permissions)" + echo "They should be:" + echo "33:0 750" + echo "(userID:groupID permissions)" + echo "Also, ensure that all parent directories on the host of your chosen data directory are publicly readable." + echo "For example: sudo chmod +r /mnt (adjust this command as needed)." + echo "If you want to use a FUSE mount as the data directory, add 'allow_other' as an additional mount option." + echo "For SMB/CIFS mounts as the data directory, see:" + echo " https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir" exit 1 fi -rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" +rm -f "$test_file" if [ -f /var/www/html/version.php ]; then # shellcheck disable=SC2016 @@ -71,26 +74,31 @@ fi # Don't start the container if Nextcloud is not compatible with the PHP version if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versioncheck.php; then - echo "It seems like your installed Nextcloud is not compatible with the by the container provided PHP version." - echo "This most likely happened because you tried to restore an old Nextcloud version from backup that is not compatible with the PHP version that comes with the container." - echo "Please try to restore a more recent backup which contains a Nextcloud version that is compatible with the PHP version that comes with the container." - echo "If you do not have a more recent backup, feel free to have a look at this documentation: https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md" + echo "Your installed Nextcloud version is not compatible with the PHP version provided by this image." + echo "This typically occurs when you restore an older Nextcloud backup that does not support the" + echo "PHP version included in this image." + echo "Please restore a more recent backup that includes a compatible Nextcloud version." + echo "If you do not have a more recent backup, refer to the manual upgrade documentation:" + echo " https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md" exit 1 fi # Do not start the container if the last update failed if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then echo "The last Nextcloud update failed." - echo "Please restore from backup and try again!" - echo "If you do not have a backup in place, you can simply delete the update.failed file in the datadir which will allow the container to start again." + echo "Please restore from a backup and try again." + echo "If you do not have a backup, you can delete the update.failed file in the data directory" + echo "to allow the container to start again." exit 1 fi # Do not start the container if the install failed if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then echo "The initial Nextcloud installation failed." - echo "Please reset AIO properly and try again. For further clues what went wrong, check the logs above." - echo "See https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance" + echo "For more information about what went wrong, check the logs above." + echo "Please reset AIO properly and try again." + echo "See:" + echo " https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance" exit 1 fi @@ -143,7 +151,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then if [ "$installed_version" != "0.0.0.0" ]; then # Check connection to appstore start # Do not remove or change this line! while true; do - echo -e "Checking connection to appstore" + echo -e "Checking connection to the app store..." APPSTORE_URL="https://apps.nextcloud.com/api/v1" if grep -q appstoreurl /var/www/html/config/config.php; then set -x @@ -154,10 +162,10 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)" if [[ "$CURL_STATUS" = "200" ]] then - echo "Appstore is reachable" + echo "App store is reachable." break else - echo "Curl didn't produce a 200 status, is appstore reachable?" + echo "Curl did not return a 200 status. Is the app store reachable?" sleep 5 fi done @@ -167,21 +175,21 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then php /var/www/html/occ maintenance:mode --off - echo "Getting and backing up the status of apps for later, this might take a while..." + echo "Getting and backing up the status of apps for later; this might take a while..." NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')" if [ -z "$NC_APPS" ]; then - echo "No apps detected, aborting export of app status..." + echo "No apps detected. Aborting export of app status..." APPSTORAGE="no-export-done" else mapfile -t NC_APPS_ARRAY <<< "$NC_APPS" declare -Ag APPSTORAGE - echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..." + echo "Disabling apps before the update to make the update procedure safer. This can take a while..." for app in "${NC_APPS_ARRAY[@]}"; do if APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"; then php /var/www/html/occ app:disable "$app" else APPSTORAGE[$app]="" - echo "Not disabling $app because the occ command to get the enabled state was failing." + echo "Not disabling $app because the occ command to get its enabled state failed." fi done fi @@ -195,8 +203,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then run_upgrade_if_needed_due_to_app_update fi - echo "Initializing nextcloud $image_version ..." - rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/ + echo "Initializing Nextcloud $image_version ..." + + # Copy over initial data from Nextcloud archive + rsync -rlD --delete \ + --exclude-from=/upgrade.exclude \ + "$SOURCE_LOCATION/" \ + /var/www/html/ # Copy custom_apps from Nextcloud archive if ! directory_empty "$SOURCE_LOCATION/custom_apps"; then @@ -204,22 +217,47 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then for app in "$SOURCE_LOCATION/custom_apps"/*; do app_id="$(basename "$app")" mkdir -p "/var/www/html/custom_apps/$app_id" - rsync -rlD --delete --include "/$app_id/" --exclude '/*' "$SOURCE_LOCATION/custom_apps/" /var/www/html/custom_apps/ + rsync -rlD --delete \ + --include "/$app_id/" \ + --exclude '/*' \ + "$SOURCE_LOCATION/custom_apps/" \ + /var/www/html/custom_apps/ done set +x fi - # Copy over initial data from Nextcloud archive + # Copy these from Nextcloud archive if they don't exist yet (i.e. new install) for dir in config data custom_apps themes; do if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then - rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/ + rsync -rlD \ + --include "/$dir/" \ + --exclude '/*' \ + "$SOURCE_LOCATION/" \ + /var/www/html/ fi done - rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' "$SOURCE_LOCATION/" /var/www/html/ - rsync -rlD --include '/version.php' --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/ + + rsync -rlD --delete \ + --include '/config/' \ + --exclude '/*' \ + --exclude '/config/CAN_INSTALL' \ + --exclude '/config/config.sample.php' \ + --exclude '/config/config.php' \ + "$SOURCE_LOCATION/" \ + /var/www/html/ + + rsync -rlD \ + --include '/version.php' \ + --exclude '/*' \ + "$SOURCE_LOCATION/" \ + /var/www/html/ + echo "Initializing finished" - #install + ################ + # Fresh Install + ################ + if [ "$installed_version" = "0.0.0.0" ]; then echo "New Nextcloud instance." @@ -233,13 +271,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR") fi - # We do our own permission check so the permission check is not needed - cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php + # Skip the default permission check (we do our own) + cat > /var/www/html/config/datadir.permission.config.php <<'EOF' false -); -DATADIR_PERMISSION_CONF + $CONFIG = array ( + 'check_data_directory_permissions' => false + ); +EOF # Write out postgres root cert if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then @@ -250,11 +288,20 @@ DATADIR_PERMISSION_CONF echo "Installing with $DATABASE_TYPE database" # Set a default value for POSTGRES_PORT if [ -z "$POSTGRES_PORT" ]; then - POSTGRES_PORT=5432 + POSTGRES_PORT=5432 fi - # shellcheck disable=SC2153 - INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT") + # Add database options to INSTALL_OPTIONS + # shellcheck disable=SC2153 + INSTALL_OPTIONS+=( + --database "$DATABASE_TYPE" + --database-name "$POSTGRES_DB" + --database-user "$POSTGRES_USER" + --database-pass "$POSTGRES_PASSWORD" + --database-host "$POSTGRES_HOST" + --database-port "$POSTGRES_PORT" + ) + echo "Starting Nextcloud installation..." if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then echo "Installation of Nextcloud failed!" @@ -276,7 +323,7 @@ DATADIR_PERMISSION_CONF if [ "$try" -ge "$max_retries" ]; then echo "Installation of Nextcloud failed!" - echo "Install errors: $(cat /var/www/html/data/nextcloud.log)" + echo "Installation errors: $(cat /var/www/html/data/nextcloud.log)" touch "$NEXTCLOUD_DATA_DIR/install.failed" exit 1 fi @@ -312,10 +359,12 @@ DATADIR_PERMISSION_CONF installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" INSTALLED_MAJOR="${installed_version%%.*}" IMAGE_MAJOR="${image_version%%.*}" + # If a valid upgrade path, trigger the Nextcloud built-in Updater if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then php /var/www/html/updater/updater.phar --no-interaction --no-backup if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then echo "Installation of Nextcloud failed!" + # TODO: Add a hint here about what to do / where to look / updater.log? touch "$NEXTCLOUD_DATA_DIR/install.failed" exit 1 fi @@ -392,11 +441,11 @@ DATADIR_PERMISSION_CONF #upgrade else touch "$NEXTCLOUD_DATA_DIR/update.failed" - echo "Upgrading nextcloud from $installed_version to $image_version..." + echo "Upgrading Nextcloud from $installed_version to $image_version..." php /var/www/html/occ config:system:delete integrity.check.disabled if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then echo "Upgrade failed. Please restore from backup." - bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!" + bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup." exit 1 fi @@ -404,7 +453,7 @@ DATADIR_PERMISSION_CONF installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')" rm "$NEXTCLOUD_DATA_DIR/update.failed" - bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info." + bash /notify.sh "Nextcloud update to $image_version successful!" "You may inspect the Nextcloud container logs for more information." php /var/www/html/occ app:update --all @@ -412,7 +461,7 @@ DATADIR_PERMISSION_CONF # Restore app status if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then - echo "Restoring the status of apps. This can take a while..." + echo "Restoring app statuses. This may take a while..." for app in "${!APPSTORAGE[@]}"; do if [ -n "${APPSTORAGE[$app]}" ]; then if [ "${APPSTORAGE[$app]}" != "no" ]; then @@ -424,13 +473,13 @@ DATADIR_PERMISSION_CONF php /var/www/html/occ maintenance:mode --off fi run_upgrade_if_needed_due_to_app_update - echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version." + echo "The $app app could not be re-enabled, probably because it is not compatible with the new Nextcloud version." if [ "$app" = apporder ]; then CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'." else - CUSTOM_HINT="Most likely because it is not compatible with the new Nextcloud version." + CUSTOM_HINT="Most likely, it is not compatible with the new Nextcloud version." fi - bash /notify.sh "Could not enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI." + bash /notify.sh "Could not re-enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to review the Nextcloud update logs and force-enable the app again if you wish." continue fi # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version) @@ -452,7 +501,7 @@ DATADIR_PERMISSION_CONF php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]" # Apply optimization - echo "Doing some optimizations..." + echo "Performing some optimizations..." if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then php /var/www/html/occ maintenance:repair --include-expensive php /var/www/html/occ db:add-missing-indices @@ -483,10 +532,10 @@ if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then # Check if appdata is present # If not, something broke (e.g. changing ncdatadir after aio was first started) if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then - echo "Appdata is not present. Did you maybe change the datadir after the initial Nextcloud installation? This is not supported!" + echo "Appdata is not present. Did you change the datadir after the initial Nextcloud installation? This is not supported!" echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir" - echo "If you adjusted the datadir to be located on an external drive, make sure that the drive is still mounted!" - echo "In the datadir was found:" + echo "If you moved the datadir to an external drive, make sure that the drive is still mounted." + echo "The following was found in the datadir:" ls -la "$NEXTCLOUD_DATA_DIR/" exit 1 fi @@ -678,7 +727,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then fi fi else - echo "Warning: No ipv4-address found for $COLLABORA_HOST." + echo "Warning: No IPv4 address found for $COLLABORA_HOST." fi if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then @@ -689,7 +738,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then fi fi else - echo "No ipv6-address found for $COLLABORA_HOST." + echo "No IPv6 address found for $COLLABORA_HOST." fi if [ -n "$COLLABORA_ALLOW_LIST" ]; then PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1' @@ -703,7 +752,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then fi php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST" else - echo "Warning: wopi_allowlist is empty which should not be the case!" + echo "Warning: wopi_allowlist is empty; this should not be the case!" fi else if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/richdocuments" ]; then @@ -713,15 +762,20 @@ fi # OnlyOffice if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then + # Determine OnlyOffice port based on host pattern if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then ONLYOFFICE_PORT=80 else ONLYOFFICE_PORT=443 fi + + # Wait for OnlyOffice to become available while ! nc -z "$ONLYOFFICE_HOST" "$ONLYOFFICE_PORT"; do - echo "waiting for OnlyOffice to become available..." + echo "Waiting for OnlyOffice to become available..." sleep 5 done + + # Install or enable OnlyOffice app as needed if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then php /var/www/html/occ app:install onlyoffice elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then @@ -729,16 +783,25 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then elif [ "$SKIP_UPDATE" != 1 ]; then php /var/www/html/occ app:update onlyoffice fi + + # Set OnlyOffice configuration php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET" php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET" php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt" + + # Adjust the OnlyOffice host if using internal pattern if echo "$ONLYOFFICE_HOST" | grep -q "nextcloud-.*-onlyoffice"; then ONLYOFFICE_HOST="$NC_DOMAIN/onlyoffice" export ONLYOFFICE_HOST fi + php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$ONLYOFFICE_HOST" else - if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then + # Remove OnlyOffice app if disabled and removal is requested + if [ "$REMOVE_DISABLED_APPS" = yes ] && \ + [ -d "/var/www/html/custom_apps/onlyoffice" ] && \ + [ -n "$ONLYOFFICE_SECRET" ] && \ + [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then php /var/www/html/occ app:remove onlyoffice fi fi @@ -784,7 +847,7 @@ fi if [ -d "/var/www/html/custom_apps/spreed" ]; then if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then while ! nc -z "$TALK_RECORDING_HOST" 1234; do - echo "waiting for Talk Recording to become available..." + echo "Waiting for Talk Recording to become available..." sleep 5 done # TODO: migrate to occ command if that becomes available @@ -799,12 +862,12 @@ fi if [ "$CLAMAV_ENABLED" = 'yes' ]; then count=0 while ! nc -z "$CLAMAV_HOST" 3310 && [ "$count" -lt 90 ]; do - echo "waiting for clamav to become available..." + echo "Waiting for ClamAV to become available..." count=$((count+5)) sleep 5 done if [ "$count" -ge 90 ]; then - echo "Clamav did not start in time. Skipping initialization and disabling files_antivirus app." + echo "ClamAV did not start in time. Skipping initialization and disabling files_antivirus app." php /var/www/html/occ app:disable files_antivirus else if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then @@ -851,7 +914,7 @@ fi if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then count=0 while ! nc -z "$FULLTEXTSEARCH_HOST" "$FULLTEXTSEARCH_PORT" && [ "$count" -lt 90 ]; do - echo "waiting for Fulltextsearch to become available..." + echo "Waiting for Fulltextsearch to become available..." count=$((count+5)) sleep 5 done @@ -888,14 +951,14 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then # Do the index if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then - echo "Waiting 10s before activating FTS..." + echo "Waiting 10 seconds before activating fulltextsearch..." sleep 10 echo "Activating fulltextsearch..." if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then touch "$NEXTCLOUD_DATA_DIR/fts-index.done" else echo "Fulltextsearch failed. Could not index." - echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future." + echo "If you want to skip indexing in the future, see https://github.com/nextcloud/all-in-one/discussions/1709" fi fi fi From 593379de56d30a7fdf6db83adb614f14a6940755 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Oct 2025 04:18:34 +0000 Subject: [PATCH 0602/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.4 to 8.19.5. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 289722ea..980fe275 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.4 +FROM elasticsearch:8.19.5 USER root From 6d6183b9e83e37a0a6baed9835e3ccd225ed5424 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Oct 2025 13:08:54 +0000 Subject: [PATCH 0603/1064] build(deps): bump softprops/turnstyle in /.github/workflows Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/softprops/turnstyle/releases) - [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/turnstyle/compare/858c58d647eeb05b1725a96ae3fc290230321af3...9d692f15fa9f84928799bccac2dba6565e024bdf) --- updated-dependencies: - dependency-name: softprops/turnstyle dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 56854ed4..e6527250 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v5 - name: Turnstyle - uses: softprops/turnstyle@858c58d647eeb05b1725a96ae3fc290230321af3 # v2 + uses: softprops/turnstyle@9d692f15fa9f84928799bccac2dba6565e024bdf # v2 with: continue-after-seconds: 180 env: From c35e0809bdce3f3e947a8b072f57287bce2847ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Oct 2025 04:20:04 +0000 Subject: [PATCH 0604/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.25.1-alpine3.22 to 1.25.2-alpine3.22. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.2-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index afeb69a4..1d673ecd 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.1-alpine3.22 AS go +FROM golang:1.25.2-alpine3.22 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From 7d923db4481dec87acc0146f19a952a26ca42972 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Oct 2025 04:20:52 +0000 Subject: [PATCH 0605/1064] build(deps): bump python in /Containers/talk-recording Bumps python from 3.13.7-alpine3.22 to 3.14.0-alpine3.22. --- updated-dependencies: - dependency-name: python dependency-version: 3.14.0-alpine3.22 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/talk-recording/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index 40b01470..b93e1338 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.13.7-alpine3.22 +FROM python:3.14.0-alpine3.22 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 436c6ff5b7f103c01dc58eb5161b6aa55b4fcf9f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 11 Dec 2024 10:09:37 +0100 Subject: [PATCH 0606/1064] nextcloud: adjust max_input_time to -1 Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 0ae91b63..c5fd6ed6 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -132,7 +132,7 @@ RUN set -ex; \ echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ echo 'max_execution_time=${PHP_MAX_TIME}'; \ - echo 'max_input_time=${PHP_MAX_TIME}'; \ + echo 'max_input_time=-1'; \ echo 'default_socket_timeout=${PHP_MAX_TIME}'; \ } > /usr/local/etc/php/conf.d/nextcloud.ini; \ \ From 90d346ea650c7a5838328cacd96b1609a75199ca Mon Sep 17 00:00:00 2001 From: Josh Date: Wed, 8 Oct 2025 16:05:15 -0400 Subject: [PATCH 0607/1064] docs: Add README.md for Nextcloud container Added README.md for Nextcloud container. Signed-off-by: Josh --- Containers/nextcloud/README.md | 35 ++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 Containers/nextcloud/README.md diff --git a/Containers/nextcloud/README.md b/Containers/nextcloud/README.md new file mode 100644 index 00000000..b94a1b77 --- /dev/null +++ b/Containers/nextcloud/README.md @@ -0,0 +1,35 @@ +# Nextcloud All-in-One ``nextcloud`` Container + +This folder contains the OCI/Docker container definition, along with associated resources and configuration files, for building the `nextcloud` container as part of the [Nextcloud All-in-One](https://github.com/nextcloud/all-in-one) project. This container hosts PHP and the Nextcloud Server application. + +## Overview + +The Nextcloud container provides the core Nextcloud application environment, including the necessary dependencies and configuration for seamless integration into the All-in-One stack. The container hosts: + +- The PHP SAPI/backend (php-fpm) +- Nextcloud background jobs and scheduled tasks, which are handled via cron +- Miscellaneous minor support services specific to AIO's Nextcloud deployment (health and exec) + +## Contents + +- **Dockerfile**: Instructions for building the Nextcloud container image. +- **Entrypoint script**: The `start.sh` script is used for container initialization and runtime configuration before starting supervisord. +- **Nextcloud configuration files**: Specific to running in a containerized setting and/or within AIO. +- **Supervisor**: The `supervisord.conf` file defines the long-running services hosted within the container (php-fpm, cron, etc.). + +## Usage + +This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which is provided by AIO in a dedicated Apache container). It is designed to be orchestrated by [the All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer). + +## Documentation + +- [Nextcloud All-in-One Documentation](https://github.com/nextcloud/all-in-one#readme) +- [Nextcloud Documentation](https://docs.nextcloud.com/) + +## Contributing + +Contributions are welcome! Please follow the Nextcloud project's guidelines and submit pull requests or issues via the main repository. + +## License + +This folder and its contents are licensed under the [GNU AGPLv3](https://www.gnu.org/licenses/agpl-3.0.html), in line with the rest of Nextcloud All-in-One. From 03413d944056b57362bb65a47d2d03d837d66893 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:22:08 +0000 Subject: [PATCH 0608/1064] build(deps): bump alpine from 3.22.1 to 3.22.2 in /Containers/alpine Bumps alpine from 3.22.1 to 3.22.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/alpine/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile index 429485b3..25ac9671 100644 --- a/Containers/alpine/Dockerfile +++ b/Containers/alpine/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.1 +FROM alpine:3.22.2 RUN set -ex; \ apk upgrade --no-cache -a From a64237c9d649d6b7b83be4f3e09ba167d7a3036d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:22:13 +0000 Subject: [PATCH 0609/1064] build(deps): bump alpine from 3.22.1 to 3.22.2 in /Containers/borgbackup Bumps alpine from 3.22.1 to 3.22.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/borgbackup/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile index 74d87f45..3d4ce1ce 100644 --- a/Containers/borgbackup/Dockerfile +++ b/Containers/borgbackup/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.1 +FROM alpine:3.22.2 RUN set -ex; \ \ From 8fb81686ba728893243b676f1b95dcdcda8a9917 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:22:17 +0000 Subject: [PATCH 0610/1064] build(deps): bump alpine from 3.22.1 to 3.22.2 in /Containers/clamav Bumps alpine from 3.22.1 to 3.22.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 216ea1c9..db59f64a 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.1 +FROM alpine:3.22.2 RUN set -ex; \ apk upgrade --no-cache -a; \ From 494639990580bdcd4796df9fdbf28b70f0fb0006 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:22:22 +0000 Subject: [PATCH 0611/1064] build(deps): bump alpine in /Containers/domaincheck Bumps alpine from 3.22.1 to 3.22.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/domaincheck/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile index 99ae1184..c4b340e2 100644 --- a/Containers/domaincheck/Dockerfile +++ b/Containers/domaincheck/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.1 +FROM alpine:3.22.2 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache bash lighttpd netcat-openbsd; \ From 5c59bee1eed80d9ef507e693784e22284616314b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:22:25 +0000 Subject: [PATCH 0612/1064] build(deps): bump alpine from 3.22.1 to 3.22.2 in /Containers/imaginary Bumps alpine from 3.22.1 to 3.22.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 1d673ecd..55503dcb 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -14,7 +14,7 @@ RUN set -ex; \ build-base; \ go install github.com/h2non/imaginary@"$IMAGINARY_HASH"; -FROM alpine:3.22.1 +FROM alpine:3.22.2 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ From 44659edf9c99fc01f921d851c2e1b99f38a36f2e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:22:30 +0000 Subject: [PATCH 0613/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 28.5.0-cli to 28.5.1-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 28.5.1-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 2532ec16..c1cbaa59 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:28.5.0-cli AS docker +FROM docker:28.5.1-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From 9d76e6486e4bffdabb384c9c903ade7d000950ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:22:55 +0000 Subject: [PATCH 0614/1064] build(deps): bump alpine in /Containers/notify-push Bumps alpine from 3.22.1 to 3.22.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/notify-push/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile index 8138582d..812ec840 100644 --- a/Containers/notify-push/Dockerfile +++ b/Containers/notify-push/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.1 +FROM alpine:3.22.2 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 8e8580122de67686a6fb74b67dd70c7776479f2b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:23:03 +0000 Subject: [PATCH 0615/1064] build(deps): bump alpine from 3.22.1 to 3.22.2 in /Containers/talk Bumps alpine from 3.22.1 to 3.22.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 7067c72e..84109d3b 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -2,7 +2,7 @@ FROM nats:2.12.0-scratch AS nats FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling -FROM alpine:3.22.1 AS janus +FROM alpine:3.22.2 AS janus ARG JANUS_VERSION=v1.3.2 WORKDIR /src @@ -35,7 +35,7 @@ RUN set -ex; \ make configs; \ rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample -FROM alpine:3.22.1 +FROM alpine:3.22.2 ENV ETURNAL_ETC_DIR="/conf" ENV SKIP_CERT_VERIFY=false COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local From 1f2e97a24634d857543cb84aea2fae240bee5f00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 04:23:13 +0000 Subject: [PATCH 0616/1064] build(deps): bump alpine from 3.22.1 to 3.22.2 in /Containers/watchtower Bumps alpine from 3.22.1 to 3.22.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.22.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index ec2c0d0a..c2b38b18 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower -FROM alpine:3.22.1 +FROM alpine:3.22.2 RUN set -ex; \ apk upgrade --no-cache -a; \ From 26bb93df914e70f83f8faa8b19f0bdf51293a980 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 10 Oct 2025 08:42:36 +0200 Subject: [PATCH 0617/1064] fix typo Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 3d82e634..11df8a73 100644 --- a/readme.md +++ b/readme.md @@ -360,7 +360,7 @@ You can adjust the MTU size of the docker network by creating it beforehand with ``` docker network create --driver bridge --opt com.docker.network.driver.mtu=1440 nextcloud-aio ``` -When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `aio-nextcloud` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `aio-nextcloud` network and recreate it with the new configuration. +When you open the AIO interface for the first time after you execute the `docker run` command, it will automatically connect to the `nextcloud-aio` network with the custom MTU. Keep in mind that if you previously started the mastercontainer without creating the network with the extra options, you will need to remove the old `nextcloud-aio` network and recreate it with the new configuration. If you want to use docker compose, you can check out the comments in the `compose.yaml` file for more details. From 84288c4ac728795b4b949f64dc88fd17d3199c34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 04:19:54 +0000 Subject: [PATCH 0618/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.2.1 to v1.3.0. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.3.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 680a59d0..e60bb815 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.2.1 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.3.0 USER root RUN set -ex; \ From e940d47079f0a25ee4045671e0f40cda3f60f392 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 14 Oct 2025 13:25:57 +0200 Subject: [PATCH 0619/1064] talk-recording: allow to use it on arm64 Signed-off-by: Simon L. --- Containers/talk-recording/start.sh | 2 ++ php/src/Data/ConfigurationManager.php | 5 ----- php/templates/includes/optional-containers.twig | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/Containers/talk-recording/start.sh b/Containers/talk-recording/start.sh index a03eed04..b49e5e9c 100644 --- a/Containers/talk-recording/start.sh +++ b/Containers/talk-recording/start.sh @@ -59,6 +59,8 @@ extensionvideo = .webm [recording] browser = firefox +driverPath = /usr/bin/geckodriver +browserPath = /usr/bin/firefox RECORDING_CONF exec "$@" diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index ceae13d0..1a2b4461 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -286,11 +286,6 @@ class ConfigurationManager $value = 0; } - // Currently only works on x64. See https://github.com/nextcloud/nextcloud-talk-recording/issues/17 - if (!$this->isx64Platform()) { - $value = 0; - } - $config = $this->GetConfig(); $config['isTalkRecordingEnabled'] = $value; $this->WriteConfig($config); diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 572af5f1..6bea68db 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -96,7 +96,7 @@ data-initial-state="false" {% endif %} > -     only works on x86_64) +

    Date: Tue, 14 Oct 2025 12:16:14 +0000 Subject: [PATCH 0620/1064] build(deps): bump actions/setup-node from 5 to 6 in /.github/workflows Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/playwright.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index d2bcad71..9de89243 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-node@v5 + - uses: actions/setup-node@v6 with: node-version: lts/* From 28f7d3571ca69fb408fe1f8f173b1d3ac0c8f9a6 Mon Sep 17 00:00:00 2001 From: "Ruben D." Date: Tue, 14 Oct 2025 20:59:42 +0200 Subject: [PATCH 0621/1064] Add clamav milter packaged, configure it and use supervisord to start it up. TODO: start milter only if community container stalwart is used. Signed-off-by: Ruben D. --- Containers/clamav/Dockerfile | 8 ++++++-- Containers/clamav/start.sh | 1 + Containers/clamav/supervisord.conf | 7 +++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 216ea1c9..9330c57f 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -3,7 +3,7 @@ FROM alpine:3.22.1 RUN set -ex; \ apk upgrade --no-cache -a; \ - apk add --no-cache tzdata clamav supervisor bash; \ + apk add --no-cache tzdata clamav clamav-milter supervisor bash; \ mkdir -p /var/lib/clamav /run/clamav /var/log/supervisord /var/run/supervisord; \ chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \ chown -R 100:100 /var/lib/clamav; \ @@ -12,7 +12,11 @@ RUN set -ex; \ sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \ - sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf + sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \ + sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \ + sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \ + sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \ + sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh index bda4add5..2c56db49 100644 --- a/Containers/clamav/start.sh +++ b/Containers/clamav/start.sh @@ -1,6 +1,7 @@ #!/bin/bash sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf +cp /etc/clamav/clamav-milter.conf /tmp/clamv-milter-conf # Print out clamav version for compliance reasons clamscan --version diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf index 8f53856a..283833b8 100644 --- a/Containers/clamav/supervisord.conf +++ b/Containers/clamav/supervisord.conf @@ -21,3 +21,10 @@ stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 command=clamd --foreground --config-file=/tmp/clamd.conf + +[program:milter] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=clamav-milter --foreground --config-file=/tmp/clamv-milter-conf \ No newline at end of file From 2d86c0d788461fd0adf52af8c6e15e1bfc9c19f8 Mon Sep 17 00:00:00 2001 From: "Ruben D." Date: Tue, 14 Oct 2025 21:10:48 +0200 Subject: [PATCH 0622/1064] Remove copying and omit checks for stalwart Signed-off-by: Ruben D. --- Containers/clamav/start.sh | 1 - Containers/clamav/supervisord.conf | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Containers/clamav/start.sh b/Containers/clamav/start.sh index 2c56db49..bda4add5 100644 --- a/Containers/clamav/start.sh +++ b/Containers/clamav/start.sh @@ -1,7 +1,6 @@ #!/bin/bash sed "s|aio-placeholder|$MAX_SIZE|" /etc/clamav/clamd.conf > /tmp/clamd.conf -cp /etc/clamav/clamav-milter.conf /tmp/clamv-milter-conf # Print out clamav version for compliance reasons clamscan --version diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf index 283833b8..7aad65ed 100644 --- a/Containers/clamav/supervisord.conf +++ b/Containers/clamav/supervisord.conf @@ -27,4 +27,4 @@ stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 -command=clamav-milter --foreground --config-file=/tmp/clamv-milter-conf \ No newline at end of file +command=clamav-milter --foreground --config-file=/etc/clamav/clamav-milter.conf \ No newline at end of file From 3fdd77e75d0a536e11cdb6b0c79c80cf50aadd05 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 15 Oct 2025 08:40:45 +0000 Subject: [PATCH 0623/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 19 insertions(+), 19 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 03627c26..6eb13d92 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.9.0 +version: 11.10.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 992e66de..4196cb99 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-apache:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 2e9ccb95..9f8dda8d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-clamav:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 07f09220..5db29234 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-collabora:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index abfa8b01..8466fe03 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-postgresql:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 9dcc9d63..5b9ef69f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 5e54704c..84ea42e6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-imaginary:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 1644464c..c6559fbd 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 command: - chmod - "777" @@ -188,7 +188,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20251015_082711 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 799e4390..dac83c98 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-notify-push:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 820e6842..98f75058 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 015da80f..61938748 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-redis:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index bb6f2a1c..aa078677 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-talk:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index d59c60c0..27a50beb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20251015_082711 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 804c5d2d..08d3fcca 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20250927_081431 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20251015_082711 readinessProbe: exec: command: From b55b4aac1cde4a254c9a89fdb624c2144a461a29 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 15 Oct 2025 12:03:37 +0000 Subject: [PATCH 0624/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index bb81d695..4809bae8 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -391,16 +391,16 @@ }, { "name": "laravel/serializable-closure", - "version": "v2.0.5", + "version": "v2.0.6", "source": { "type": "git", "url": "https://github.com/laravel/serializable-closure.git", - "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed" + "reference": "038ce42edee619599a1debb7e81d7b3759492819" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3832547db6e0e2f8bb03d4093857b378c66eceed", - "reference": "3832547db6e0e2f8bb03d4093857b378c66eceed", + "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/038ce42edee619599a1debb7e81d7b3759492819", + "reference": "038ce42edee619599a1debb7e81d7b3759492819", "shasum": "" }, "require": { @@ -448,7 +448,7 @@ "issues": "https://github.com/laravel/serializable-closure/issues", "source": "https://github.com/laravel/serializable-closure" }, - "time": "2025-09-22T17:29:40+00:00" + "time": "2025-10-09T13:42:30+00:00" }, { "name": "nikic/fast-route", From 12c9b6807142dd0b5e2ab763ce13d57efb31df39 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 15 Oct 2025 12:05:06 +0000 Subject: [PATCH 0625/1064] talk-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/talk-recording/Dockerfile | 2 +- Containers/talk-recording/recording.conf | 48 +++++++++++++++++++++++- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index b93e1338..83b7859b 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -4,7 +4,7 @@ FROM python:3.14.0-alpine3.22 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh -ENV RECORDING_VERSION=v0.1 +ENV RECORDING_VERSION=v0.2.0 ENV ALLOW_ALL=false ENV HPB_PROTOCOL=https ENV NC_PROTOCOL=https diff --git a/Containers/talk-recording/recording.conf b/Containers/talk-recording/recording.conf index 99515528..cc8bd495 100644 --- a/Containers/talk-recording/recording.conf +++ b/Containers/talk-recording/recording.conf @@ -1,3 +1,5 @@ +# SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later [logs] # Log level based on numeric values of Python logging levels: # - Critical: 50 @@ -12,6 +14,11 @@ # IP and port to listen on for HTTP requests. #listen = 127.0.0.1:8000 +[app] +# Comma separated list of trusted proxies (IPs or CIDR networks) that may set +# the "X-Forwarded-For" header. +#trustedproxies = + [backend] # Allow any hostname as backend endpoint. This is extremely insecure and should # only be used during development. @@ -100,6 +107,18 @@ # ffmpeg. The options given here fully override the default global options. #common = ffmpeg -loglevel level+warning -n +# The (additional) options given to ffmpeg for the audio input. The options +# given here extend the default options for the audio input, although they do +# not override them. +# Default options: '-f pulse -i {AUDIO_SOURCE}' +#inputaudio = + +# The (additional) options given to ffmpeg for the video input. The options +# given here extend the default options for the video input, although they do +# not override them. +# Default options: '-f x11grab -draw_mouse 0 -video_size {WIDTH}x{HEIGHT} -i {VIDEO_SOURCE}' +#inputvideo = + # The options given to ffmpeg to encode the audio output. The options given here # fully override the default options for the audio output. #outputaudio = -c:a libopus @@ -120,4 +139,31 @@ # will use Google Chrome, or Chromium if Google Chrome is not installed. # Allowed values: firefox, chrome # Defaults to firefox -# browser = firefox +#browser = firefox + +# Path to the Selenium driver to use for recordings. +# If set the driver must match the browser being used (for example, +# "/usr/bin/geckodriver" for "firefox"). If no driver is explicitly set Selenium +# Manager will try to find the right one in $PATH, downloading it as a fallback. +# Note that Selenium Manager does not work in some architectures (for example, +# Linux on arm64/aarch64), so in those architectures the driver must be +# explicitly set. +#driverPath = + +# Path to the browser executable to use for recordings. +# If set the executable must match the browser being used (for example, +# "/usr/bin/firefox-esr" for "firefox"). If no executable is explicitly set +# Selenium Manager will try to find the right one in $PATH. Depending on the +# installed Selenium version if the executable is not found Selenium Manager may +# also download the browser as a fallback. +# Note that Selenium Manager does not work in some architectures (for example, +# Linux on arm64/aarch64); in those architectures the Selenium driver will try +# to find the executable, but the executable may need to be explicitly set if +# not found by the driver. +#browserPath = + +[stats] +# Comma-separated list of IP addresses (or CIDR networks) that are allowed to +# access the stats endpoint. +# Leave commented to only allow access from "127.0.0.1". +#allowed_ips = From c8b8740980690283c823d8a6c3d52154a39e76f0 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 15 Oct 2025 12:14:36 +0000 Subject: [PATCH 0626/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 0ae91b63..9c940846 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -84,7 +84,7 @@ RUN set -ex; \ # pecl will claim success even if one install fails, so we need to perform each install separately pecl install -o igbinary-3.2.16; \ pecl install APCu-5.1.27; \ - pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \ + pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \ pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \ pecl install -o imagick-3.8.0; \ \ From 97af7b63e29c152e6823cf4b7e20a2d7b17e4a5f Mon Sep 17 00:00:00 2001 From: jameskimmel <17176225+jameskimmel@users.noreply.github.com> Date: Tue, 7 Oct 2025 16:11:44 +0200 Subject: [PATCH 0627/1064] rp-docs: add link for nginx-proxy Signed-off-by: jameskimmel <17176225+jameskimmel@users.noreply.github.com> Co-Authored-By: Simon L. --- reverse-proxy.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 6efe9026..4d6cc2fa 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -538,13 +538,15 @@ Also change `@` to a mail address of yours.

    -### nginx-proxy (Github Repo) +### Nginx-Proxy
    click here to expand -Unfortunately, it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above. +This section refers to the dedicated project named `nginx-proxy`. See its [GitHub repo](https://github.com/nginx-proxy/nginx-proxy). If you should be looking for Nginx, see the `Nginx, Freenginx, Openresty, Angie` section in this docu. + +Unfortunately, it is not possible to configure `nginx-proxy` in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above. If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!
    From 6bdd7bafdf927ecddf085b352ee0bcb682ffc208 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Oct 2025 04:22:10 +0000 Subject: [PATCH 0628/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.25.2-alpine3.22 to 1.25.3-alpine3.22. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.3-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 55503dcb..47eccfad 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.2-alpine3.22 AS go +FROM golang:1.25.3-alpine3.22 AS go ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3 From a4320317d5eb26bdcd2e328876c49589cf1363e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Oct 2025 04:22:53 +0000 Subject: [PATCH 0629/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.12.0-scratch to 2.12.1-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.12.1-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 84109d3b..37ece0f4 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.12.0-scratch AS nats +FROM nats:2.12.1-scratch AS nats FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling FROM alpine:3.22.2 AS janus From 26e2b631102af22fa18caa1ac27c23117ffb2f96 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 16 Oct 2025 09:00:50 +0200 Subject: [PATCH 0630/1064] update OO Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index 42c72e5f..be1d580f 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:9.0.4.1 +FROM onlyoffice/documentserver:9.1.0.1 # USER root is probably used From 8ed64db45c5395739ab91339960f332025725628 Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 16 Oct 2025 10:58:21 -0400 Subject: [PATCH 0631/1064] fix: add manual install and Helm chart usage context Signed-off-by: Josh --- Containers/nextcloud/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/README.md b/Containers/nextcloud/README.md index b94a1b77..574afd03 100644 --- a/Containers/nextcloud/README.md +++ b/Containers/nextcloud/README.md @@ -19,7 +19,7 @@ The Nextcloud container provides the core Nextcloud application environment, inc ## Usage -This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which is provided by AIO in a dedicated Apache container). It is designed to be orchestrated by [the All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer). +This container is intended to be used as part of the All-in-One deployment and is not meant to be used on its own. Among other requirements, it needs a web server container (which AIO provides in a dedicated Apache container). It is designed to be orchestrated by the [All-in-One mastercontainer](https://github.com/nextcloud/all-in-one/tree/main/Containers/mastercontainer) or used within an [AIO Manual Installation](https://github.com/nextcloud/all-in-one/tree/main/manual-install) or [AIO Helm chart](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart). ## Documentation From 3a4dfaa4b69ca5d56dccf15c17c25db7d6a5c002 Mon Sep 17 00:00:00 2001 From: "Ruben D." Date: Thu, 16 Oct 2025 19:31:16 +0200 Subject: [PATCH 0632/1064] Change --foreground option from supervisord to milter configuration file Signed-off-by: Ruben D. --- Containers/clamav/Dockerfile | 3 ++- Containers/clamav/supervisord.conf | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 9330c57f..35c81710 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -16,7 +16,8 @@ RUN set -ex; \ sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \ sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \ sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \ - sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf + sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf; \ + sed -i "s|#\?Foreground yes|Foreground yes|g" /etc/clamav/clamav-milter.conf COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh diff --git a/Containers/clamav/supervisord.conf b/Containers/clamav/supervisord.conf index 7aad65ed..e1216df5 100644 --- a/Containers/clamav/supervisord.conf +++ b/Containers/clamav/supervisord.conf @@ -27,4 +27,4 @@ stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 -command=clamav-milter --foreground --config-file=/etc/clamav/clamav-milter.conf \ No newline at end of file +command=clamav-milter --config-file=/etc/clamav/clamav-milter.conf \ No newline at end of file From f996afdb4aed741e6e489252ab68cab8a6ba59fd Mon Sep 17 00:00:00 2001 From: Zoey Date: Thu, 16 Oct 2025 21:09:58 +0200 Subject: [PATCH 0633/1064] mastercontainer: bind 8000 only to 127.0.0.1 In my test it worked Signed-off-by: Zoey --- Containers/mastercontainer/mastercontainer.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf index 6a7d37dd..4effec19 100644 --- a/Containers/mastercontainer/mastercontainer.conf +++ b/Containers/mastercontainer/mastercontainer.conf @@ -1,5 +1,5 @@ -Listen 8000 -Listen 8080 +Listen 127.0.0.1:8000 +Listen 8080 https # Deny access to .ht files From 15ad146d9c70558700dc24129c8ff6efdb3f0b14 Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 16 Oct 2025 22:42:27 -0400 Subject: [PATCH 0634/1064] docs: Revise "how to use this" section of README Reorganized and updated instructions for clarity and approachability. Signed-off-by: Josh --- readme.md | 129 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 81 insertions(+), 48 deletions(-) diff --git a/readme.md b/readme.md index 11df8a73..0c412866 100644 --- a/readme.md +++ b/readme.md @@ -86,66 +86,99 @@ Included are: | ![image](https://github.com/user-attachments/assets/6ef5d7b5-86f2-402c-bc6c-b633af2ca7dd) | ![image](https://github.com/user-attachments/assets/939d0fdf-436f-433d-82d3-27548263a040) | ## How to use this? ->[!WARNING] -> You should first make sure that you are not using docker installed via snap. You can check this by running `sudo docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"`. If the output should contain the mentioned string `/var/snap/docker/`, you should first uninstall docker snap via `sudo snap remove docker` and then follow the instructions below. ⚠️ Attention: only run the command if this is a clean new docker installation and you are not running any service already using this. -> [!NOTE] -> The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm). +The steps below are written for Linux. For platform-specific guidance see: +- macOS: [How to run AIO on macOS](#how-to-run-aio-on-macos) +- Windows: [How to run AIO on Windows](#how-to-run-aio-on-windows) +- Synology DSM: [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm) -1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#supported-platforms. ->[!WARNING] -> You could use the convenience script below to install docker. However we recommend to not blindly download and execute scripts as sudo. But if you feel like it, you can of course use it. See below: +> [!IMPORTANT] +> These instructions assume there is no existing web server or reverse proxy (for example Apache, Nginx, Caddy, or Cloudflare Tunnel) that you intend to place in front of AIO. If you plan to run AIO behind an existing web server or reverse proxy, follow the AIO reverse proxy documentation: [Reverse proxy docs](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) -
    - Using the convenience script +You're encouraged to skim the attached [FAQ](#faq). While we've tried to make things straightforward, Nextcloud is a large and flexible platform. Reading the FAQ will save you time, particularly if edge cases come up. + +> [!TIP] +> Don't worry about getting everything perfect on the first try — test deployments are cheap and disposable. + +1. Install Docker on your Linux host by following the official documentation: [Docker install — supported platforms](https://docs.docker.com/engine/install/#supported-platforms) + +> [!WARNING] +> Snap-based Docker installations are not supported. Make sure you are not using a snap-based Docker installation (generally only applicable to Ubuntu). To check, run: +> ```sh +> sudo docker info | grep "Docker Root Dir" | grep "/var/snap/docker/" +> ``` +> If you see the following output: +> ``` +> /var/snap/docker/ +> ``` +> you should migrate to a standard Docker installation and remove the snap-based package before proceeding: [Install Docker on Ubuntu](https://docs.docker.com/engine/install/ubuntu/). +> +> ⚠️ To avoid losing data or interrupting services, only remove the Docker snap after you are certain you're not running any existing containers in it. +> +> Consult the official Docker documentation or other guides for instructions on migrating existing containers. Once you are certain it's safe, remove the snap-based Docker installation with: +> ```sh +> sudo snap remove docker +> ``` + +2. If you need IPv6 support, enable it by following: [Docker IPv6 support for AIO](https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md) + +3. AIO uses a special `mastercontainer` to orchestrate the various pieces of the Nextcloud stack. To start AIO, launch the `mastercontainer` with the command below: ```sh -curl -fsSL https://get.docker.com | sudo sh +# For Linux and without a web server or reverse proxy already in place: +sudo docker run \ + --init \ + --sig-proxy=false \ + --name nextcloud-aio-mastercontainer \ + --restart always \ + --publish 80:80 \ + --publish 8080:8080 \ + --publish 8443:8443 \ + --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ + --volume /var/run/docker.sock:/var/run/docker.sock:ro \ + ghcr.io/nextcloud-releases/all-in-one:latest ``` +
    + Explanation of the command + + - `sudo docker run` — starts a new Docker container. Omit `sudo` if your user is in the `docker` group. + - `--init` — runs an init process inside the container to handle zombie processes. + - `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container. + - `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it. + - `--restart always` — ensures the container restarts automatically with the Docker daemon. + - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates). Not required if you run AIO behind a reverse proxy. + - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`). + - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy. + - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it. + - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` — mounts the Docker socket (read-only) so the mastercontainer can manage other containers. On Windows/macOS or when using rootless Docker, this path may need adjustment; see the platform-specific docs. If you change the socket path, also set `WATCHTOWER_DOCKER_SOCKET_PATH` accordingly. If you prefer not to expose the socket, see the manual-install documentation: [Manual install without docker socket access](https://github.com/nextcloud/all-in-one/tree/main/manual-install) + - `ghcr.io/nextcloud-releases/all-in-one:latest` — the mastercontainer image. + + Additional options can be set with environment variables (for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` to change Nextcloud's datadir on first startup). See the Customization section and example compose file: [compose.yaml](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for more options.
    -2. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md. -3. Run the command below in order to start the container on Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place: - ``` - # For Linux and without a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) already in place: - sudo docker run \ - --init \ - --sig-proxy=false \ - --name nextcloud-aio-mastercontainer \ - --restart always \ - --publish 80:80 \ - --publish 8080:8080 \ - --publish 8443:8443 \ - --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ - --volume /var/run/docker.sock:/var/run/docker.sock:ro \ - ghcr.io/nextcloud-releases/all-in-one:latest - ``` -
    - Explanation of the command +> [!TIP] +> If you want Nextcloud’s data directory in a different location than the default Docker volume, see "How to change the default location of Nextcloud's Datadir" in this README: [How to change the default location of Nextcloud's Datadir](#how-to-change-the-default-location-of-nextclouds-datadir) - - `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ below). - - `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init). - - `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container. - - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail. - - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/ - - `--publish 80:80` This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then. - - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080). - - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then. - - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on. - - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install. - - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used. - - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml -
    +> [!NOTE] +> For production usage (and ease of upgrades and changes), we suggest using the example [Compose file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) rather than `docker run`. - Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it. +4. After the initial startup, open the Nextcloud AIO interface on port 8080 of this server **by IP address**, for example: +```txt +https://192.168.5.5:8080 +``` -4. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.
    -E.g. `https://ip.address.of.this.server:8080`
    -⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)

    -If your firewall/router has port 80 and 8443 open/forwarded and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
    -`https://your-domain-that-points-to-this-server.tld:8443` -5. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! +> [!CAUTION] +> Use an IP address (not a domain) when accessing the AIO interface on port 8080. Accessing via a domain may work temporarily but is likely to break later due to HSTS. + +Port 8080 uses a self-signed certificate that you must accept in your browser. + +It is also possible to obtain a valid certificate automatically if your firewall/router forwards ports 80 and 8443 and you point a domain to your server. In that case, access the AIO interface using the dedicated port for this purpose (8443), for example: +```txt +https://your-domain-that-points-to-this-server.tld:8443 +``` + +5. If you enable Nextcloud Talk, open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk (TURN) container. # FAQ - [TOC](#faq) From 6624330ce505b025b990d74dcdec133bcf32ff44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Oct 2025 04:21:14 +0000 Subject: [PATCH 0635/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.6.1.1 to 25.04.6.2.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.6.2.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 593c5323..347ae83f 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.6.1.1 +FROM collabora/code:25.04.6.2.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 2794fb3a7e3c24e781ed57e82db73b0e21b629dc Mon Sep 17 00:00:00 2001 From: Zoey Date: Fri, 17 Oct 2025 07:40:54 +0200 Subject: [PATCH 0636/1064] apply suggestion Signed-off-by: Zoey --- Containers/mastercontainer/mastercontainer.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/mastercontainer/mastercontainer.conf b/Containers/mastercontainer/mastercontainer.conf index 4effec19..7d294694 100644 --- a/Containers/mastercontainer/mastercontainer.conf +++ b/Containers/mastercontainer/mastercontainer.conf @@ -7,8 +7,8 @@ Listen 8080 https # Http host - - ServerName localhost + + ServerName 127.0.0.1 # Add error log CustomLog /proc/self/fd/1 proxy From 8d67d300d380da915cf0a64de5ee4bcce23f4611 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 17 Oct 2025 12:21:33 +0200 Subject: [PATCH 0637/1064] nextcloud-entrypoint: set max av size back to unlimited by default Signed-off-by: Simon L. --- Containers/clamav/Dockerfile | 3 ++- Containers/nextcloud/entrypoint.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index db59f64a..6e23851f 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -8,8 +8,9 @@ RUN set -ex; \ chmod 777 -R /run/clamav /var/log/clamav /var/log/supervisord /var/run/supervisord; \ chown -R 100:100 /var/lib/clamav; \ sed -i "s|#\?MaxDirectoryRecursion.*|MaxDirectoryRecursion 30|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?MaxScanSize.*|MaxScanSize 2G|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?MaxFileSize.*|MaxFileSize 2G|g" /etc/clamav/clamd.conf; \ - sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \ + sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 0|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \ sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \ sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index fd8e6136..89d99d29 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -881,7 +881,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then php /var/www/html/occ config:app:set files_antivirus av_port --value="3310" php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST" php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE" - php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE" + php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1" php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log" if [ -n "$CLAMAV_BLOCKLISTED_DIRECTORIES" ]; then php /var/www/html/occ config:app:set files_antivirus av_blocklisted_directories --value="$CLAMAV_BLOCKLISTED_DIRECTORIES" From 91ade7ed94fe576f17d6dc29f6aa86a766abb3da Mon Sep 17 00:00:00 2001 From: Zoey Date: Fri, 17 Oct 2025 20:26:22 +0200 Subject: [PATCH 0638/1064] remove libreoffice see https://github.com/nextcloud/all-in-one/discussions/6997#discussioncomment-14712015 Signed-off-by: Zoey --- Containers/nextcloud/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 4eae8029..ae54df35 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -230,7 +230,6 @@ RUN set -ex; \ sudo \ grep \ nodejs \ - libreoffice \ bind-tools \ imagemagick \ imagemagick-svg \ From a176ecdd9f10c403038ccbcc9e2b8b58718572c1 Mon Sep 17 00:00:00 2001 From: Zoey Date: Fri, 17 Oct 2025 20:30:05 +0200 Subject: [PATCH 0639/1064] remove librewolf from readme Signed-off-by: Zoey --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 11df8a73..3150c6a2 100644 --- a/readme.md +++ b/readme.md @@ -46,7 +46,7 @@ Included are: - By default confined (good for security) but can [allow access to additional storages](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) in order to enable the usage of the local external storage feature - Possibility included to [adjust default installed Nextcloud apps](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) - Nextcloud installation is not read only - that means you can apply patches if you should need them (instead of having to wait for the next release for them getting applied) -- `ffmpeg`, `smbclient`, `libreoffice` and `nodejs` are included by default +- `ffmpeg`, `smbclient` and `nodejs` are included by default - Possibility included to [permanently add additional OS packages into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup) without having to build your own Docker image - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container From c2a040010cb416b0e7d49ddf7bf53c3e988fa86f Mon Sep 17 00:00:00 2001 From: Benjamin Brahmer Date: Fri, 17 Oct 2025 19:41:28 +0200 Subject: [PATCH 0640/1064] update nextcloud-exporter image tag to 0.9.0 Signed-off-by: Benjamin Brahmer --- community-containers/nextcloud-exporter/nextcloud-exporter.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/nextcloud-exporter/nextcloud-exporter.json b/community-containers/nextcloud-exporter/nextcloud-exporter.json index f9159a36..e5bf74b8 100644 --- a/community-containers/nextcloud-exporter/nextcloud-exporter.json +++ b/community-containers/nextcloud-exporter/nextcloud-exporter.json @@ -5,7 +5,7 @@ "display_name": "Prometheus Nextcloud Exporter", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter", "image": "ghcr.io/xperimental/nextcloud-exporter", - "image_tag": "0.8.0", + "image_tag": "0.9.0", "internal_port": "9205", "restart": "unless-stopped", "ports": [ From fdb34bd01acb1700f36d854344cf0f9c9d678baa Mon Sep 17 00:00:00 2001 From: Josh Date: Mon, 20 Oct 2025 08:10:25 -0400 Subject: [PATCH 0641/1064] Merge pull request #6949 from nextcloud/jtr/docs-containers-mastercontainer-readme docs: Add README for `mastercontainer` --- Containers/mastercontainer/README.md | 69 ++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 Containers/mastercontainer/README.md diff --git a/Containers/mastercontainer/README.md b/Containers/mastercontainer/README.md new file mode 100644 index 00000000..de6b535d --- /dev/null +++ b/Containers/mastercontainer/README.md @@ -0,0 +1,69 @@ +# Nextcloud All-in-One `mastercontainer` + +This folder contains the OCI/Docker container definition, along with associated resources and +configuration files, for building the `mastercontainer` as part of the Nextcloud All-in-One +project. This container hosts [the Nextcloud AIO interface]( +https://github.com/nextcloud/all-in-one/tree/main/php)[^app], and a dedicated PHP environment +for it (which is completely independent of the Nextcloud Server). + +## Overview + +The mastercontainer acts as the central orchestration service for the deployment and management +of all other containers in the Nextcloud All-in-One stack. It hosts: + +- A dedicated PHP SAPI/backend (php-fpm) for AIO itself (not Nextcloud Server) +- An Apache service for accessing the AIO interface via a self-signed HTTPS VirtualHost on 8080/tcp +- A Caddy reverse proxy service enabling HTTPS access to the AIO frontend on port 8443/tcp. + - Caddy will automatically issue a Let's Encrypt issued certificate if port 80 and 8443 + is open/forwarded and a domain pointer is in place; then, simply open the Nextcloud AIO interface using the + domain (`https://your-domain-that-points-to-this-server.tld:8443`). The Let's Encrypt certificate request will + use an [ACME HTTP-01](https://letsencrypt.org/docs/challenge-types/#http-01-challenge) challenge. +- Miscellaneous support services specific to AIO (backup management, health checks, etc.) + +## Key Responsibilities + +- Orchestrates the deployment and lifecycle of all Nextcloud service containers +- Handles initial setup and container configuration +- Coordinates image updates +- Monitors general system health + +It triggers the initial installation and ensures the smooth operation of the Nextcloud +All-in-One stack. + +## Contents + +- **Dockerfile**: Instructions for building the mastercontainer image. +- **Entrypoint script**: The `start.sh` script is used for container initialization and runtime + configuration before starting supervisord. +- [**Nextcloud All-in-One Controller App**](https://github.com/nextcloud/all-in-one/tree/main/php): The + core AIO orchestrator that handles configuration and settings for the containers. +- **Supervisor**: The `supervisord.conf` file defines the long-running services hosted within + the container (php-fpm, cron, etc.) + +## Usage + +This container should be used as the trigger image when deploying the Nextcloud All-in-One +stack in a Docker or other OCI-compliant container environment. For detailed deployment +instructions, refer to the [project documentation]( +https://github.com/nextcloud/all-in-one). + +## Related Resources + +- [Main Repository](https://github.com/nextcloud/all-in-one) +- [Documentation](https://github.com/nextcloud/all-in-one#readme) + +## Contributing + +Contributions are welcome! Please follow the Nextcloud project's guidelines and submit pull +requests or issues via the main repository. + +## License + +This folder and its contents are licensed under the +[GNU AGPLv3](https://www.gnu.org/licenses/agpl-3.0.html), in line with the rest of Nextcloud +All-in-One. + +[^app]: The Nextcloud All-in-One interface allows users to install, configure, and +manage their Nextcloud instance and related containers via a secure web interface and API. +It automates and simplifies complex tasks such as container orchestration, backups, updates, +and service management for users deploying Nextcloud in Docker environments. From 79824ac83b29812d96ee33668a63a46091fc4fb0 Mon Sep 17 00:00:00 2001 From: Josh Date: Mon, 20 Oct 2025 08:58:33 -0400 Subject: [PATCH 0642/1064] docs: add link to TrueNAS SCALE guidance --- readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/readme.md b/readme.md index 0c412866..9dfc2e77 100644 --- a/readme.md +++ b/readme.md @@ -91,6 +91,7 @@ The steps below are written for Linux. For platform-specific guidance see: - macOS: [How to run AIO on macOS](#how-to-run-aio-on-macos) - Windows: [How to run AIO on Windows](#how-to-run-aio-on-windows) - Synology DSM: [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm) +- TrueNAS SCALE: [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale) > [!IMPORTANT] > These instructions assume there is no existing web server or reverse proxy (for example Apache, Nginx, Caddy, or Cloudflare Tunnel) that you intend to place in front of AIO. If you plan to run AIO behind an existing web server or reverse proxy, follow the AIO reverse proxy documentation: [Reverse proxy docs](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) From 4690c8a4df6020114a36b17497d077c141f596ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Oct 2025 19:04:20 +0000 Subject: [PATCH 0643/1064] build(deps): bump playwright and @playwright/test in /php/tests Bumps [playwright](https://github.com/microsoft/playwright) to 1.56.1 and updates ancestor dependency [@playwright/test](https://github.com/microsoft/playwright). These dependencies need to be updated together. Updates `playwright` from 1.51.1 to 1.56.1 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](https://github.com/microsoft/playwright/compare/v1.51.1...v1.56.1) Updates `@playwright/test` from 1.51.1 to 1.56.1 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](https://github.com/microsoft/playwright/compare/v1.51.1...v1.56.1) --- updated-dependencies: - dependency-name: playwright dependency-version: 1.56.1 dependency-type: indirect - dependency-name: "@playwright/test" dependency-version: 1.56.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- php/tests/package-lock.json | 44 +++++++++++-------------------------- php/tests/package.json | 2 +- 2 files changed, 14 insertions(+), 32 deletions(-) diff --git a/php/tests/package-lock.json b/php/tests/package-lock.json index ea2b4296..7d7d3383 100644 --- a/php/tests/package-lock.json +++ b/php/tests/package-lock.json @@ -7,20 +7,19 @@ "": { "name": "e2e", "version": "1.0.0", - "license": "ISC", + "license": "AGPL-3.0-or-later", "devDependencies": { - "@playwright/test": "^1.51.1", - "@types/node": "^22.13.10" + "@playwright/test": "^1.56.1" } }, "node_modules/@playwright/test": { - "version": "1.51.1", - "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.51.1.tgz", - "integrity": "sha512-nM+kEaTSAoVlXmMPH10017vn3FSiFqr/bh4fKg9vmAdMfd9SDqRZNvPSiAHADc/itWak+qPvMPZQOPwCBW7k7Q==", + "version": "1.56.1", + "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.56.1.tgz", + "integrity": "sha512-vSMYtL/zOcFpvJCW71Q/OEGQb7KYBPAdKh35WNSkaZA75JlAO8ED8UN6GUNTm3drWomcbcqRPFqQbLae8yBTdg==", "dev": true, "license": "Apache-2.0", "dependencies": { - "playwright": "1.51.1" + "playwright": "1.56.1" }, "bin": { "playwright": "cli.js" @@ -29,16 +28,6 @@ "node": ">=18" } }, - "node_modules/@types/node": { - "version": "22.13.10", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.10.tgz", - "integrity": "sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==", - "dev": true, - "license": "MIT", - "dependencies": { - "undici-types": "~6.20.0" - } - }, "node_modules/fsevents": { "version": "2.3.2", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", @@ -55,13 +44,13 @@ } }, "node_modules/playwright": { - "version": "1.51.1", - "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.1.tgz", - "integrity": "sha512-kkx+MB2KQRkyxjYPc3a0wLZZoDczmppyGJIvQ43l+aZihkaVvmu/21kiyaHeHjiFxjxNNFnUncKmcGIyOojsaw==", + "version": "1.56.1", + "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.56.1.tgz", + "integrity": "sha512-aFi5B0WovBHTEvpM3DzXTUaeN6eN0qWnTkKx4NQaH4Wvcmc153PdaY2UBdSYKaGYw+UyWXSVyxDUg5DoPEttjw==", "dev": true, "license": "Apache-2.0", "dependencies": { - "playwright-core": "1.51.1" + "playwright-core": "1.56.1" }, "bin": { "playwright": "cli.js" @@ -74,9 +63,9 @@ } }, "node_modules/playwright-core": { - "version": "1.51.1", - "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.1.tgz", - "integrity": "sha512-/crRMj8+j/Nq5s8QcvegseuyeZPxpQCZb6HNk3Sos3BlZyAknRjoyJPFWkpNn8v0+P3WiwqFF8P+zQo4eqiNuw==", + "version": "1.56.1", + "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.56.1.tgz", + "integrity": "sha512-hutraynyn31F+Bifme+Ps9Vq59hKuUCz7H1kDOcBs+2oGguKkWTU50bBWrtz34OUWmIwpBTWDxaRPXrIXkgvmQ==", "dev": true, "license": "Apache-2.0", "bin": { @@ -85,13 +74,6 @@ "engines": { "node": ">=18" } - }, - "node_modules/undici-types": { - "version": "6.20.0", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz", - "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==", - "dev": true, - "license": "MIT" } } } diff --git a/php/tests/package.json b/php/tests/package.json index ebfa99ec..95aae5a8 100644 --- a/php/tests/package.json +++ b/php/tests/package.json @@ -3,6 +3,6 @@ "version": "1.0.0", "license": "AGPL-3.0-or-later", "devDependencies": { - "@playwright/test": "^1.51.1" + "@playwright/test": "^1.56.1" } } From c4245657e12f2c74d971584af8245e1dc2f41c47 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 21 Oct 2025 11:52:01 +0200 Subject: [PATCH 0644/1064] fix typo Signed-off-by: Simon L. --- community-containers/calcardbackup/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/calcardbackup/readme.md b/community-containers/calcardbackup/readme.md index 0bb04a3b..42a218b4 100644 --- a/community-containers/calcardbackup/readme.md +++ b/community-containers/calcardbackup/readme.md @@ -2,7 +2,7 @@ This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file. ### Notes -- Backups will be created at 00:00 CEST every day. Make sure that this does not conflict with the configured daily backups inside AIO. +- Backups will be created at 00:00 UTC every day. Make sure that this does not conflict with the configured daily backups inside AIO. - All the exports will be included in AIOs backup solution - You can find the exports in the nextcloud_aio_calcardbackup volume - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack From 1fbe2575d4ba30ba482f5866d67174599aefd02d Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 21 Oct 2025 12:03:53 +0000 Subject: [PATCH 0645/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 4809bae8..355c5788 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -4724,28 +4724,28 @@ }, { "name": "webmozart/assert", - "version": "1.11.0", + "version": "1.12.0", "source": { "type": "git", "url": "https://github.com/webmozarts/assert.git", - "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991" + "reference": "541057574806f942c94662b817a50f63f7345360" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/webmozarts/assert/zipball/11cb2199493b2f8a3b53e7f19068fc6aac760991", - "reference": "11cb2199493b2f8a3b53e7f19068fc6aac760991", + "url": "https://api.github.com/repos/webmozarts/assert/zipball/541057574806f942c94662b817a50f63f7345360", + "reference": "541057574806f942c94662b817a50f63f7345360", "shasum": "" }, "require": { "ext-ctype": "*", + "ext-date": "*", + "ext-filter": "*", "php": "^7.2 || ^8.0" }, - "conflict": { - "phpstan/phpstan": "<0.12.20", - "vimeo/psalm": "<4.6.1 || 4.6.2" - }, - "require-dev": { - "phpunit/phpunit": "^8.5.13" + "suggest": { + "ext-intl": "", + "ext-simplexml": "", + "ext-spl": "" }, "type": "library", "extra": { @@ -4776,9 +4776,9 @@ ], "support": { "issues": "https://github.com/webmozarts/assert/issues", - "source": "https://github.com/webmozarts/assert/tree/1.11.0" + "source": "https://github.com/webmozarts/assert/tree/1.12.0" }, - "time": "2022-06-03T18:03:27+00:00" + "time": "2025-10-20T12:43:39+00:00" } ], "aliases": [], From 6a54eb5a4403f62bb9127065e757a9cfa18d2d8c Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 21 Oct 2025 12:05:17 +0000 Subject: [PATCH 0646/1064] talk-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 37ece0f4..888d3a38 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -4,7 +4,7 @@ FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling FROM alpine:3.22.2 AS janus -ARG JANUS_VERSION=v1.3.2 +ARG JANUS_VERSION=v1.3.3 WORKDIR /src RUN set -ex; \ apk upgrade --no-cache -a; \ From 330ca71de26223e7199055420e48b5aa433dcbd1 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 22 Oct 2025 12:03:39 +0000 Subject: [PATCH 0647/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 355c5788..09f93f25 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -3338,16 +3338,16 @@ }, { "name": "nikic/php-parser", - "version": "v5.6.1", + "version": "v5.6.2", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2" + "reference": "3a454ca033b9e06b63282ce19562e892747449bb" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2", - "reference": "f103601b29efebd7ff4a1ca7b3eeea9e3336a2a2", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/3a454ca033b9e06b63282ce19562e892747449bb", + "reference": "3a454ca033b9e06b63282ce19562e892747449bb", "shasum": "" }, "require": { @@ -3390,9 +3390,9 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.1" + "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.2" }, - "time": "2025-08-13T20:13:15+00:00" + "time": "2025-10-21T19:32:17+00:00" }, { "name": "phpdocumentor/reflection-common", From fb1ca10ab45ef58ff1a44defe4aabb125ce5095b Mon Sep 17 00:00:00 2001 From: Josh Date: Wed, 22 Oct 2025 12:29:55 -0400 Subject: [PATCH 0648/1064] docs: Revise reverse proxy docs (first pass) Updated the reverse proxy documentation for Nextcloud AIO, enhancing clarity and structure. Re-organized top section(s). Added sections to provide context on integrated versus external reverse proxies versus secure tunnels/proxy platforms. De-duplicated some content. Signed-off-by: Josh --- reverse-proxy.md | 210 ++++++++++++++++++++++++++++------------------- 1 file changed, 127 insertions(+), 83 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 4d6cc2fa..953f1fd0 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1,67 +1,71 @@ -# Reverse Proxy Documentation - -> [!NOTE] -> Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO. - -> [!TIP] -> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575). +# Using a reverse proxy or secure tunnel to access Nextcloud AIO ## Introduction -In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to: -1. add a specific config to your web server or reverse proxy. [See the documentation below.](#1-configure-the-reverse-proxy) -2. specify the port that AIO's integrated Apache container shall use via the environmental variable `APACHE_PORT` (that runs inside its own container and published this port on the host) and adjust the `docker run` command of AIO. [See the documentation below.](#2-use-this-startup-command). -3. Open the AIO interface at port `8080` and type in and validate your domain. [See the documentation below.](#4-open-the-aio-interface) -Here one example with all reverse proxy settings for Linux: -``` -sudo docker run \ ---init \ ---sig-proxy=false \ ---name nextcloud-aio-mastercontainer \ ---restart always \ ---publish 8080:8080 \ ---env APACHE_PORT=11000 \ ---env APACHE_IP_BINDING=0.0.0.0 \ ---env APACHE_ADDITIONAL_NETWORK="" \ ---env SKIP_DOMAIN_VALIDATION=false \ ---volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ ---volume /var/run/docker.sock:/var/run/docker.sock:ro \ -ghcr.io/nextcloud-releases/all-in-one:latest -``` +This guide explains how to connect to Nextcloud AIO securely via HTTPS (TLS) using a reverse proxy or a secure tunnel/proxying platform. It covers: -
    +- Integrated: AIO's internal reverse proxy +- External: an external reverse proxy such as Caddy or Nginx +- Secure tunnel: a Zero Trust Network Access platform such as Tailscale or Cloudflare Tunnel -Explanation of the command - -- `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ in the normal readme). -- `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init). -- `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container. -- `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail. -- `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/ -- `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080). -- `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at. -- `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container) -- `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below) -- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things). -- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on. -- `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install. -- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used. -- Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml - -
    - -> [!Note] -> If you run into troubles, see [the debug section](#7-how-to-debug-things). - ---- - -> [!IMPORTANT] -> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. +> [!TIP] +> If AIO's internal reverse proxy meets your needs, you may not need to set up your own reverse proxy. See the next section to assess whether this is the case. > [!NOTE] -> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail! +> If your goal is to use AIO purely locally, refer to the [Local instance documentation](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md). -## Content +### Integrated: Using AIO's internal reverse proxy with built-in HTTPS support + +Nextcloud AIO is secured with TLS (HTTPS) out of the box via its internal reverse proxy. The integrated HTTPS support works well if your goal is to make AIO accessible from the public Internet and to ensure all traffic is encrypted with HTTPS. + +Requirements: +- A public IP address (it does **not** need to be a dedicated public IP). +- Port `443/tcp` on that IP must be dedicated to AIO, and port 443 must be opened/forwarded on the internet-facing firewall/router to the AIO host.[^talkPort] + +**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further — follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) instead.**. + +### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx*) + +A reverse proxy (or a web server acting as a reverse proxy) enables multiple web applications to share the same IP address and/or port (for example `443/tcp`) by directing traffic based on each application's hostname (often called "virtual hosts"). Incoming requests reach the reverse proxy and are then forwarded to the appropriate internal IP address, port, or container based on the requested hostname. + +Most notably, an external reverse proxy allows you to: +- share one external IP address among multiple hostnames/web applications, and +- use a different internal port than the externally used port. + +Using an existing external reverse proxy is required in particular if port `443/tcp` on your public IP is already in use by another web application or by an existing web server/reverse proxy (for example Caddy or Nginx). + +> [!TIP] +> Examples of web servers or reverse proxies you might already be running include Apache, Caddy, Nginx, Traefik, and HAProxy — but only if they are bound to port `443/tcp` on the IP address you plan to associate with AIO. + +> [!NOTE] +> An external reverse proxy can also facilitate other routing approaches (for example shared-hostname / subfolder-based routing), but Nextcloud AIO only supports webroot-based (non-shared-hostname) access, so those scenarios are not applicable here.[^shared] + +### Secure tunnel: Using AIO with a Zero Trust Network Access platform (*Tailscale, Cloudflare*) + +Cloudflare and Tailscale provide Zero Trust Network Access services. For AIO we are primarily concerned with: + +- Cloudflare Tunnel / Cloudflare Proxy +- Tailscale Serve / Tailscale Funnel + +> [!TIP] +> Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main?tab=readme-ov-file#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud. + +## Deployment + +### Quick overview + +To run Nextcloud AIO behind an external reverse proxy or secure tunneling/proxying service (instead of using AIO's integrated reverse proxy), you need to: + +1. Add a specific configuration to your web server or reverse proxy. See ["Configuring your reverse proxy"](#1-configure-the-reverse-proxy) below. +2. Specify the port that AIO's integrated Apache container will use via the environment variable `APACHE_PORT`. The Apache container runs in its own container and publishes that port on the host — update the `docker run` command (or your Compose file) accordingly. See ["Use this startup command"](#2-use-this-startup-command) below. +3. Open the AIO interface at port `8080` and enter and validate your domain. See ["Open the AIO interface"](#4-open-the-aio-interface) below. + +Don't worry if these steps are not clear yet — each is expanded on in the sections below. + +> [!TIP] +> If you don't have a domain yet, we recommend [an approach using Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have an external reverse proxy yet, we recommend [Caddy](https://github.com/nextcloud/all-in-one/discussions/575). + +### Getting Started The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4: 1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)** @@ -72,9 +76,19 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1 1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface) 1. Optional: how to debug things? See [point 7](#7-how-to-debug-things) -## 1. Configure the reverse proxy +> [!Note] +> If you run into troubles, see [the debug section](#7-how-to-debug-things). + +> [!IMPORTANT] +> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. + +> [!NOTE] +> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail! + +### 1. Configure the reverse proxy + +#### Adapting the sample web server configurations below -### Adapting the sample web server configurations below 1. Replace `` with the domain on which you want to run Nextcloud. 1. Adjust the port `11000` to match your chosen `APACHE_PORT`. 1. Adjust `localhost` or `127.0.0.1` to point to the Nextcloud server IP or domain depending on where the reverse proxy is running. See the following options. @@ -108,7 +122,7 @@ The process to run Nextcloud behind a reverse proxy consists of at least steps 1
    -### Apache +##### Apache
    @@ -188,7 +202,7 @@ To make the config work you can run the following command:
    -### Caddy (recommended) +##### Caddy (recommended)
    @@ -211,7 +225,7 @@ The Caddyfile is a text file called `Caddyfile` (no extension) which – if you
    -### Caddy with ACME DNS-challenge +##### Caddy with ACME DNS-challenge
    @@ -239,7 +253,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
    -### OpenLiteSpeed +##### OpenLiteSpeed
    @@ -249,7 +263,7 @@ You can find the OpenLiteSpeed reverse proxy guide by @MorrowShore here: https:/
    -### Citrix ADC VPX / Citrix Netscaler +##### Citrix ADC VPX / Citrix Netscaler
    @@ -259,7 +273,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
    -### Cloudflare Tunnel +##### Cloudflare Tunnel
    @@ -278,7 +292,7 @@ Although it does not seem like it is the case but from AIO perspective a Cloudfl
    -### HaProxy +##### HAProxy
    @@ -375,7 +389,7 @@ backend Nextcloud
    -### Nginx, Freenginx, Openresty, Angie +##### Nginx, Freenginx, Openresty, Angie
    @@ -474,7 +488,7 @@ server {
    -### NPMplus (Fork of Nginx-Proxy-Manager - NPM) +##### NPMplus (Fork of Nginx-Proxy-Manager - NPM)
    @@ -505,7 +519,7 @@ Second, see these screenshots for a working config:
    -### Nginx-Proxy-Manager - NPM +##### Nginx-Proxy-Manager - NPM
    @@ -538,7 +552,7 @@ Also change `@` to a mail address of yours.
    -### Nginx-Proxy +##### Nginx-Proxy
    @@ -554,7 +568,7 @@ Apart from that, there is a [manual-install](https://github.com/nextcloud/all-in
    -### Node.js with Express +##### Node.js with Express
    @@ -641,7 +655,7 @@ httpServer.on('upgrade', (req, socket, head) => {
    -### Synology Reverse Proxy +##### Synology Reverse Proxy
    @@ -659,7 +673,7 @@ See these screenshots for a working config:
    -### Traefik 2 +##### Traefik 2
    @@ -751,7 +765,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
    -### Traefik 3 +##### Traefik 3
    @@ -837,7 +851,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
    -### IIS with ARR and URL Rewrite +##### IIS with ARR and URL Rewrite
    @@ -907,7 +921,7 @@ Add the following `web.config` file to the root of the site you created as the r
    -### Tailscale +##### Tailscale
    @@ -918,7 +932,7 @@ For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333]
    -### Others +##### Others
    @@ -928,7 +942,7 @@ Config examples for other reverse proxies are currently not documented. Pull req
    -## 2. Use this startup command +### 2. Use this startup command After adjusting your reverse proxy config, use the following command to start AIO:
    @@ -951,6 +965,27 @@ sudo docker run \ ghcr.io/nextcloud-releases/all-in-one:latest ``` +
    + +Explanation of the command + +- `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ in the normal readme). +- `--init` This option makes sure that no zombie-processes are created, ever. See [the Docker documentation](https://docs.docker.com/reference/cli/docker/container/run/#init). +- `--sig-proxy=false` This option allows to exit the container shell that gets attached automatically when using `docker run` by using `[CTRL] + [C]` without shutting down the container. +- `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail. +- `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/ +- `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080). +- `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at. +- `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container) +- `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below) +- `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#7-how-to-debug-things). +- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on. +- `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install. +- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used. +- Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml + +
    + Note: you may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it. You should also think about limiting the Apache container to listen only on localhost in case the reverse proxy is running on the same host and in the host network, by providing an additional environmental variable to this docker run command. See [point 3](#3-limit-the-access-to-the-apache-container). @@ -989,17 +1024,17 @@ On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-sy Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588 -## 3. Limit the access to the Apache container +### 3. Limit the access to the Apache container Use this environment variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `--env APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address instead of localhost, you should set it to `0.0.0.0`. -## 4. Open the AIO interface +### 4. Open the AIO interface After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080` and type in and validate the domain that you have configured.
    ⚠️ **Important:** do always use an ip-address if you access this port and not a domain as HSTS might block access to it later! (It is also expected that this port uses a self-signed certificate due to security concerns which you need to accept in your browser)
    Enter your domain in the AIO interface that you've used in the reverse proxy config and you should be done. Please do not forget to open/forward port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container! -## 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1 +### 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1 If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1* you must make the following configuration changes *: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1` @@ -1011,7 +1046,7 @@ Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this: sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value=ip.address.of.proxy ``` -### Collabora WOPI allow list +#### Collabora WOPI allow list If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain* and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`. *: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.) @@ -1037,7 +1072,8 @@ https://:8443 { Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://:443` instead of `https://:8443` in the Caddyfile and use that to access the AIO interface. -## 7. How to debug things? +### 7. How to debug things? + @@ -1057,7 +1093,8 @@ If something does not work, follow the steps below: 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance. 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything! -## 8. Removing the reverse proxy +### 8. Removing the reverse proxy + If you, at some point, want to remove the reverse proxy, here are some general steps: 1. Stop all running containers in the AIO Interface. 2. Stop and remove the mastercontainer. @@ -1075,3 +1112,10 @@ If you, at some point, want to remove the reverse proxy, here are some general s *The first command ensures that the Apache container is listening on all available network interfaces and the second command configures it to listen to port 443.* 5. Restart all other containers in the AIO interface. + +--- + +## Footnotes: + +[^talkPort]: Ports 3478/TCP and 3478/UDP are also required if using Nextcloud Talk (but they're less likely to conflict with existing services). +[^shared]: Other Nextcloud Server deployment methods (but not AIO) can be deployed behind shared hostnames and accessed via subfolder-based URLs. For example, this is supported with Bare Metal (Archive) and the micro-services Docker image, among others. Note that pure subfolder deployments are less and less required these days, with the broad support for virtual host based access (including at the reverse proxy level), which easily faciliates port IP address and external port sharing. From 3a7d77a7660d4157e0166cc07eadbcaea9f7a792 Mon Sep 17 00:00:00 2001 From: Josh Date: Wed, 22 Oct 2025 12:36:09 -0400 Subject: [PATCH 0649/1064] fix: make headers consistent Signed-off-by: Josh --- reverse-proxy.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 953f1fd0..80aa7e10 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1039,7 +1039,7 @@ If your reverse proxy connects to nextcloud using an ip-address and not localhos *: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1` -### Nextcloud trusted proxies +#### Nextcloud trusted proxies Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this: ``` @@ -1051,11 +1051,11 @@ If your reverse proxy connects to Nextcloud with an IP address that is different *: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.) -### External reverse proxies connecting via VPN (e.g. Tailscale) +#### External reverse proxies connecting via VPN (e.g. Tailscale) If your reverse proxy is outside your LAN and connecting via VPN such as Tailscale, you may want to set `APACHE_IP_BINDING=AIO.VPN.host.IP` to ensure only traffic coming from the VPN can connect. -## 6. Optional: get a valid certificate for the AIO interface +### 6. Optional: get a valid certificate for the AIO interface If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile: From d107cccb92428d018c88835078abcc9979fab2aa Mon Sep 17 00:00:00 2001 From: Josh Date: Wed, 22 Oct 2025 13:39:55 -0400 Subject: [PATCH 0650/1064] chore: fix typo Signed-off-by: Josh --- reverse-proxy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 80aa7e10..8cf0bb74 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1118,4 +1118,4 @@ If you, at some point, want to remove the reverse proxy, here are some general s ## Footnotes: [^talkPort]: Ports 3478/TCP and 3478/UDP are also required if using Nextcloud Talk (but they're less likely to conflict with existing services). -[^shared]: Other Nextcloud Server deployment methods (but not AIO) can be deployed behind shared hostnames and accessed via subfolder-based URLs. For example, this is supported with Bare Metal (Archive) and the micro-services Docker image, among others. Note that pure subfolder deployments are less and less required these days, with the broad support for virtual host based access (including at the reverse proxy level), which easily faciliates port IP address and external port sharing. +[^shared]: Other Nextcloud Server deployment methods (but not AIO) can be deployed behind shared hostnames and accessed via subfolder-based URLs. For example, this is supported with Bare Metal (Archive) and the micro-services Docker image, among others. Note that pure subfolder deployments are less and less required these days, with the broad support for virtual host based access (including at the reverse proxy level), which easily facilitates port IP address and external port sharing. From c53308ab3286664e44f7fa0db12f5a9c48fc6c3c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 23 Oct 2025 13:56:56 +0200 Subject: [PATCH 0651/1064] update `nextcloud-aio-minio` to `v2` Signed-off-by: Simon L. --- community-containers/minio/minio.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/minio/minio.json b/community-containers/minio/minio.json index 2403f213..50613202 100644 --- a/community-containers/minio/minio.json +++ b/community-containers/minio/minio.json @@ -2,7 +2,7 @@ "aio_services_v1": [ { "container_name": "nextcloud-aio-minio", - "image_tag": "v1", + "image_tag": "v2", "display_name": "Minio S3 Storage", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/minio", "image": "ghcr.io/szaimen/aio-minio", From 1968cd3b362aaf267c137f28e59bda4e9a40f242 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Oct 2025 04:19:59 +0000 Subject: [PATCH 0652/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.5 to 8.19.6. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 980fe275..a50aee53 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.5 +FROM elasticsearch:8.19.6 USER root From 152f1e375b86fd04048f8919f1f51809e64467e1 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 24 Oct 2025 07:25:45 +0000 Subject: [PATCH 0653/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 4eae8029..a94e41e2 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=31.0.9 +ENV NEXTCLOUD_VERSION=31.0.10 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 8fb2f84440867a8db5208ec25d66ee161cd30492 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 24 Oct 2025 09:29:30 +0200 Subject: [PATCH 0654/1064] increase to 11.11.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 8db6beb6..16a240dc 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v11.10.0

    +

    Nextcloud AIO v11.11.0

    {# Add 2nd tab warning #} From fc9265653ee1e9c6faf86e52b153443dfdae839e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 24 Oct 2025 09:48:00 +0200 Subject: [PATCH 0655/1064] nextcloud: download nextcloud archive file from github instead of download.nextcloud.com Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index a94e41e2..c5ab4985 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -156,7 +156,7 @@ RUN set -ex; \ ; \ \ curl -fsSL -o nextcloud.tar.bz2 \ - "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ + "https://github.com/nextcloud-releases/server/releases/download/v${NEXTCLOUD_VERSION}/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \ curl -fsSL -o nextcloud.tar.bz2.asc \ "https://download.nextcloud.com/server/releases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ From 5568c78293cdec239a560a7060aed34af5e66ecd Mon Sep 17 00:00:00 2001 From: masterwoot Date: Fri, 24 Oct 2025 09:59:57 +0200 Subject: [PATCH 0656/1064] Update backupscript.sh Typo in string messages, changing from "Nextclouds data directory.." to "Nextcloud's data directory.." as it's in the possessive form. Signed-off-by: masterwoot --- Containers/borgbackup/backupscript.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh index 602ec586..41c05724 100644 --- a/Containers/borgbackup/backupscript.sh +++ b/Containers/borgbackup/backupscript.sh @@ -199,7 +199,7 @@ if [ "$BORG_MODE" = backup ]; then if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup" ]; then BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/") BORG_INCLUDE+=(--pattern="+/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.noaiobackup") - echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from backup!" + echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextcloud's data directory. Excluding the data directory from backup!" # Exclude preview folder if .noaiobackup file was found elif [ -f /nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/.noaiobackup ]; then BORG_EXCLUDE+=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/") @@ -344,7 +344,7 @@ if [ "$BORG_MODE" = restore ]; then ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/**") ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/**") ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data\(/.*\)?') - echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextclouds data directory. Excluding the data directory from restore!" + echo "⚠️⚠️⚠️ '.noaiobackup' file was found in Nextcloud's data directory. Excluding the data directory from restore!" echo "You might run into problems due to this afterwards as potentially this makes the directory go out of sync with the database." echo "You might be able to fix this by running 'occ files:scan --all' and 'occ maintenance:repair' and 'occ files:scan-app-data' after the restore." echo "See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands" From bf42de65dacf05471305776aa41f24e9582f0077 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 04:21:21 +0000 Subject: [PATCH 0657/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.4.13-fpm-alpine3.22 to 8.4.14-fpm-alpine3.22. --- updated-dependencies: - dependency-name: php dependency-version: 8.4.14-fpm-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index c1cbaa59..20f22421 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:28.5.1-cli AS docker FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile -FROM php:8.4.13-fpm-alpine3.22 +FROM php:8.4.14-fpm-alpine3.22 EXPOSE 80 EXPOSE 8080 From 19d5ad2a794503ed1b3992ed05991667b4a61327 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 04:21:59 +0000 Subject: [PATCH 0658/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.2.6-alpine to 3.2.7-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.2.7-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 72034cec..ad128d54 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.2.6-alpine +FROM haproxy:3.2.7-alpine # hadolint ignore=DL3002 USER root From 2598f1b983b883d45224c71f2a673f1cb310c040 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 04:22:17 +0000 Subject: [PATCH 0659/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.26-fpm-alpine3.22 to 8.3.27-fpm-alpine3.22. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.27-fpm-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index c5ab4985..0250f067 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.26-fpm-alpine3.22 +FROM php:8.3.27-fpm-alpine3.22 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From b7c6ab018de93f361a9e38f70392f9e5b6b0d3da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 04:22:30 +0000 Subject: [PATCH 0660/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.3.0 to v1.4.0. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.4.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index e60bb815..f90dfdee 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.3.0 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.0 USER root RUN set -ex; \ From 68f7958c1253a522b5f80cdfdc730b0fd5406f5e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 27 Oct 2025 11:37:12 +0100 Subject: [PATCH 0661/1064] update detail Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud-aio-helm-chart/readme.md b/nextcloud-aio-helm-chart/readme.md index edf6c779..cb31e601 100755 --- a/nextcloud-aio-helm-chart/readme.md +++ b/nextcloud-aio-helm-chart/readme.md @@ -1,7 +1,7 @@ # Nextcloud AIO Helm-chart > [!NOTE] -> For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/). +> For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman and OpenShift), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/). > [!IMPORTANT] > This Helm-Chart is not intended to be used with Ingress as it handles TLS itself via the built-in apache container and exposes a Loadbalancer port itself on the Cluster. See the [apache service](https://github.com/nextcloud/all-in-one/blob/main/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml). However if the Cluster is used behind NAT, you can adjust `APACHE_PORT` to a different one than 443 and do the TLS offloading on an external Reverse Proxy that forwards the traffic to the configured port via http. If you really need the Ingress feature, please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/) as we offer an enterprise-ready and scalable deployment method based on Helm Charts that also allows Ingress to be used. From 8a3befadddb10a272a2970093d05db8e951720e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 14:04:50 +0000 Subject: [PATCH 0662/1064] build(deps): bump actions/upload-artifact in /.github/workflows Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/playwright.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 9de89243..8c7b0a93 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -82,7 +82,7 @@ jobs: exit 1 fi - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v5 if: ${{ !cancelled() }} with: name: playwright-report From 6c3f2e41ff4b2673ba464e1d84daedade1750879 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 27 Oct 2025 18:23:21 +0100 Subject: [PATCH 0663/1064] add DeepWiki badge to auto-refresh the wiki Signed-off-by: Simon L. --- readme.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/readme.md b/readme.md index 9dfc2e77..80f8808c 100644 --- a/readme.md +++ b/readme.md @@ -1143,3 +1143,11 @@ AIO ships its own update notifications implementation. It checks if container up ### Huge docker logs If you should run into issues with huge docker logs, you can adjust the log size by following https://docs.docker.com/config/containers/logging/local/#usage. However for the included AIO containers, this should usually not be needed because almost all of them have the log level set to warn so they should not produce many logs. + +
    + +Badges + +[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/nextcloud/all-in-one) + +
    From 68edc82bf4ac950f4c51cfff3dd00508a582ba45 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 29 Oct 2025 13:30:43 +0100 Subject: [PATCH 0664/1064] watchtower: revert to building watchtower manually Signed-off-by: Simon L. --- .github/workflows/watchtower-update.yml | 36 +++++++++++++++++++++++++ Containers/watchtower/Dockerfile | 12 +++++++-- 2 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/watchtower-update.yml diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml new file mode 100644 index 00000000..329cd284 --- /dev/null +++ b/.github/workflows/watchtower-update.yml @@ -0,0 +1,36 @@ +name: watchtower-update + +on: + workflow_dispatch: + schedule: + - cron: '00 12 * * *' + +jobs: + watchtower-update: + name: update watchtower + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + - name: Run watchtower-container-update + run: | + # Watchtower + watchtower_version="$( + git ls-remote https://github.com/nicholas-fedor/watchtower v* \ + | cut -d/ -f3 \ + | sort -V \ + | grep -E "^v[0-9\.]+$" \ + | tail -1 + )" + watchtower_commit_hash="$(git ls-remote https://github.com/nicholas-fedor/watchtower $watchtower_version | sed 's/refs.*//')" + sed -i "s|^ENV WATCHTOWER_COMMIT_HASH.*$|ENV WATCHTOWER_COMMIT_HASH=$watchtower_commit_hash # $watchtower_version|" ./Containers/watchtower/Dockerfile + + - name: Create Pull Request + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7 + with: + commit-message: watchtower-update automated change + signoff: true + title: watchtower container update + body: Automated watchtower container update + labels: dependencies, 3. to review + milestone: next + branch: watchtower-container-update diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index c2b38b18..e3858248 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,13 @@ # syntax=docker/dockerfile:latest -FROM ghcr.io/nicholas-fedor/watchtower:1.12.1 AS watchtower +FROM golang:1.25.3-alpine3.22 AS go + +ENV WATCHTOWER_COMMIT_HASH=v1.12.1 + +RUN set -ex; \ + apk upgrade --no-cache -a; \ + apk add --no-cache \ + build-base; \ + go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH; FROM alpine:3.22.2 @@ -7,7 +15,7 @@ RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache bash ca-certificates tzdata -COPY --from=watchtower /watchtower /watchtower +COPY --from=go /go/bin/watchtower /watchtower COPY --chmod=775 start.sh /start.sh From e2614defe02501dffb0a13aac067c7beba16b663 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 29 Oct 2025 14:54:36 +0100 Subject: [PATCH 0665/1064] helm: adjust externalTrafficPolicy to Local only for apache container Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 80882854..9c249cb1 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -252,7 +252,7 @@ find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK.*}}\|protocol: # shellcheck disable=SC1083 find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \; # shellcheck disable=SC1083 -find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \; +find ./ -name '*apache-service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \; # shellcheck disable=SC1083 find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferDualStack" \{} \; # shellcheck disable=SC1083 From 5289da58d6ac876321dc5af032ee7efc8c0887ed Mon Sep 17 00:00:00 2001 From: Josh Date: Thu, 30 Oct 2025 14:34:46 -0400 Subject: [PATCH 0666/1064] docs: further enhance reverse proxy / secure tunnel docs Further updated the guide to clarify the use of reverse proxies and secure tunnels with Nextcloud AIO. Signed-off-by: Josh --- reverse-proxy.md | 159 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 115 insertions(+), 44 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 8cf0bb74..b1eb353c 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -2,88 +2,150 @@ ## Introduction -This guide explains how to connect to Nextcloud AIO securely via HTTPS (TLS) using a reverse proxy or a secure tunnel/proxying platform. It covers: +This guide explains how to connect to Nextcloud AIO securely via HTTPS (TLS) using a reverse proxy or a secure tunneling platform. It covers several potential scenarios: -- Integrated: AIO's internal reverse proxy -- External: an external reverse proxy such as Caddy or Nginx -- Secure tunnel: a Zero Trust Network Access platform such as Tailscale or Cloudflare Tunnel +- **Integrated**: AIO's built-in reverse proxy with automatic HTTPS +- **External**: An external reverse proxy (such as Caddy or Nginx or Cloudflare Proxy) +- **Secure tunnel**: Tunneling services for private network access or public access without port forwarding (such as Tailscale Serve or Cloudflare Tunnel) + +## Choosing Your Approach > [!TIP] > If AIO's internal reverse proxy meets your needs, you may not need to set up your own reverse proxy. See the next section to assess whether this is the case. > [!NOTE] -> If your goal is to use AIO purely locally, refer to the [Local instance documentation](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md). +> If your goal is to use AIO purely locally, refer to the [Local instance documentation](https://github.com/nextcloud/all-in-one/blob/main/local-instance.md). Local instance setups don't require domain validation. + +### When to use each approach + +| Approach | Best for | Requirements | Inbound Ports Required | +|----------|----------|--------------|---------------| +| **Integrated** | Simple setups, single service on port 443 | Public IP, dedicated port 443 | Yes (443) | +| **External Reverse Proxy** (including Cloudflare Proxy) | Multiple services, existing web server, or users wanting DDoS protection | Existing reverse proxy, willingness to set one up, or Cloudflare account | Yes (443) | +| **Cloudflare Tunnel** | No port forwarding possible/desired, public access | Cloudflare account | No | +| **Tailscale Serve** | Private access (tailnet only) | Tailscale account | No | +| **Tailscale Funnel** | Public access via Tailscale | Tailscale account | No | + +## Implementation Details ### Integrated: Using AIO's internal reverse proxy with built-in HTTPS support Nextcloud AIO is secured with TLS (HTTPS) out of the box via its internal reverse proxy. The integrated HTTPS support works well if your goal is to make AIO accessible from the public Internet and to ensure all traffic is encrypted with HTTPS. Requirements: -- A public IP address (it does **not** need to be a dedicated public IP). -- Port `443/tcp` on that IP must be dedicated to AIO, and port 443 must be opened/forwarded on the internet-facing firewall/router to the AIO host.[^talkPort] +- A public IP address that is reachable from the Internet (it does **not** need to be static, but it must not be behind carrier-grade NAT, which some ISPs use to share IP addresses among multiple customers). +- Port `443/tcp` on that IP must be available for AIO's exclusive use, and it must be opened/forwarded on your internet-facing firewall/router to the AIO host.[^talkPort] -**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further — follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) instead.**. +**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further. Follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this).** -### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx*) +### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx, Cloudflare Proxy*) + +**When you use an external reverse proxy, you disable AIO's built-in HTTPS support** because your reverse proxy will handle HTTPS/TLS certificates and encryption instead. This approach is necessary when: +- Port 443 is already in use by another service +- You want to run multiple web services on the same IP address +- You already have an existing reverse proxy infrastructure A reverse proxy (or a web server acting as a reverse proxy) enables multiple web applications to share the same IP address and/or port (for example `443/tcp`) by directing traffic based on each application's hostname (often called "virtual hosts"). Incoming requests reach the reverse proxy and are then forwarded to the appropriate internal IP address, port, or container based on the requested hostname. +**Types of external reverse proxies:** +- **Self-hosted** (Caddy, Nginx, Apache, Traefik, HAProxy, etc.) - You manage the reverse proxy on your own server or separate server +- **Cloudflare Proxy** (orange-clouded DNS) - Cloudflare provides the reverse proxy at their edge network with DDoS protection and CDN benefits. This is distinct from Cloudflare Tunnel, though Tunnel can optionally use these proxy features when publishing routes. + Most notably, an external reverse proxy allows you to: - share one external IP address among multiple hostnames/web applications, and - use a different internal port than the externally used port. Using an existing external reverse proxy is required in particular if port `443/tcp` on your public IP is already in use by another web application or by an existing web server/reverse proxy (for example Caddy or Nginx). +> [!NOTE] +> Cloudflare **Tunnel** and Cloudflare **Proxy** are different approaches: +> - **Cloudflare Tunnel** doesn't require opening any inbound ports on your firewall. +> - **Cloudflare Proxy** still requires port 443 exposed on your server. + > [!TIP] > Examples of web servers or reverse proxies you might already be running include Apache, Caddy, Nginx, Traefik, and HAProxy — but only if they are bound to port `443/tcp` on the IP address you plan to associate with AIO. > [!NOTE] -> An external reverse proxy can also facilitate other routing approaches (for example shared-hostname / subfolder-based routing), but Nextcloud AIO only supports webroot-based (non-shared-hostname) access, so those scenarios are not applicable here.[^shared] +> An external reverse proxy can also facilitate other routing approaches, but Nextcloud AIO only supports having its own dedicated hostname (e.g., `cloud.example.com`). You cannot run it in a subfolder like `example.com/nextcloud/`.[^shared] -### Secure tunnel: Using AIO with a Zero Trust Network Access platform (*Tailscale, Cloudflare*) +### Secure tunnel: Using AIO with a secure tunneling service (*Tailscale, Cloudflare*) -Cloudflare and Tailscale provide Zero Trust Network Access services. For AIO we are primarily concerned with: +Cloudflare and Tailscale offer secure tunneling services that let you access your Nextcloud without opening ports on your firewall. -- Cloudflare Tunnel / Cloudflare Proxy -- Tailscale Serve / Tailscale Funnel +#### Private network access + +For Nextcloud AIO, you can use: +- **Cloudflare Tunnel (`cloudflared`)** - Secure outbound-only tunnels that don't require exposing ports +- **Tailscale Serve** - Expose services privately on your Tailscale network (tailnet only) + +Both options provide private network access to your Nextcloud AIO instance. + +#### Public Internet access (without port forwarding) + +To make your Nextcloud AIO instance accessible from the public Internet (not just your private network), you can use: +- **Cloudflare Tunnel** with public routes enabled (which combines Cloudflare Tunnel with Cloudflare's proxy features) +- **Tailscale Funnel** - Expose services to the public Internet via Tailscale's infrastructure + +**Comparison of Cloudflare and Tailscale options:** + +| Feature | Access Scope | Inbound Ports Required | Use Case | +|---------|--------------|----------------|----------| +| **Cloudflare Tunnel** | Public Internet | None | Public access without port forwarding | +| **Tailscale Serve** | Your Tailscale network only | None | Private access for you and invited users | +| **Tailscale Funnel** | Public Internet | None | Public access through Tailscale | > [!TIP] > Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main?tab=readme-ov-file#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud. +> +> **For private/personal use**: [Tailscale Serve](https://tailscale.com/kb/1312/serve) is ideal - it keeps your Nextcloud completely private to your tailnet. +> +> **For public access without port forwarding**: Use [Tailscale Funnel](https://tailscale.com/kb/1223/funnel). -## Deployment +## Configuration and Deployment + +> [!NOTE] +> These instructions assume you already have a domain name pointing to your server's public IP address. If you don't have a domain yet, see the recommendations below. ### Quick overview -To run Nextcloud AIO behind an external reverse proxy or secure tunneling/proxying service (instead of using AIO's integrated reverse proxy), you need to: +To run Nextcloud AIO behind an external reverse proxy or secure tunneling/proxying service (instead of using AIO's integrated reverse proxy), the basic process is: -1. Add a specific configuration to your web server or reverse proxy. See ["Configuring your reverse proxy"](#1-configure-the-reverse-proxy) below. -2. Specify the port that AIO's integrated Apache container will use via the environment variable `APACHE_PORT`. The Apache container runs in its own container and publishes that port on the host — update the `docker run` command (or your Compose file) accordingly. See ["Use this startup command"](#2-use-this-startup-command) below. -3. Open the AIO interface at port `8080` and enter and validate your domain. See ["Open the AIO interface"](#4-open-the-aio-interface) below. +1. Configure your web server or reverse proxy with the specific settings for AIO. +2. Specify the port that AIO's integrated Apache container will use. +3. Open the AIO interface and validate your domain. -Don't worry if these steps are not clear yet — each is expanded on in the sections below. +The sections below provide detailed instructions for each step. > [!TIP] -> If you don't have a domain yet, we recommend [an approach using Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have an external reverse proxy yet, we recommend [Caddy](https://github.com/nextcloud/all-in-one/discussions/575). +> If you don't have a domain yet, we recommend using [an approach using Tailscale](https://github.com/nextcloud/all-in-one/discussions/6817). If you don't have an external reverse proxy yet, we recommend [Caddy](https://github.com/nextcloud/all-in-one/discussions/575). -### Getting Started +### Step-by-Step Instructions -The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4: -1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)** -1. **Use this startup command! See [point 2](#2-use-this-startup-command)** -1. Optional: if the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container) -1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)** -1. Optional: if the reverse proxy is outside the host network, configure AIO to trust it. See [point 5](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001) -1. Optional: get a valid certificate for the AIO interface! See [point 6](#6-optional-get-a-valid-certificate-for-the-aio-interface) -1. Optional: how to debug things? See [point 7](#7-how-to-debug-things) +The process to run Nextcloud AIO behind a reverse proxy has three required steps and three optional steps: -> [!Note] +**Required steps:** +1. **Configure** your web server or reverse proxy with the specific settings for AIO. See ["Configuring your reverse proxy"](#1-configure-the-reverse-proxy) below. +2. **Specify** the port that AIO's integrated Apache container will use via the environment variable `APACHE_PORT`, and update the `docker run` command or your Compose file accordingly. See ["Use this startup command"](#2-use-this-startup-command) below. + - *Optional*: Limit the access to the Apache container. See ["Limit the access to the Apache container"](#3-limit-the-access-to-the-apache-container). +3. **Open** the AIO interface at port `8080`, enter your domain, and validate it. See ["Open the AIO interface"](#4-open-the-aio-interface) below. + +**Optional steps:** + +4. Configure additional settings if your reverse proxy uses an IP address to connect to AIO. See ["Configure AIO for IP-based reverse proxies"](#5-optional-configure-aio-for-reverse-proxies-that-connect-to-nextcloud-using-an-ip-address-and-not-localhost-nor-127001). +5. Get a valid certificate for the AIO interface. See ["Get a valid certificate for the AIO interface"](#6-optional-get-a-valid-certificate-for-the-aio-interface). +6. Debug things if needed. See ["How to debug things"](#7-how-to-debug-things). + +> [!NOTE] > If you run into troubles, see [the debug section](#7-how-to-debug-things). > [!IMPORTANT] -> If you need HTTPS between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of HTTPS proxying (most likely via self-signed certificates). Another option would be to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection. +> If you need HTTPS between Nextcloud and the reverse proxy (because the reverse proxy runs on a different server), you have two options: +> +> 1. **Add a local reverse proxy**: Install another reverse proxy on the same server as AIO to handle HTTPS (typically with self-signed certificates) +> 2. **Use a VPN**: Create a VPN tunnel between the AIO server and the reverse proxy server to encrypt the connection > [!NOTE] -> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail! +> Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom Docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because it will fail! ### 1. Configure the reverse proxy @@ -673,6 +735,26 @@ See these screenshots for a working config:
    +##### Tailscale (Serve) + +
    + +Click here to expand + +Tailscale can be used to provide private access to your Nextcloud AIO instance without opening ports on your firewall. With **Tailscale Serve**, your Nextcloud is accessible only to devices on your Tailscale network (tailnet) via a secure HTTPS domain. + +For a detailed setup guide using Tailscale Serve with Nextcloud AIO, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817 + +The guide covers: +- Setting up system-wide (non-containerized) Tailscale as a reverse proxy +- Configuring Nextcloud AIO to work with Tailscale Serve +- Using Tailscale's MagicDNS to provide automatic HTTPS certificates +- Private access via your tailnet (e.g., `yourserver.tail0a12b3.ts.net`) + +⚠️ **Please note:** This guide covers **Tailscale Serve** for private tailnet access. If you need public Internet access, consider using **Tailscale Funnel**. + +
    + ##### Traefik 2
    @@ -921,17 +1003,6 @@ Add the following `web.config` file to the root of the site you created as the r
    -##### Tailscale - -
    - -click here to expand - -For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817 - -
    - - ##### Others
    From 727d0d03db4d59fe6425c01f812c2f9a4af65dc6 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 31 Oct 2025 12:03:38 +0000 Subject: [PATCH 0667/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 48 +++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 09f93f25..93aeefab 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -1646,16 +1646,16 @@ }, { "name": "twig/twig", - "version": "v3.21.1", + "version": "v3.22.0", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d" + "reference": "4509984193026de413baf4ba80f68590a7f2c51d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/285123877d4dd97dd7c11842ac5fb7e86e60d81d", - "reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/4509984193026de413baf4ba80f68590a7f2c51d", + "reference": "4509984193026de413baf4ba80f68590a7f2c51d", "shasum": "" }, "require": { @@ -1709,7 +1709,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.21.1" + "source": "https://github.com/twigphp/Twig/tree/v3.22.0" }, "funding": [ { @@ -1721,7 +1721,7 @@ "type": "tidelift" } ], - "time": "2025-05-03T07:21:55+00:00" + "time": "2025-10-29T15:56:47+00:00" } ], "packages-dev": [ @@ -3883,16 +3883,16 @@ }, { "name": "symfony/console", - "version": "v6.4.26", + "version": "v6.4.27", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f" + "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f", - "reference": "492de6dfd93910d7d7a729c5a04ddcd2b9e99c4f", + "url": "https://api.github.com/repos/symfony/console/zipball/13d3176cf8ad8ced24202844e9f95af11e2959fc", + "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc", "shasum": "" }, "require": { @@ -3957,7 +3957,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.26" + "source": "https://github.com/symfony/console/tree/v6.4.27" }, "funding": [ { @@ -3977,7 +3977,7 @@ "type": "tidelift" } ], - "time": "2025-09-26T12:13:46+00:00" + "time": "2025-10-06T10:25:16+00:00" }, { "name": "symfony/filesystem", @@ -4051,16 +4051,16 @@ }, { "name": "symfony/finder", - "version": "v6.4.24", + "version": "v6.4.27", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "73089124388c8510efb8d2d1689285d285937b08" + "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/73089124388c8510efb8d2d1689285d285937b08", - "reference": "73089124388c8510efb8d2d1689285d285937b08", + "url": "https://api.github.com/repos/symfony/finder/zipball/a1b6aa435d2fba50793b994a839c32b6064f063b", + "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b", "shasum": "" }, "require": { @@ -4095,7 +4095,7 @@ "description": "Finds files and directories via an intuitive fluent interface", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/finder/tree/v6.4.24" + "source": "https://github.com/symfony/finder/tree/v6.4.27" }, "funding": [ { @@ -4115,7 +4115,7 @@ "type": "tidelift" } ], - "time": "2025-07-15T12:02:45+00:00" + "time": "2025-10-15T18:32:00+00:00" }, { "name": "symfony/polyfill-intl-grapheme", @@ -4724,16 +4724,16 @@ }, { "name": "webmozart/assert", - "version": "1.12.0", + "version": "1.12.1", "source": { "type": "git", "url": "https://github.com/webmozarts/assert.git", - "reference": "541057574806f942c94662b817a50f63f7345360" + "reference": "9be6926d8b485f55b9229203f962b51ed377ba68" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/webmozarts/assert/zipball/541057574806f942c94662b817a50f63f7345360", - "reference": "541057574806f942c94662b817a50f63f7345360", + "url": "https://api.github.com/repos/webmozarts/assert/zipball/9be6926d8b485f55b9229203f962b51ed377ba68", + "reference": "9be6926d8b485f55b9229203f962b51ed377ba68", "shasum": "" }, "require": { @@ -4776,9 +4776,9 @@ ], "support": { "issues": "https://github.com/webmozarts/assert/issues", - "source": "https://github.com/webmozarts/assert/tree/1.12.0" + "source": "https://github.com/webmozarts/assert/tree/1.12.1" }, - "time": "2025-10-20T12:43:39+00:00" + "time": "2025-10-29T15:56:20+00:00" } ], "aliases": [], From f88e4aef373c9a151a6181176a831c72a1c9faa7 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 31 Oct 2025 12:25:33 +0000 Subject: [PATCH 0668/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-service.yaml | 1 - .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 15 files changed, 19 insertions(+), 20 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 6eb13d92..0b10dd4d 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.10.0 +version: 11.11.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 4196cb99..3388c1d7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-apache:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 9f8dda8d..35b30e41 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-clamav:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 5db29234..449a24fc 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -35,7 +35,7 @@ spec: value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-collabora:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 8466fe03..6f08b4a6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-postgresql:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 5b9ef69f..49dc3d34 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 84ea42e6..4956ed71 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-imaginary:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index c6559fbd..49f2bd53 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 command: - chmod - "777" @@ -188,7 +188,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20251031_122139 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index dac83c98..b93283e7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-notify-push:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 98f75058..c30f6a0e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 61938748..2d5da82d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-redis:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index aa078677..b6f2e489 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-talk:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 27a50beb..e0902a0f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20251031_122139 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml index 675a2729..10d17177 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml @@ -12,7 +12,6 @@ metadata: spec: ipFamilyPolicy: PreferDualStack type: LoadBalancer - externalTrafficPolicy: Local ports: - name: "{{ .Values.TALK_PORT }}" port: {{ .Values.TALK_PORT }} diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 08d3fcca..28c05cab 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20251015_082711 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20251031_122139 readinessProbe: exec: command: From 3475a7b5d3eca296046351b967c6ea0f0987c2e8 Mon Sep 17 00:00:00 2001 From: "Ruben D." Date: Fri, 24 Oct 2025 20:53:55 +0200 Subject: [PATCH 0669/1064] Change Milter OnInfected action to Reject Signed-off-by: Ruben D. --- Containers/clamav/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 81db262f..94d39b67 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -17,6 +17,7 @@ RUN set -ex; \ sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \ sed -i "s|#\?MilterSocket inet:7357|MilterSocket inet:7357|g" /etc/clamav/clamav-milter.conf; \ sed -i "s|#\?ClamdSocket unix:/run/clamav/clamd.sock|ClamdSocket unix:/tmp/clamd.sock|g" /etc/clamav/clamav-milter.conf; \ + sed -i "s|#\?OnInfected Quarantine|OnInfected Reject|g" /etc/clamav/clamav-milter.conf; \ sed -i "s|#\?AddHeader Replace|AddHeader Add|g" /etc/clamav/clamav-milter.conf; \ sed -i "s|#\?Foreground yes|Foreground yes|g" /etc/clamav/clamav-milter.conf From f07b015a4170548d420b0903537f4ee72146bac7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 04:13:53 +0000 Subject: [PATCH 0670/1064] build(deps): bump redis in /Containers/redis Bumps redis from 7.2.11-alpine to 7.2.12-alpine. --- updated-dependencies: - dependency-name: redis dependency-version: 7.2.12-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/redis/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index 8cb0f973..a44295de 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile -FROM redis:7.2.11-alpine +FROM redis:7.2.12-alpine COPY --chmod=775 start.sh /start.sh From 1f6c30b93aa830dd609116b566c71e60a5c57a22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Nov 2025 04:14:11 +0000 Subject: [PATCH 0671/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.4.0 to v1.4.1. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.4.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index f90dfdee..90aa72f2 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.0 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1 USER root RUN set -ex; \ From 74933c6b83f1231c6439d766347a947ca9c5b322 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Nov 2025 13:42:05 +0100 Subject: [PATCH 0672/1064] update redis to v8.x Signed-off-by: Simon L. --- Containers/redis/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index a44295de..7cc1ff84 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest -# From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile -FROM redis:7.2.12-alpine +# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile +FROM redis:8.2.3-alpine COPY --chmod=775 start.sh /start.sh From abf0bbc43157748c8372b37d3bff0f43cb213921 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Nov 2025 13:44:33 +0100 Subject: [PATCH 0673/1064] dependabot: update redis also to new minor versions Signed-off-by: Simon L. --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0caaabfb..f79c4ce2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -55,6 +55,6 @@ updates: - dependency-name: "postgres" update-types: ["version-update:semver-major"] - dependency-name: "redis" - update-types: ["version-update:semver-major", "version-update:semver-minor"] + update-types: ["version-update:semver-major"] - dependency-name: "elasticsearch" update-types: ["version-update:semver-major"] From 0ee5ec00366434b22269a13216da364b18430f07 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Nov 2025 13:48:39 +0100 Subject: [PATCH 0674/1064] docker-image-prune: only remove image with `label=org.label-schema.vendor=Nextcloud` Signed-off-by: Simon L. --- Containers/mastercontainer/cron.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/cron.sh b/Containers/mastercontainer/cron.sh index fc8c4081..5829d8da 100644 --- a/Containers/mastercontainer/cron.sh +++ b/Containers/mastercontainer/cron.sh @@ -60,7 +60,7 @@ while true; do fi # Remove dangling images - sudo -u www-data docker image prune --force + sudo -u www-data docker image prune --filter "label=org.label-schema.vendor=Nextcloud" --force # Check for available free space sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php From f179e5adad0f66ebea3ec6eb5273507a8a21ceb1 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Nov 2025 13:57:22 +0100 Subject: [PATCH 0675/1064] app: update min and max versions Signed-off-by: Simon L. --- app/appinfo/info.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/appinfo/info.xml b/app/appinfo/info.xml index 8b911c10..832d3ccd 100644 --- a/app/appinfo/info.xml +++ b/app/appinfo/info.xml @@ -13,7 +13,7 @@ monitoring https://github.com/nextcloud/all-in-one/issues - + From b10c9b74bf182448bdc0320c7036e77ec3d362b4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Nov 2025 14:00:16 +0100 Subject: [PATCH 0676/1064] nextcloud: update to `32.0.1` Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 35bf5b20..0617db93 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=31.0.10 +ENV NEXTCLOUD_VERSION=32.0.1 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From d17ed75d6246a1d25b15bf859babb5fc361a9498 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 4 Nov 2025 14:02:37 +0100 Subject: [PATCH 0677/1064] aio-interface: hide upgrade notice Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 16a240dc..12b4d81b 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -36,7 +36,7 @@ {% set isBackupOrRestoreRunning = false %} {% set isApacheStarting = false %} {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #} - {% set newMajorVersionString = '25 Autumn' %} + {% set newMajorVersionString = '' %} {% if is_backup_container_running == true %} {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %} From 21fbb58c96b4cbc8315bfc4af07645b0bfec02b5 Mon Sep 17 00:00:00 2001 From: Lorenzo Moscati Date: Sat, 23 Aug 2025 01:30:20 +0200 Subject: [PATCH 0678/1064] Rewrite all AIO interface paths to be relative Signed-off-by: Lorenzo Moscati --- php/public/base_path.js | 3 + php/public/index.php | 6 +- .../Controller/ConfigurationController.php | 2 +- php/src/Controller/DockerController.php | 19 +++-- php/src/Controller/LoginController.php | 12 +-- php/src/Middleware/AuthMiddleware.php | 10 ++- php/templates/already-installed.twig | 6 +- php/templates/components/container-state.twig | 6 +- php/templates/containers.twig | 83 ++++++++++--------- .../includes/community-containers.twig | 2 +- .../includes/optional-containers.twig | 10 +-- php/templates/layout.twig | 4 +- php/templates/login.twig | 6 +- php/templates/setup.twig | 6 +- 14 files changed, 96 insertions(+), 79 deletions(-) create mode 100644 php/public/base_path.js diff --git a/php/public/base_path.js b/php/public/base_path.js new file mode 100644 index 00000000..67c1a4a7 --- /dev/null +++ b/php/public/base_path.js @@ -0,0 +1,3 @@ +document.addEventListener("DOMContentLoaded", function(event) { + document.getElementById("base_path") && (document.getElementById("base_path").value = window.location.pathname.slice(0, -11)); +}); \ No newline at end of file diff --git a/php/public/index.php b/php/public/index.php index aac83826..d3fbbeb9 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -178,17 +178,17 @@ $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $ $setup = $container->get(\AIO\Data\Setup::class); if($setup->CanBeInstalled()) { return $response - ->withHeader('Location', '/setup') + ->withHeader('Location', 'setup') ->withStatus(302); } if($authManager->IsAuthenticated()) { return $response - ->withHeader('Location', '/containers') + ->withHeader('Location', 'containers') ->withStatus(302); } else { return $response - ->withHeader('Location', '/login') + ->withHeader('Location', 'login') ->withStatus(302); } }); diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index ed3be505..5727c364 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -161,7 +161,7 @@ readonly class ConfigurationController { $this->configurationManager->DeleteBorgBackupLocationVars(); } - return $response->withStatus(201)->withHeader('Location', '/'); + return $response->withStatus(201)->withHeader('Location', '.'); } catch (InvalidSettingConfigurationException $ex) { $response->getBody()->write($ex->getMessage()); return $response->withStatus(422); diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 678bbdc9..dd6b1076 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -85,7 +85,7 @@ readonly class DockerController { public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response { $forceStopNextcloud = true; $this->startBackup($forceStopNextcloud); - return $response->withStatus(201)->withHeader('Location', '/'); + return $response->withStatus(201)->withHeader('Location', '.'); } public function startBackup(bool $forceStopNextcloud = false) : void { @@ -102,7 +102,7 @@ readonly class DockerController { public function StartBackupContainerCheck(Request $request, Response $response, array $args) : Response { $this->checkBackup(); - return $response->withStatus(201)->withHeader('Location', '/'); + return $response->withStatus(201)->withHeader('Location', '.'); } public function checkBackup() : void { @@ -132,7 +132,7 @@ readonly class DockerController { $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); - return $response->withStatus(201)->withHeader('Location', '/'); + return $response->withStatus(201)->withHeader('Location', '.'); } public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response { @@ -148,7 +148,7 @@ readonly class DockerController { $config['backup-mode'] = 'check'; $this->configurationManager->WriteConfig($config); - return $response->withStatus(201)->withHeader('Location', '/'); + return $response->withStatus(201)->withHeader('Location', '.'); } public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response { @@ -163,7 +163,7 @@ readonly class DockerController { $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); - return $response->withStatus(201)->withHeader('Location', '/'); + return $response->withStatus(201)->withHeader('Location', '.'); } public function StartContainer(Request $request, Response $response, array $args) : Response @@ -171,6 +171,7 @@ readonly class DockerController { $uri = $request->getUri(); $host = $uri->getHost(); $port = $uri->getPort(); + $path = $request->getParsedBody()['base_path']; if ($port === 8000) { error_log('The AIO_URL-port was discovered to be 8000 which is not expected. It is now set to 443.'); $port = 443; @@ -184,7 +185,7 @@ readonly class DockerController { $config = $this->configurationManager->GetConfig(); // set AIO_URL - $config['AIO_URL'] = $host . ':' . $port; + $config['AIO_URL'] = $host . ':' . $port . $path; // set wasStartButtonClicked $config['wasStartButtonClicked'] = 1; // set install_latest_major @@ -204,7 +205,7 @@ readonly class DockerController { // Temporarily disabled as it leads much faster to docker rate limits // apcu_clear_cache(); - return $response->withStatus(201)->withHeader('Location', '/'); + return $response->withStatus(201)->withHeader('Location', '.'); } public function startTopContainer(bool $pullImage) : void { @@ -223,7 +224,7 @@ readonly class DockerController { public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response { $this->startWatchtower(); - return $response->withStatus(201)->withHeader('Location', '/'); + return $response->withStatus(201)->withHeader('Location', '.'); } public function startWatchtower() : void { @@ -261,7 +262,7 @@ readonly class DockerController { $forceStopNextcloud = true; $this->PerformRecursiveContainerStop($id, $forceStopNextcloud); - return $response->withStatus(201)->withHeader('Location', '/'); + return $response->withStatus(201)->withHeader('Location', '.'); } public function stopTopContainer() : void { diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php index 196e7138..233a795e 100644 --- a/php/src/Controller/LoginController.php +++ b/php/src/Controller/LoginController.php @@ -19,33 +19,33 @@ readonly class LoginController { public function TryLogin(Request $request, Response $response, array $args) : Response { if (!$this->dockerActionManager->isLoginAllowed()) { $response->getBody()->write("The login is blocked since Nextcloud is running."); - return $response->withHeader('Location', '/')->withStatus(422); + return $response->withHeader('Location', '.')->withStatus(422); } $password = $request->getParsedBody()['password'] ?? ''; if($this->authManager->CheckCredentials($password)) { $this->authManager->SetAuthState(true); - return $response->withHeader('Location', '/')->withStatus(201); + return $response->withHeader('Location', '.')->withStatus(201); } $response->getBody()->write("The password is incorrect."); - return $response->withHeader('Location', '/')->withStatus(422); + return $response->withHeader('Location', '.')->withStatus(422); } public function GetTryLogin(Request $request, Response $response, array $args) : Response { $token = $request->getQueryParams()['token'] ?? ''; if($this->authManager->CheckToken($token)) { $this->authManager->SetAuthState(true); - return $response->withHeader('Location', '/')->withStatus(302); + return $response->withHeader('Location', '../..')->withStatus(302); } - return $response->withHeader('Location', '/')->withStatus(302); + return $response->withHeader('Location', '../..')->withStatus(302); } public function Logout(Request $request, Response $response, array $args) : Response { $this->authManager->SetAuthState(false); return $response - ->withHeader('Location', '/') + ->withHeader('Location', '.') ->withStatus(302); } } diff --git a/php/src/Middleware/AuthMiddleware.php b/php/src/Middleware/AuthMiddleware.php index f8d44857..a54f47a6 100644 --- a/php/src/Middleware/AuthMiddleware.php +++ b/php/src/Middleware/AuthMiddleware.php @@ -27,7 +27,15 @@ readonly class AuthMiddleware { if(!in_array($request->getUri()->getPath(), $publicRoutes)) { if(!$this->authManager->IsAuthenticated()) { $status = 302; - $headers = ['Location' => '/']; + if(count(explode('/', $request->getUri()->getPath())) > 2) { + $location = '..'; + for($i = 0; $i < count(explode('/', $request->getUri()->getPath())) - 3; $i++) { + $location = $location . '/..'; + } + } else { + $location = '.'; + } + $headers = ['Location' => $location]; $response = new Response($status, $headers); return $response; } diff --git a/php/templates/already-installed.twig b/php/templates/already-installed.twig index fa18f988..e16e6792 100644 --- a/php/templates/already-installed.twig +++ b/php/templates/already-installed.twig @@ -3,11 +3,11 @@ {% block body %} {% endblock %} diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig index 4cf5dd4e..8375d033 100644 --- a/php/templates/components/container-state.twig +++ b/php/templates/components/container-state.twig @@ -4,15 +4,15 @@ {% if c.GetStartingState().value == 'starting' %} {{ c.GetDisplayName() }} - (Starting) + (Starting) {% elseif c.GetRunningState().value == 'running' %} {{ c.GetDisplayName() }} - (Running) + (Running) {% else %} {{ c.GetDisplayName() }} - (Stopped) + (Stopped) {% endif %} {% if c.GetDocumentation() != '' %} (docs) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 12b4d81b..1e795149 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -6,9 +6,9 @@
    -
    + @@ -63,11 +63,11 @@ {% endfor %} {% if is_daily_backup_running == true %} -

    Daily backup currently running. (Mastercontainer logs) (Borg backup container logs)

    +

    Daily backup currently running. (Mastercontainer logs) (Borg backup container logs)

    {% if automatic_updates == true %}

    This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.

    {% if is_mastercontainer_update_available == true %} -

    When the mastercontainer is updated it will restart, making it unavailable for a moment. (Logs)

    +

    When the mastercontainer is updated it will restart, making it unavailable for a moment. (Logs)

    {% endif %} {% endif %} {% if has_update_available == false %} @@ -78,7 +78,7 @@

    Reload ↻

    If the daily backup is stuck somehow, you can unstick it by running sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running and afterwards reloading this interface.

    {% elseif isWatchtowerRunning == true %} -

    Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (Logs)

    +

    Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (Logs)

    Reload ↻

    {% else %} {% if is_backup_container_running == false and domain == "" %} @@ -88,7 +88,7 @@ {% elseif is_mastercontainer_update_available == true %}

    Mastercontainer update

    ⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.

    - + @@ -108,7 +108,7 @@ {% if skip_domain_validation == true %}

    Please note: The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!

    {% endif %} - + @@ -137,7 +137,7 @@ {% if hasBackupLocation %} {% if borg_backup_mode in ['test', 'check'] %} {% if backup_exit_code > 0 %} -

    Last {{ borg_backup_mode }} failed! (Logs)

    +

    Last {{ borg_backup_mode }} failed! (Logs)

    {% if borg_backup_mode == 'test' %}

    Please adjust the path and/or the encryption password in order to make it work!

    {% elseif borg_backup_mode == 'check' %} @@ -145,7 +145,7 @@
    Reveal repair option

    Below is the option to repair the integrity of your backup. Please note: Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)

    - + @@ -153,10 +153,10 @@
    {% endif %} {% elseif backup_exit_code == 0 %} -

    Last {{ borg_backup_mode }} successful! (Logs)

    +

    Last {{ borg_backup_mode }} successful! (Logs)

    {% if borg_backup_mode == 'test' %}

    Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.

    - + @@ -164,7 +164,7 @@ {% endif %}

    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!

    Important: If the backup that you want to restore contained any community container, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.

    - +


    @@ -210,7 +210,7 @@ {% endif %} {% else %}

    Everything set! Click on the button below to test the path and encryption password:

    - + @@ -223,14 +223,14 @@ {% if was_start_button_clicked == true %} {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %} -

    You are running the {{ current_channel }} channel. (Logs)

    +

    You are running the {{ current_channel }} channel. (Logs)

    {% else %}

    No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.

    {% endif %} {% endif %} {% if is_backup_container_running == true %} -

    Backup container is currently running: {{ borg_backup_mode }} (Logs)

    +

    Backup container is currently running: {{ borg_backup_mode }} (Logs)

    Reload ↻

    {% endif %} @@ -259,7 +259,7 @@ {% else %}

    It seems at least one container was not able to start correctly and is currently restarting.

    To break this endless loop, you can stop the containers below and investigate the issue in the container logs before starting the containers again.

    - + @@ -312,7 +312,7 @@

    You can find all changes here

    {% endif %} {% endif %} - + @@ -327,31 +327,34 @@ {% endif %} {% if is_mastercontainer_update_available == true %}

    ⚠️ A mastercontainer update is available. Please click on the button below to update it.

    - +
    {% else %} {% if was_start_button_clicked == false %} -
    + + {% if newMajorVersionString != '' %}
    {% endif %}
    {% elseif has_update_available == false %} -
    + +
    {% else %} -
    + + {% if bypass_container_update == true %} {% endif %} @@ -376,7 +379,7 @@ remote borg repo url and submit it. You will be provided with an SSH public key for authorization at the remote afterwards.

    - +

    @@ -393,13 +396,13 @@ {% if is_backup_container_running == false %}

    Backup and restore

    {% if backup_exit_code > 0 %} -

    Last {{ borg_backup_mode }} failed! (Logs)

    +

    Last {{ borg_backup_mode }} failed! (Logs)

    {% if borg_backup_mode == "check" %}

    The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following this documentation

    Reveal repair option

    Below is the option to repair the integrity of your backup. Please note: Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)

    - + @@ -417,7 +420,7 @@ {% endif %}

    You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on Create Backup to test the new value.

    - +

    @@ -427,9 +430,9 @@ {% endif %} {% elseif backup_exit_code == 0 %} {% if borg_backup_mode == "backup" %} -

    Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (Logs)

    +

    Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (Logs)

    {% else %} -

    Last {{ borg_backup_mode }} successful! (Logs)

    +

    Last {{ borg_backup_mode }} successful! (Logs)

    {% endif %} {% endif %} {% endif %} @@ -464,7 +467,7 @@ {% if isApacheStarting != true %}

    Backup creation

    Clicking on the button below will create a backup.

    - + @@ -479,7 +482,7 @@ {% endif %} is wrong, you can reset it by clicking on the button below.

    - + @@ -493,7 +496,7 @@

    Backup check

    Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.

    - + @@ -501,7 +504,7 @@

    Backup restore

    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the chosen backup so you should consider creating a backup first. You can run an integrity check before restoring your files but this shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync, which only transfers changed files, is used to restore the chosen backup.

    - + @@ -529,7 +532,7 @@ Also your containers, the mastercontainer and, on Saturdays, your Nextcloud apps will be automatically updated. {% endif %}

    To change your backup time first disable Daily Backups, then enter your new backup time, and then re-enable them.

    - + @@ -539,7 +542,7 @@

    Back up additional directories and docker volumes of your host

    Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive. Make sure to press the submit button after changing anything.

    - + @@ -566,7 +569,7 @@
    Click here to change your AIO passphrase

    You can change your AIO passphrase below:

    - + @@ -592,7 +595,7 @@ {% if timezone == "" %}

    To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.

    You can configure the timezone for Nextcloud below (Do not forget to submit the value!):

    - + @@ -601,7 +604,7 @@

    You need to make sure that the timezone that you enter is valid. An example is Europe/Berlin. You can get valid values by looking at the 'TZ identifier' column of this list: click here. The default is Etc/UTC if nothing is entered.

    {% else %}

    The timezone for Nextcloud is currently set to {{ timezone }}. You can change the timezone by clicking on the button below.

    - + @@ -620,6 +623,8 @@ {% endif %} + +
    {% endblock %} diff --git a/php/templates/includes/community-containers.twig b/php/templates/includes/community-containers.twig index f74e3756..66cceb2b 100644 --- a/php/templates/includes/community-containers.twig +++ b/php/templates/includes/community-containers.twig @@ -8,7 +8,7 @@ {% endif %}
    Show/Hide available Community Containers - + diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 6bea68db..b4764592 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -5,7 +5,7 @@ {% else %}

    Please note: Make sure to save your changes by clicking Save changes below the list of optional containers. The changes will not be auto-saved.

    {% endif %} - + @@ -160,7 +160,7 @@ {% if collabora_dictionaries == "" %}

    In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:

    - + @@ -169,7 +169,7 @@

    You need to make sure that the dictionaries that you enter are valid. An example is de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru.

    {% else %}

    The dictionaries for Collabora are currently set to {{ collabora_dictionaries }}. You can reset them again by clicking on the button below.

    - + @@ -182,7 +182,7 @@ {% if collabora_additional_options == "" %}

    You can configure additional options for collabora below.

    (This can be used for configuring the net.content_security_policy and more. Make sure to submit the value!)

    - + @@ -191,7 +191,7 @@

    You need to make sure that the options that you enter are valid. An example is --o:net.content_security_policy=frame-ancestors *.example.com:*;.

    {% else %}

    The additioinal options for Collabora are currently set to {{ collabora_additional_options }}. You can reset them again by clicking on the button below.

    - + diff --git a/php/templates/layout.twig b/php/templates/layout.twig index e20ca3e0..4d842e3d 100644 --- a/php/templates/layout.twig +++ b/php/templates/layout.twig @@ -1,8 +1,8 @@ AIO - - + + diff --git a/php/templates/login.twig b/php/templates/login.twig index cf5cc0c3..1c5420c2 100644 --- a/php/templates/login.twig +++ b/php/templates/login.twig @@ -3,14 +3,14 @@ {% block body %}
    From 01ad594ec56f8fbc2b5b3b026dfd0b5dc4da4ed2 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 24 Nov 2025 18:28:35 +0100 Subject: [PATCH 0770/1064] aio-interface: add button to update the backup list Signed-off-by: Simon L. --- Containers/borgbackup/backupscript.sh | 9 +++++++++ Containers/borgbackup/start.sh | 4 ++-- community-containers/borgbackup-viewer/readme.md | 2 +- php/public/index.php | 1 + php/src/Controller/DockerController.php | 14 ++++++++++++++ php/templates/containers.twig | 11 +++++++++++ readme.md | 2 +- 7 files changed, 39 insertions(+), 4 deletions(-) diff --git a/Containers/borgbackup/backupscript.sh b/Containers/borgbackup/backupscript.sh index 50815f38..b7b96147 100644 --- a/Containers/borgbackup/backupscript.sh +++ b/Containers/borgbackup/backupscript.sh @@ -612,3 +612,12 @@ if [ "$BORG_MODE" = test ]; then fi fi fi + +if [ "$BORG_MODE" = list ]; then + echo "Updating backup list..." + if ! borg info > /dev/null; then + echo "Could not update the backup list." + exit 1 + fi + # The update gets done automatically in the wrapper start.sh script. +fi diff --git a/Containers/borgbackup/start.sh b/Containers/borgbackup/start.sh index 9da0d840..bb7a8a6a 100644 --- a/Containers/borgbackup/start.sh +++ b/Containers/borgbackup/start.sh @@ -32,8 +32,8 @@ else fi # Validate BORG_MODE -if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then - echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'." +if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != "test" ] && [ "$BORG_MODE" != "list" ]; then + echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore', 'test' and 'list'." exit 1 fi diff --git a/community-containers/borgbackup-viewer/readme.md b/community-containers/borgbackup-viewer/readme.md index dc3d5806..ddd11be7 100644 --- a/community-containers/borgbackup-viewer/readme.md +++ b/community-containers/borgbackup-viewer/readme.md @@ -5,7 +5,7 @@ This container allows to view the local borg repository in a web session. It als - After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). - Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance! - After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly. -- You can also delete specific archives by running `borg list`, delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button. +- You can also delete specific archives by running `borg list`, delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Update backup list` button in the `Update backup list` section inside the `Backup and restore` section. - ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack diff --git a/php/public/index.php b/php/public/index.php index f2880ca7..46967c72 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -60,6 +60,7 @@ $app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class . $app->post('/api/docker/start', AIO\Controller\DockerController::class . ':StartContainer'); $app->post('/api/docker/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup'); $app->post('/api/docker/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck'); +$app->post('/api/docker/backup-list', AIO\Controller\DockerController::class . ':StartBackupContainerList'); $app->post('/api/docker/backup-check-repair', AIO\Controller\DockerController::class . ':StartBackupContainerCheckRepair'); $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest'); $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore'); diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 8473ed57..6626e3e4 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -105,6 +105,11 @@ readonly class DockerController { return $response->withStatus(201)->withHeader('Location', '.'); } + public function StartBackupContainerList(Request $request, Response $response, array $args) : Response { + $this->listBackup(); + return $response->withStatus(201)->withHeader('Location', '.'); + } + public function checkBackup() : void { $config = $this->configurationManager->GetConfig(); $config['backup-mode'] = 'check'; @@ -114,6 +119,15 @@ readonly class DockerController { $this->PerformRecursiveContainerStart($id); } + private function listBackup() : void { + $config = $this->configurationManager->GetConfig(); + $config['backup-mode'] = 'list'; + $this->configurationManager->WriteConfig($config); + + $id = 'nextcloud-aio-borgbackup'; + $this->PerformRecursiveContainerStart($id); + } + public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response { $config = $this->configurationManager->GetConfig(); $config['backup-mode'] = 'restore'; diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 39a2de48..a27fdaee 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -518,6 +518,17 @@ +

    Update backup list

    +
    + Click here to reveal this option +

    If you use an external snapshot tool to restore the server that runs AIO, you might run into a problem that the above listed available backups are not up-to-date to restore your server from. You can click the button below to update this list.

    +
    + + + +
    +
    +

    Daily backup and automatic updates

    {% if daily_backup_time == "" %}

    By entering a time below and submitting it, you can enable daily backups. It will create them at the entered time in 24h format. E.g. 04:00 will create backups at 4 am UTC and 16:00 at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.

    diff --git a/readme.md b/readme.md index 0ae3d618..f22c7df3 100644 --- a/readme.md +++ b/readme.md @@ -970,7 +970,7 @@ sudo borg compact ``` After doing so, make sure to update the backup archives list in the AIO interface!
    -You can do so by clicking on the `Check backup integrity` button or `Create backup` button. +You can do so by clicking on the `Update backup list` button in the `Update backup list` section inside the `Backup and restore` section. --- From 271c4b21cc38d1e408909c8095bccfe915d4c727 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 24 Nov 2025 19:16:58 +0100 Subject: [PATCH 0771/1064] docs: standardize links by removing `?tab=readme-ov-file` Signed-off-by: Simon L. --- community-containers/makemkv/readme.md | 2 +- compose.yaml | 2 +- reverse-proxy.md | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/community-containers/makemkv/readme.md b/community-containers/makemkv/readme.md index ed9ce040..e78510ee 100644 --- a/community-containers/makemkv/readme.md +++ b/community-containers/makemkv/readme.md @@ -5,7 +5,7 @@ This container bundles MakeMKV and auto-configures it for you. - This container should only be run in home networks - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being. - This container only works on Linux and not on Docker-Desktop. -- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly.. +- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly.. - After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). - After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it) - The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container. diff --git a/compose.yaml b/compose.yaml index 13170c7e..e8966f4c 100644 --- a/compose.yaml +++ b/compose.yaml @@ -35,7 +35,7 @@ services: # NEXTCLOUD_ENABLE_DRI_DEVICE: true # This allows to enable the /dev/dri device for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't set this to true as otherwise the Nextcloud container will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud. # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps - # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-skip-the-domain-validation + # SKIP_DOMAIN_VALIDATION: false # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock' diff --git a/reverse-proxy.md b/reverse-proxy.md index 52c830e0..546b8b78 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -36,7 +36,7 @@ Requirements: - A public IP address that is reachable from the Internet (it does **not** need to be static, but it must not be behind carrier-grade NAT, which some ISPs use to share IP addresses among multiple customers). - Port `443/tcp` on that IP must be available for AIO's exclusive use, and it must be opened/forwarded on your internet-facing firewall/router to the AIO host.[^talkPort] -**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further. Follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this).** +**If AIO's integrated HTTPS support and internal reverse proxy meet your requirements, you do not need to proceed further. Follow the [standard Nextcloud AIO instructions](https://github.com/nextcloud/all-in-one#how-to-use-this).** ### External: Using AIO with an external reverse proxy (e.g., *Caddy, Nginx, Cloudflare Proxy*) @@ -95,7 +95,7 @@ To make your Nextcloud AIO instance accessible from the public Internet (not jus | **Tailscale Funnel** | Public Internet | None | Public access through Tailscale | > [!TIP] -> Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main?tab=readme-ov-file#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud. +> Because of how [Cloudflare's Tunnel/Proxy operate](https://github.com/nextcloud/all-in-one/tree/main#notes-on-cloudflare-proxytunnel), we recommend using Tailscale with Nextcloud when possible. Tailscale typically offers better performance and fewer trade-offs/limitations for Nextcloud. > > **For private/personal use**: [Tailscale Serve](https://tailscale.com/kb/1312/serve) is ideal - it keeps your Nextcloud completely private to your tailnet. > @@ -1120,7 +1120,7 @@ sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:syst #### Collabora WOPI allow list If your reverse proxy connects to Nextcloud with an IP address that is different from the one for your domain* and you are using the Collabora server then you must also add the IP to the WOPI request allow list via `Administration Settings > Administration > Office > Allow list for WOPI requests`. -*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.) +*: For example, the reverse proxy has a public globally routable IP and connects to your AIO instance via Tailscale with an IP in the `100.64.0.0/10` range, or you are using a Cloudflare tunnel ([cloudflare notes](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel): You must add all [Cloudflare IP-Ranges](https://www.cloudflare.com/ips/) to the WOPI allowlist.) #### External reverse proxies connecting via VPN (e.g. Tailscale) @@ -1174,7 +1174,7 @@ If you, at some point, want to remove the reverse proxy, here are some general s sudo docker rm nextcloud-aio-mastercontainer ``` 3. Remove the software and configuration file that you used for the reverse proxy (see section 1). -4. Restart the mastercontainer with the [docker run command from the main readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) but add the two options: +4. Restart the mastercontainer with the [docker run command from the main readme](https://github.com/nextcloud/all-in-one#how-to-use-this) but add the two options: ``` --env APACHE_IP_BINDING=0.0.0.0 \ --env APACHE_PORT=443 \ From 1fff416829cf2f139c0b7203d6a3bdfe3a52b692 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Nov 2025 04:15:21 +0000 Subject: [PATCH 0772/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.0.2-cli to 29.0.4-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.0.4-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index dae14ea5..65dc31e6 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.0.2-cli AS docker +FROM docker:29.0.4-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From 1d6a1ffb17c83c24e360c0873e00bc19697334c2 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 25 Nov 2025 13:23:22 +0100 Subject: [PATCH 0773/1064] add notifications community container Signed-off-by: Simon L. --- .../notifications/notifications.json | 23 +++++++++++++++++++ community-containers/notifications/readme.md | 12 ++++++++++ community-containers/scrutiny/readme.md | 2 +- community-containers/scrutiny/scrutiny.json | 2 +- 4 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 community-containers/notifications/notifications.json create mode 100644 community-containers/notifications/readme.md diff --git a/community-containers/notifications/notifications.json b/community-containers/notifications/notifications.json new file mode 100644 index 00000000..5d886ec9 --- /dev/null +++ b/community-containers/notifications/notifications.json @@ -0,0 +1,23 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-notifications", + "display_name": "Notifications", + "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/notifications", + "image": "ghcr.io/szaimen/aio-notifications", + "image_tag": "v1", + "internal_port": "10000", + "restart": "unless-stopped", + "volumes": [ + { + "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%", + "destination": "/var/run/docker.sock", + "writeable": false + } + ], + "environment": [ + "TZ=%TIMEZONE%" + ] + } + ] +} diff --git a/community-containers/notifications/readme.md b/community-containers/notifications/readme.md new file mode 100644 index 00000000..78ec49b6 --- /dev/null +++ b/community-containers/notifications/readme.md @@ -0,0 +1,12 @@ +## Notifications +This container allows other AIO community containers to send admin notifications to Nextcloud users. + +### Notes +- It needs to be enabled for the [scrutiny container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny) for example to make use of admin notifications that are sent if a smartctl failure was found. +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack + +### Repository +https://github.com/szaimen/aio-notifications + +### Maintainer +https://github.com/szaimen diff --git a/community-containers/scrutiny/readme.md b/community-containers/scrutiny/readme.md index dc972d44..3bb728f7 100644 --- a/community-containers/scrutiny/readme.md +++ b/community-containers/scrutiny/readme.md @@ -6,7 +6,7 @@ This container bundles Scrutiny which is a frontend for SMART stats and auto-con - ⚠️ This container mounts all devices from the host inside the container in order to be able to access the drives and smartctl stats which is a security issue. However no better solution was found for the time being. - This container only works on Linux and not on Docker-Desktop. - After adding and starting the container, you need to visit `http://internal.ip.of.server:8000` which will show the dashboard for your drives. -- It currently does not support sending notifications as no good solution was found yet that makes this possible. See https://github.com/szaimen/aio-scrutiny/issues/3 +- It supports sending notifications in case of a smartctl failure if you enable the notifications community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/notifications - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository diff --git a/community-containers/scrutiny/scrutiny.json b/community-containers/scrutiny/scrutiny.json index 4b368291..b367e497 100644 --- a/community-containers/scrutiny/scrutiny.json +++ b/community-containers/scrutiny/scrutiny.json @@ -5,7 +5,7 @@ "display_name": "Scrutiny", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny", "image": "ghcr.io/szaimen/aio-scrutiny", - "image_tag": "v1", + "image_tag": "v2", "internal_port": "8000", "init": false, "restart": "unless-stopped", From f3fbfae5353015ca392cbc1662cc874b40b058a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Nov 2025 04:15:59 +0000 Subject: [PATCH 0774/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.4.1 to v1.4.2. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.4.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index cce2ed85..fe5d89f7 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.1 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.2 USER root RUN set -ex; \ From 6a8d8d4479809364281fb5428ea26e3599df06a4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Nov 2025 10:30:41 +0100 Subject: [PATCH 0775/1064] add some notice regarding how to switch the channel Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 0ae3d618..e6cd4526 100644 --- a/readme.md +++ b/readme.md @@ -641,7 +641,7 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management ### How to switch the channel? -You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. +You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image. ### How to update the containers? If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. From 50312bd2d9712a08479ee3ec866118d5cf67a89f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Nov 2025 10:53:29 +0100 Subject: [PATCH 0776/1064] fix typo Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index e6cd4526..c53f4d28 100644 --- a/readme.md +++ b/readme.md @@ -641,7 +641,7 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management ### How to switch the channel? -You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image. +You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurrences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image. ### How to update the containers? If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. From 10b61a5edea92eab87a4c7de1ca37172c0edd9a4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 24 Nov 2025 19:28:53 +0100 Subject: [PATCH 0777/1064] add `"com.docker.compose.project" => "nextcloud-aio"` to all containers Signed-off-by: Simon L. --- Containers/mastercontainer/Dockerfile | 4 +++- compose.yaml | 1 + php/src/Docker/DockerActionManager.php | 3 ++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index dae14ea5..a240fd4d 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -125,7 +125,9 @@ RUN set -ex; \ mkdir /var/log/supervisord; \ mkdir /var/run/supervisord; -LABEL org.label-schema.vendor="Nextcloud" +# hadolint ignore=DL3048 +LABEL org.label-schema.vendor="Nextcloud" \ + com.docker.compose.project="nextcloud-aio" # hadolint ignore=DL3002 USER root diff --git a/compose.yaml b/compose.yaml index e8966f4c..c18d92d3 100644 --- a/compose.yaml +++ b/compose.yaml @@ -1,3 +1,4 @@ +name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically. services: nextcloud-aio-mastercontainer: image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index a6f5d223..e22ab7f6 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -433,7 +433,8 @@ readonly class DockerActionManager { // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature. // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels - $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud"]; + // Additionally set a default org.label-schema.vendor and com.docker.compose.project + $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"]; // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589 $requestBody['Hostname'] = $container->GetIdentifier(); From a48a1d66be90d29d67a98278096f2845d6b1641b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 24 Nov 2025 23:21:50 +0100 Subject: [PATCH 0778/1064] update aio-caddy to v4 and add option for proxy protocol Signed-off-by: Simon L. --- community-containers/caddy/caddy.json | 3 ++- community-containers/caddy/readme.md | 1 + php/src/Docker/DockerActionManager.php | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json index f6143fbc..e27df683 100644 --- a/community-containers/caddy/caddy.json +++ b/community-containers/caddy/caddy.json @@ -5,7 +5,7 @@ "display_name": "Caddy with geoblocking", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy", "image": "ghcr.io/szaimen/aio-caddy", - "image_tag": "v3", + "image_tag": "v4", "internal_port": "443", "restart": "unless-stopped", "ports": [ @@ -19,6 +19,7 @@ "TZ=%TIMEZONE%", "NC_DOMAIN=%NC_DOMAIN%", "APACHE_PORT=%APACHE_PORT%", + "APACHE_IP_BINDING=%APACHE_IP_BINDING%", "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%" ], "volumes": [ diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 99bf133e..209b9c4a 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -6,6 +6,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active. - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files. +- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variables for the mastercontainer and set it to an ip-address under which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation). - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart. - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin. diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index a6f5d223..d19fd050 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -550,6 +550,7 @@ readonly class DockerActionManager { 'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(), 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(), 'APACHE_PORT' => $this->configurationManager->GetApachePort(), + 'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(), 'TALK_PORT' => $this->configurationManager->GetTalkPort(), 'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(), 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), From 4b782649fdcca71827782269cac81336086ea316 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 26 Nov 2025 12:03:58 +0000 Subject: [PATCH 0779/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 83bc1ef1..12545ac3 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -160,7 +160,6 @@ services: - TALK_PORT - IMAGINARY_ENABLED - IMAGINARY_HOST=nextcloud-aio-imaginary - - CLAMAV_MAX_SIZE=${APACHE_MAX_SIZE} - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT} - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT} - FULLTEXTSEARCH_ENABLED @@ -256,7 +255,7 @@ services: - "9980" environment: - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973 - - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ + - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - dictionaries=${COLLABORA_DICTIONARIES} - TZ=${TIMEZONE} - server_name=${NC_DOMAIN} From 256a259ae6f048f6034cd176374e9a8c645c70ef Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Nov 2025 12:41:00 +0100 Subject: [PATCH 0780/1064] update private ip-ranges Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 2 +- reverse-proxy.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 09d7d15c..0c03a973 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -741,7 +741,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then echo "No IPv6 address found for $COLLABORA_HOST." fi if [ -n "$COLLABORA_ALLOW_LIST" ]; then - PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1' + PRIVATE_IP_RANGES='127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,100.64.0.0/10,fd00::/8,::1/128' if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES" fi diff --git a/reverse-proxy.md b/reverse-proxy.md index 546b8b78..e0497c84 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -1108,7 +1108,7 @@ Enter your domain in the AIO interface that you've used in the reverse proxy con ### 5. Optional: Configure AIO for reverse proxies that connect to nextcloud using an ip-address and not localhost nor 127.0.0.1 If your reverse proxy connects to nextcloud using an ip-address and not localhost or 127.0.0.1* you must make the following configuration changes -*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1` +*: The IP address it uses to connect to AIO is not in a private IP range such as these: `127.0.0.0/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,100.64.0.0/10,fd00::/8,::1/128` #### Nextcloud trusted proxies Add the IP it uses connect to AIO to the Nextcloud trusted_proxies like this: From b2c24c92e307441e945a657c88689ac0b0e9a16c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Nov 2025 12:18:44 +0000 Subject: [PATCH 0781/1064] build(deps): bump shivammathur/setup-php in /.github/workflows Bumps [shivammathur/setup-php](https://github.com/shivammathur/setup-php) from 2.35.5 to 2.36.0. - [Release notes](https://github.com/shivammathur/setup-php/releases) - [Commits](https://github.com/shivammathur/setup-php/compare/bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f...7bf05c6b704e0b9bfee22300130a31b5ea68d593) --- updated-dependencies: - dependency-name: shivammathur/setup-php dependency-version: 2.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 53707dec..5eefc5e1 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6.0.0 - - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 + - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index bf449e1f..9c74167a 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -41,7 +41,7 @@ jobs: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0 with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index 22ed9854..ac6aa187 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -18,7 +18,7 @@ jobs: steps: - uses: actions/checkout@v6.0.0 - name: Set up php - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 49753535..91d41dfc 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v6.0.0 - name: Set up php - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 21ecf1e6..8f7da955 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: Set up php - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0 with: php-version: 8.4 extensions: apcu diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index d8730987..1c453505 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v6.0.0 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 extensions: apcu From 4a8288a527f329cdf5e42141f3f913f64ac9c6bd Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 26 Nov 2025 20:44:09 +0100 Subject: [PATCH 0782/1064] fulltextsearch: disable memory locking Signed-off-by: Simon L. --- php/containers.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/containers.json b/php/containers.json index 0a48b3ea..8afb68e9 100644 --- a/php/containers.json +++ b/php/containers.json @@ -794,7 +794,7 @@ "environment": [ "TZ=%TIMEZONE%", "ES_JAVA_OPTS=%FULLTEXTSEARCH_JAVA_OPTIONS%", - "bootstrap.memory_lock=true", + "bootstrap.memory_lock=false", "cluster.name=nextcloud-aio", "discovery.type=single-node", "logger.level=WARN", From f080ed771d16e3bd196685d824a59ca36eb35b6c Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 28 Nov 2025 08:52:51 +0000 Subject: [PATCH 0783/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 8 ++++++-- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 6 ++---- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 24 insertions(+), 22 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 0b10dd4d..7d6a0c55 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 11.11.0 +version: 12.1.4 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 3388c1d7..e6273a8b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-apache:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 35b30e41..662d68a0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-clamav:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 449a24fc..e91cfe56 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -32,10 +32,14 @@ spec: - name: dictionaries value: "{{ .Values.COLLABORA_DICTIONARIES }}" - name: extra_params - value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ + value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" - image: ghcr.io/nextcloud-releases/aio-collabora:20251031_122139 + {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }} + image: ghcr.io/nextcloud-releases/aio-collabora-online:20251128_084214 + {{- else }} + image: ghcr.io/nextcloud-releases/aio-collabora:20251128_084214 + {{- end }} readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 6f08b4a6..d65dfa78 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-postgresql:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 49dc3d34..a3877029 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 4956ed71..c8ae83d9 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-imaginary:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 49f2bd53..2a925878 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 command: - chmod - "777" @@ -100,8 +100,6 @@ spec: value: "{{ .Values.CLAMAV_ENABLED }}" - name: CLAMAV_HOST value: nextcloud-aio-clamav - - name: CLAMAV_MAX_SIZE - value: "{{ .Values.APACHE_MAX_SIZE }}" - name: COLLABORA_ENABLED value: "{{ .Values.COLLABORA_ENABLED }}" - name: COLLABORA_HOST @@ -188,7 +186,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20251128_084214 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index b93283e7..5f16388a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-notify-push:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index c30f6a0e..4e64f6c5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 2d5da82d..18ceee18 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-redis:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index b6f2e489..81f616fa 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-talk:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index e0902a0f..0319cce8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20251128_084214 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 28c05cab..35f29df7 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20251031_122139 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20251128_084214 readinessProbe: exec: command: From 6b3af009e252b37a13ebf2e2adca252b09159d30 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Nov 2025 12:17:11 +0100 Subject: [PATCH 0784/1064] nextcloud: allow to configure mysql root cert Signed-off-by: Simon L. --- Containers/nextcloud/config/postgres.config.php | 8 ++++++++ Containers/nextcloud/entrypoint.sh | 4 ++++ Containers/notify-push/start.sh | 7 +++++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php index 38f980fe..acde7b82 100644 --- a/Containers/nextcloud/config/postgres.config.php +++ b/Containers/nextcloud/config/postgres.config.php @@ -7,3 +7,11 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) { ), ); } +if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) { + $CONFIG = array( + 'dbdriveroptions' => array( + 'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/MYSQL', + ), + ); +} + diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 09d7d15c..c0dfd803 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -283,6 +283,10 @@ EOF if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then mkdir /var/www/html/data/certificates echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES" + # Write out mysql root cert + elif [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" ]; then + mkdir /var/www/html/data/certificates + echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" > "/var/www/html/data/certificates/MYSQL" fi echo "Installing with $DATABASE_TYPE database" diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index 859c6309..9277bdaa 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -68,11 +68,14 @@ fi # Postgres root cert if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then - POSTGRES_CERT="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES" + CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES" +# Mysql root cert +elif [ -f "/nextcloud/data/certificates/MYSQL" ]; then + CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/MYSQL" fi # Set sensitive values as env -export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$POSTGRES_CERT" +export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$CERT_OPTIONS" export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX" # Run it From 38838be0b19334e73274a8b8165dcaaefdd4eb7d Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 28 Nov 2025 12:03:24 +0000 Subject: [PATCH 0785/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 97 ++++++++++++++++++++++++----------------------- 1 file changed, 49 insertions(+), 48 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 6a33558f..fa856220 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -391,16 +391,16 @@ }, { "name": "laravel/serializable-closure", - "version": "v2.0.6", + "version": "v2.0.7", "source": { "type": "git", "url": "https://github.com/laravel/serializable-closure.git", - "reference": "038ce42edee619599a1debb7e81d7b3759492819" + "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/038ce42edee619599a1debb7e81d7b3759492819", - "reference": "038ce42edee619599a1debb7e81d7b3759492819", + "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/cb291e4c998ac50637c7eeb58189c14f5de5b9dd", + "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd", "shasum": "" }, "require": { @@ -409,7 +409,7 @@ "require-dev": { "illuminate/support": "^10.0|^11.0|^12.0", "nesbot/carbon": "^2.67|^3.0", - "pestphp/pest": "^2.36|^3.0", + "pestphp/pest": "^2.36|^3.0|^4.0", "phpstan/phpstan": "^2.0", "symfony/var-dumper": "^6.2.0|^7.0.0" }, @@ -448,7 +448,7 @@ "issues": "https://github.com/laravel/serializable-closure/issues", "source": "https://github.com/laravel/serializable-closure" }, - "time": "2025-10-09T13:42:30+00:00" + "time": "2025-11-21T20:52:36+00:00" }, { "name": "nikic/fast-route", @@ -3455,16 +3455,16 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "5.6.4", + "version": "5.6.5", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2" + "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90a04bcbf03784066f16038e87e23a0a83cee3c2", - "reference": "90a04bcbf03784066f16038e87e23a0a83cee3c2", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90614c73d3800e187615e2dd236ad0e2a01bf761", + "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761", "shasum": "" }, "require": { @@ -3513,22 +3513,22 @@ "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "support": { "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues", - "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.4" + "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.5" }, - "time": "2025-11-17T21:13:10+00:00" + "time": "2025-11-27T19:50:05+00:00" }, { "name": "phpdocumentor/type-resolver", - "version": "1.11.1", + "version": "1.12.0", "source": { "type": "git", "url": "https://github.com/phpDocumentor/TypeResolver.git", - "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba" + "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/f626740b38009078de0dc8b2b9dc4e7f749c6eba", - "reference": "f626740b38009078de0dc8b2b9dc4e7f749c6eba", + "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/92a98ada2b93d9b201a613cb5a33584dde25f195", + "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195", "shasum": "" }, "require": { @@ -3571,9 +3571,9 @@ "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names", "support": { "issues": "https://github.com/phpDocumentor/TypeResolver/issues", - "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.11.1" + "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.12.0" }, - "time": "2025-11-21T11:31:57+00:00" + "time": "2025-11-21T15:09:14+00:00" }, { "name": "phpstan/phpdoc-parser", @@ -3624,16 +3624,16 @@ }, { "name": "revolt/event-loop", - "version": "v1.0.7", + "version": "v1.0.8", "source": { "type": "git", "url": "https://github.com/revoltphp/event-loop.git", - "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3" + "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/09bf1bf7f7f574453efe43044b06fafe12216eb3", - "reference": "09bf1bf7f7f574453efe43044b06fafe12216eb3", + "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/b6fc06dce8e9b523c9946138fa5e62181934f91c", + "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c", "shasum": "" }, "require": { @@ -3690,9 +3690,9 @@ ], "support": { "issues": "https://github.com/revoltphp/event-loop/issues", - "source": "https://github.com/revoltphp/event-loop/tree/v1.0.7" + "source": "https://github.com/revoltphp/event-loop/tree/v1.0.8" }, - "time": "2025-01-25T19:27:39+00:00" + "time": "2025-08-27T21:33:23+00:00" }, { "name": "sebastian/diff", @@ -3763,16 +3763,16 @@ }, { "name": "spatie/array-to-xml", - "version": "3.4.1", + "version": "3.4.3", "source": { "type": "git", "url": "https://github.com/spatie/array-to-xml.git", - "reference": "6a740f39415aee8886aea10333403adc77d50791" + "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/6a740f39415aee8886aea10333403adc77d50791", - "reference": "6a740f39415aee8886aea10333403adc77d50791", + "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7b9202dccfe18d4e3a13303156d6bbcc1c61dabf", + "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf", "shasum": "" }, "require": { @@ -3815,7 +3815,7 @@ "xml" ], "support": { - "source": "https://github.com/spatie/array-to-xml/tree/3.4.1" + "source": "https://github.com/spatie/array-to-xml/tree/3.4.3" }, "funding": [ { @@ -3827,7 +3827,7 @@ "type": "github" } ], - "time": "2025-11-12T10:32:50+00:00" + "time": "2025-11-27T09:08:26+00:00" }, { "name": "sserbin/twig-linter", @@ -3987,16 +3987,16 @@ }, { "name": "symfony/filesystem", - "version": "v7.3.6", + "version": "v7.4.0", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a" + "reference": "d551b38811096d0be9c4691d406991b47c0c630a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/e9bcfd7837928ab656276fe00464092cc9e1826a", - "reference": "e9bcfd7837928ab656276fe00464092cc9e1826a", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/d551b38811096d0be9c4691d406991b47c0c630a", + "reference": "d551b38811096d0be9c4691d406991b47c0c630a", "shasum": "" }, "require": { @@ -4005,7 +4005,7 @@ "symfony/polyfill-mbstring": "~1.8" }, "require-dev": { - "symfony/process": "^6.4|^7.0" + "symfony/process": "^6.4|^7.0|^8.0" }, "type": "library", "autoload": { @@ -4033,7 +4033,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v7.3.6" + "source": "https://github.com/symfony/filesystem/tree/v7.4.0" }, "funding": [ { @@ -4053,7 +4053,7 @@ "type": "tidelift" } ], - "time": "2025-11-05T09:52:27+00:00" + "time": "2025-11-27T13:27:24+00:00" }, { "name": "symfony/finder", @@ -4459,22 +4459,23 @@ }, { "name": "symfony/string", - "version": "v7.3.4", + "version": "v7.4.0", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "f96476035142921000338bad71e5247fbc138872" + "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/f96476035142921000338bad71e5247fbc138872", - "reference": "f96476035142921000338bad71e5247fbc138872", + "url": "https://api.github.com/repos/symfony/string/zipball/d50e862cb0a0e0886f73ca1f31b865efbb795003", + "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003", "shasum": "" }, "require": { "php": ">=8.2", + "symfony/deprecation-contracts": "^2.5|^3.0", "symfony/polyfill-ctype": "~1.8", - "symfony/polyfill-intl-grapheme": "~1.0", + "symfony/polyfill-intl-grapheme": "~1.33", "symfony/polyfill-intl-normalizer": "~1.0", "symfony/polyfill-mbstring": "~1.0" }, @@ -4482,11 +4483,11 @@ "symfony/translation-contracts": "<2.5" }, "require-dev": { - "symfony/emoji": "^7.1", - "symfony/http-client": "^6.4|^7.0", - "symfony/intl": "^6.4|^7.0", + "symfony/emoji": "^7.1|^8.0", + "symfony/http-client": "^6.4|^7.0|^8.0", + "symfony/intl": "^6.4|^7.0|^8.0", "symfony/translation-contracts": "^2.5|^3.0", - "symfony/var-exporter": "^6.4|^7.0" + "symfony/var-exporter": "^6.4|^7.0|^8.0" }, "type": "library", "autoload": { @@ -4525,7 +4526,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.3.4" + "source": "https://github.com/symfony/string/tree/v7.4.0" }, "funding": [ { @@ -4545,7 +4546,7 @@ "type": "tidelift" } ], - "time": "2025-09-11T14:36:48+00:00" + "time": "2025-11-27T13:27:24+00:00" }, { "name": "vimeo/psalm", From 8185c537323aeb88c4e9f34b54d192814c260900 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 28 Nov 2025 12:14:01 +0000 Subject: [PATCH 0786/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 034ebba2..03663b85 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -86,7 +86,7 @@ RUN set -ex; \ pecl install APCu-5.1.27; \ pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \ pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \ - pecl install -o imagick-3.8.0; \ + pecl install -o imagick-3.8.1; \ \ docker-php-ext-enable \ igbinary \ From 190a9824e0acb9f4a6d02d96413e5ad56e840280 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Nov 2025 17:05:56 +0100 Subject: [PATCH 0787/1064] address review Co-authored-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index ed3d3bf9..ff33fbfd 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -185,7 +185,7 @@ readonly class DockerController { $config = $this->configurationManager->GetConfig(); // set AIO_URL - $config['AIO_URL'] = $host . ':' . (string)$port . $path; + $config['AIO_URL'] = $host . ':' . strval($port) . $path; // set wasStartButtonClicked $config['wasStartButtonClicked'] = 1; // set install_latest_major From 634e819ab15642400c916796356333feb92a352e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Nov 2025 17:14:16 +0100 Subject: [PATCH 0788/1064] address review Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 53b97dcc..6fda338c 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -548,7 +548,7 @@ {% if borg_remote_repo %} or the remote repo {{ borg_remote_repo }} {% endif %} - is wrong, you can reset it by clicking on the button below. + is wrong or if you want to reset the backup location due to other reasons, you can do so by clicking on the button below.

    From 411fe4cb531fdf08b24880941ae36a60f09bb7ab Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Nov 2025 17:18:08 +0100 Subject: [PATCH 0789/1064] address review Signed-off-by: Simon L. --- community-containers/caddy/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 209b9c4a..6cdcb452 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -6,7 +6,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active. - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files. -- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variables for the mastercontainer and set it to an ip-address under which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation). +- The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation). - If you want to use this with [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden), make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. - If you want to use this with [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart), make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart. - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin. From c6e7d61a9eb0e36e4c7cd8680e86db8b562f7c01 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sat, 29 Nov 2025 16:40:43 +0100 Subject: [PATCH 0790/1064] Add cute animal to bug report template Signed-off-by: Simon L. --- .github/ISSUE_TEMPLATE/Bug_report.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md index d3228dfa..ec25fc4a 100644 --- a/.github/ISSUE_TEMPLATE/Bug_report.md +++ b/.github/ISSUE_TEMPLATE/Bug_report.md @@ -33,3 +33,5 @@ labels: 0. Needs triage #### Output of `sudo docker logs nextcloud-aio-mastercontainer` #### Other valuable info + +#### A picture of a cute animal From b4ec51f99e916dbc172b19a5c8473d70e71294f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Dec 2025 04:36:14 +0000 Subject: [PATCH 0791/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.7.1.1 to 25.04.7.3.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.7.3.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 10f068ea..071d0751 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.7.1.1 +FROM collabora/code:25.04.7.3.1 USER root ARG DEBIAN_FRONTEND=noninteractive From cc41c3465ed5091efaf576ec563fa9ae96d2384a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 1 Dec 2025 12:50:44 +0100 Subject: [PATCH 0792/1064] mastercontainer: refactor docker api version check Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 65 +++++++++++++++++++---------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 77c4675e..4ca193be 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -75,18 +75,15 @@ elif ! sudo -E -u www-data test -r /var/run/docker.sock; then fi fi -# Check if api version is supported -if ! sudo -E -u www-data docker info &>/dev/null; then - print_red "Cannot connect to the docker socket. Cannot proceed." - echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket." - echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled" - echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale" +# Get default docker api version +API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)" +API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)" +if [ -z "$API_VERSION" ]; then + print_red "Could not get API_VERSION. Something is wrong!" exit 1 fi -# Docker api version check -API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)" -API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)" +# Check if DOCKER_API_VERSION is set globally if [ -n "$DOCKER_API_VERSION" ]; then if ! echo "$DOCKER_API_VERSION" | grep -q '^[0-9].[0-9]\+$'; then print_red "You've set DOCKER_API_VERSION but not to an allowed value. @@ -98,23 +95,45 @@ It is set to '$DOCKER_API_VERSION'." print_red "Please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO." print_red "So you run on your own risk and things might break without warning." else - # shellcheck disable=SC2001 - API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')" - LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')" - if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then - if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then - print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!" - echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version." - echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO." - echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version" - exit 1 - fi - else - echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported." - sleep 10 + # Export docker api version to use it everywhere + export DOCKER_API_VERSION="$API_VERSION" +fi + +# Set a fallback docker api version. Needed for api version check. +# The check will not work otherwise on old docker versions +FALLBACK_DOCKER_API_VERSION="1.41" + +# Check if docker info can be used +if ! sudo -E -u www-data docker info &>/dev/null; then + if ! sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker info &>/dev/null; then + print_red "Cannot connect to the docker socket. Cannot proceed." + echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket." + echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled" + echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale" + exit 1 fi fi +# Docker api version check +# shellcheck disable=SC2001 +API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')" +LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')" +if [ -z "$LOCAL_API_VERSION_NUMB" ]; then + LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')" +fi +if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then + if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then + print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!" + echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version." + echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO." + echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version" + exit 1 + fi +else + echo "LOCAL_API_VERSION_NUMB or API_VERSION_NUMB are not set correctly. Cannot check if the API version is supported." + sleep 10 +fi + # Check Storage drivers STORAGE_DRIVER="$(sudo -E -u www-data docker info | grep "Storage Driver")" # Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467 From 2663ffeee5c7a27ca8f2625a6af0bc0bd5fed917 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 1 Dec 2025 12:03:40 +0000 Subject: [PATCH 0793/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index fa856220..2fbf905c 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -1644,16 +1644,16 @@ }, { "name": "twig/twig", - "version": "v3.22.0", + "version": "v3.22.1", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "4509984193026de413baf4ba80f68590a7f2c51d" + "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/4509984193026de413baf4ba80f68590a7f2c51d", - "reference": "4509984193026de413baf4ba80f68590a7f2c51d", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/1de2ec1fc43ab58a4b7e80b214b96bfc895750f3", + "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3", "shasum": "" }, "require": { @@ -1707,7 +1707,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.22.0" + "source": "https://github.com/twigphp/Twig/tree/v3.22.1" }, "funding": [ { @@ -1719,7 +1719,7 @@ "type": "tidelift" } ], - "time": "2025-10-29T15:56:47+00:00" + "time": "2025-11-16T16:01:12+00:00" } ], "packages-dev": [ From 57306c8cae44959dad8439d1153aa13fdd14b930 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 1 Dec 2025 17:00:27 +0100 Subject: [PATCH 0794/1064] refactor `backup-mode` handling Signed-off-by: Simon L. --- php/public/index.php | 2 +- php/src/Controller/DockerController.php | 24 +++++++----------------- php/src/Data/ConfigurationManager.php | 15 ++++++--------- 3 files changed, 14 insertions(+), 27 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 46967c72..c49629bd 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -104,7 +104,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(), 'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(), 'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(), - 'borg_backup_mode' => $configurationManager->GetBorgBackupMode(), + 'borg_backup_mode' => $configurationManager->GetBackupMode(), 'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(), 'has_update_available' => $dockerActionManger->isAnyUpdateAvailable(), 'last_backup_time' => $configurationManager->GetLastBackupTime(), diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 6626e3e4..7402bfd1 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -89,9 +89,7 @@ readonly class DockerController { } public function startBackup(bool $forceStopNextcloud = false) : void { - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'backup'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('backup'); $id = self::TOP_CONTAINER; $this->PerformRecursiveContainerStop($id, $forceStopNextcloud); @@ -111,26 +109,22 @@ readonly class DockerController { } public function checkBackup() : void { - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'check'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('check'); $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); } private function listBackup() : void { - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'list'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('list'); $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); } public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response { + $this->configurationManager->SetBackupMode('restore'); $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'restore'; $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? ''; if (isset($request->getParsedBody()['restore-exclude-previews'])) { $config['restore-exclude-previews'] = 1; @@ -150,24 +144,20 @@ readonly class DockerController { } public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response { - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'check-repair'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('check-repair'); $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); // Restore to backup check which is needed to make the UI logic work correctly - $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'check'; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->SetBackupMode('check'); return $response->withStatus(201)->withHeader('Location', '.'); } public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response { + $this->configurationManager->SetBackupMode('test'); $config = $this->configurationManager->GetConfig(); - $config['backup-mode'] = 'test'; $config['instance_restore_attempt'] = 0; $this->configurationManager->WriteConfig($config); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 0b0a034d..c8d16c7d 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -423,6 +423,12 @@ class ConfigurationManager return $config['backup-mode']; } + public function SetBackupMode(string $mode) : void { + $config = $this->GetConfig(); + $config['backup-mode'] = $mode; + $this->WriteConfig($config); + } + public function GetSelectedRestoreTime() : string { $config = $this->GetConfig(); if(!isset($config['selected-restore-time'])) { @@ -664,15 +670,6 @@ class ConfigurationManager return false; } - public function GetBorgBackupMode() : string { - $config = $this->GetConfig(); - if(!isset($config['backup-mode'])) { - $config['backup-mode'] = ''; - } - - return $config['backup-mode']; - } - public function GetNextcloudMount() : string { $envVariableName = 'NEXTCLOUD_MOUNT'; $configName = 'nextcloud_mount'; From 1cdc4e3beffd18e6fa58a48d0093a6d83c60f098 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 04:33:44 +0000 Subject: [PATCH 0795/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.2.9-alpine to 3.3.0-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.3.0-alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index ccc283f9..ed2e9e2d 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.2.9-alpine +FROM haproxy:3.3.0-alpine # hadolint ignore=DL3002 USER root From ae132c8d396c9532d297b28148d6b4f8a7ac755f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Dec 2025 04:34:06 +0000 Subject: [PATCH 0796/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.0.4-cli to 29.1.1-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.1.1-cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 9c50af3f..f6ecd08e 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.0.4-cli AS docker +FROM docker:29.1.1-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From d44d077a632c7744aa215f733ec24d452c71c082 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 2 Dec 2025 12:11:02 +0100 Subject: [PATCH 0797/1064] update oo Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index be1d580f..c2b94d8c 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:9.1.0.1 +FROM onlyoffice/documentserver:9.2.0.1 # USER root is probably used From a842cbb82a508e6d0d2477d1720c42320035d607 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 2 Dec 2025 12:12:40 +0100 Subject: [PATCH 0798/1064] increase to 12.2.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index eac34445..2b381c90 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v12.1.4

    +

    Nextcloud AIO v12.2.0

    {# Add 2nd tab warning #} From 83de5260511dcfabc32cafaa576aa1fe611b0c56 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 2 Dec 2025 12:42:13 +0100 Subject: [PATCH 0799/1064] adjust DeleteBorgBackupLocationVars to also delete the borg.config file Signed-off-by: Simon L. --- php/src/Controller/ConfigurationController.php | 2 +- php/src/Data/ConfigurationManager.php | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 051f8d9e..45586f9c 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -159,7 +159,7 @@ readonly class ConfigurationController { } if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) { - $this->configurationManager->DeleteBorgBackupLocationVars(); + $this->configurationManager->DeleteBorgBackupLocationItems(); } return $response->withStatus(201)->withHeader('Location', '.'); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 253b1371..e9982eb3 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -506,11 +506,19 @@ class ConfigurationManager } } - public function DeleteBorgBackupLocationVars() : void { + public function DeleteBorgBackupLocationItems() : void { + // Delete the variables $config = $this->GetConfig(); $config['borg_backup_host_location'] = ''; $config['borg_remote_repo'] = ''; $this->WriteConfig($config); + + // Also delete the borg config file to be able to start over + if (file_exists(DataConst::GetBackupKeyFile())) { + if (unlink(DataConst::GetBackupKeyFile())) { + error_log('borg.config file deleted to be able to start over.'); + } + } } /** From 095d3d9cc004b702486048e348abbb57594dc5d7 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 2 Dec 2025 15:51:53 +0100 Subject: [PATCH 0800/1064] aio-smbserver: now compatible with arm64 as well Signed-off-by: Simon L. --- community-containers/smbserver/readme.md | 1 - 1 file changed, 1 deletion(-) diff --git a/community-containers/smbserver/readme.md b/community-containers/smbserver/readme.md index 9886f4b2..20d90c9f 100644 --- a/community-containers/smbserver/readme.md +++ b/community-containers/smbserver/readme.md @@ -3,7 +3,6 @@ This container bundles an SMB-server and allows to configure it via a graphical ### Notes - This container should only be run in home networks -- This container currently only works on amd64. See https://github.com/szaimen/aio-smbserver/issues/3 - After adding and starting the container, you need to visit `https://internal.ip.of.server:5803` in order to log in with the `smbserver` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning). Then type in `bash /smbserver.sh` and you will see a graphical UI for configuring the smb-server interactively. - The config data of SMB-server will be automatically included in AIOs backup solution! - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack From 7634a3887f1c1b7bcc7ddd8b83e9b82dceb9c024 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Dec 2025 04:12:39 +0000 Subject: [PATCH 0801/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.7 to 8.19.8. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 8c46ed97..6e739095 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.7 +FROM elasticsearch:8.19.8 USER root From 0c0f956ea221f34cb785023da648714fb0633a46 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Dec 2025 04:12:43 +0000 Subject: [PATCH 0802/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.25.4-alpine3.22 to 1.25.5-alpine3.22. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.5-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 7e477820..ea0a70de 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.4-alpine3.22 AS go +FROM golang:1.25.5-alpine3.22 AS go ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee From d72181f754f31c4e459cbe06efbe23b348074b24 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Dec 2025 04:13:40 +0000 Subject: [PATCH 0803/1064] build(deps): bump golang in /Containers/watchtower Bumps golang from 1.25.4-alpine3.22 to 1.25.5-alpine3.22. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.5-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 602d2106..d2db5ae3 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.4-alpine3.22 AS go +FROM golang:1.25.5-alpine3.22 AS go ENV WATCHTOWER_COMMIT_HASH=6c5a1b0bea65cea1d4cc1de5196789a01617957a From edba082dcecc4b5e6a641093dfc6babeda61f9bc Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 3 Dec 2025 09:26:18 +0100 Subject: [PATCH 0804/1064] improve detail Signed-off-by: Simon L. --- community-containers/caddy/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 6cdcb452..a8baf9ea 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -3,7 +3,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau ### Notes - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! -- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. +- Make sure that no other service is using port 443/tcp on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. - Starting with AIO v12, the Talk port that was usually exposed on port 3478 is now set to port 443 udp and tcp and reachable via `your-nc-domain.com`. For the changes to become activated, you need to go to `https://your-nc-domain.com/settings/admin/talk` and delete all turn and stun servers. Then restart the containers and the new config should become active. - Starting with AIO v12, you can also limit vaultwarden, stalwart and lldap to certain ip-addresses. You can do so by creating a `allowed-IPs-vaultwarden.txt`, `allowed-IPs-stalwart.txt`, or `allowed-IPs-lldap.txt` file in the `nextcloud-aio-caddy` directory of your admin user and adding the ip-addresses in these files. - The container also supports the proxy protocol inside caddy. That means that you can run a supported web server in front of port 443/tcp and use the proxy protocol. You can enable this by configuring the `APACHE_IP_BINDING` environmental variable for the mastercontainer and set it to an ip-address from which the protocol shall be accepted. ⚠️ Note that the initial domain validation will not work correctly if you want to use the proxy protocol. So make sure to skip the domain validation in that case. See the [documentation](https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation). From 832d9b5ae6776854373883d3b2182bc62e282a4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Dec 2025 12:21:58 +0000 Subject: [PATCH 0805/1064] build(deps): bump actions/checkout in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codespell.yml | 2 +- .github/workflows/collabora.yml | 2 +- .github/workflows/community-containers.yml | 2 +- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/docker-lint.yml | 2 +- .github/workflows/helm-release.yml | 2 +- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/json-validator.yml | 2 +- .github/workflows/lint-helm.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/playwright.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- .github/workflows/update-copyright.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- .github/workflows/watchtower-update.yml | 2 +- 22 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index c1bc4889..2bd4823a 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Check spelling uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2 with: diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml index b39ca29b..816f57bf 100644 --- a/.github/workflows/collabora.yml +++ b/.github/workflows/collabora.yml @@ -10,7 +10,7 @@ jobs: name: update collabora runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run collabora-profile-update run: | rm -f php/cool-seccomp-profile.json diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml index cd3a9530..7446677f 100644 --- a/.github/workflows/community-containers.yml +++ b/.github/workflows/community-containers.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Validate structure run: | CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)" diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 5eefc5e1..12a11f1f 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -10,7 +10,7 @@ jobs: name: Run dependency update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml index 0efebdbb..917df1d6 100644 --- a/.github/workflows/docker-lint.yml +++ b/.github/workflows/docker-lint.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Install hadolint run: | diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 1b083b64..b4c32778 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Turnstyle uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2 diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index 883ea66c..8b624e39 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -10,7 +10,7 @@ jobs: name: update to latest imaginary commit on master branch runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run imaginary-update run: | # Imaginary diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml index d406e011..4cbd28ed 100644 --- a/.github/workflows/json-validator.yml +++ b/.github/workflows/json-validator.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Validate Json run: | sudo apt-get update diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml index 1f7f2e72..7beec865 100644 --- a/.github/workflows/lint-helm.yml +++ b/.github/workflows/lint-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 with: fetch-depth: 0 diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 9c74167a..0c5e2c74 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1 with: persist-credentials: false diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index eb083eed..d90d57e1 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -11,7 +11,7 @@ jobs: name: Run nextcloud-update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run nextcloud-update script run: | # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index ac6aa187..c8638683 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -16,7 +16,7 @@ jobs: name: PHP Deprecation Detector runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index df791fe6..3919690b 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - uses: actions/setup-node@v6 with: diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 91d41dfc..99ba4e32 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 8f7da955..bdae585e 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -32,7 +32,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1 with: persist-credentials: false diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 2c0fd697..86954033 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -15,7 +15,7 @@ jobs: name: Check Shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run Shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 with: diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index 9636502b..689e7e7e 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -10,7 +10,7 @@ jobs: name: update talk runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run talk-container-update run: | # Recording diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 1c453505..7e9b5cdc 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml index 353e5e9d..f7960ead 100644 --- a/.github/workflows/update-copyright.yml +++ b/.github/workflows/update-copyright.yml @@ -8,4 +8,4 @@ jobs: name: update copyright runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index c1452355..06555a90 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: update helm chart run: | set -x diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index a19f34aa..9d9affce 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: update yaml files run: | sudo bash manual-install/update-yaml.sh diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml index 9f126eb4..69b1b14e 100644 --- a/.github/workflows/watchtower-update.yml +++ b/.github/workflows/watchtower-update.yml @@ -10,7 +10,7 @@ jobs: name: update watchtower runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run watchtower-container-update run: | # Watchtower From 0db006605aabd912e2a506419a1456eb370ffb35 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 3 Dec 2025 14:29:55 +0100 Subject: [PATCH 0806/1064] fix spacing Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 904af4a1..ef0d0702 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -115,7 +115,7 @@ readonly class DockerController { $this->PerformRecursiveContainerStart($id); } - private function listBackup() : void { + private function listBackup() : void { $this->configurationManager->SetBackupMode('list'); $id = 'nextcloud-aio-borgbackup'; From 22a784a3dea08775ab63639fe6ca24d06dc8ac49 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 17 Mar 2025 12:06:08 +0100 Subject: [PATCH 0807/1064] add workflow to lint github actions Signed-off-by: Simon L. --- .github/workflows/lint-yaml.yml | 39 +++++++++++++++++++++++++++++++++ zizmor.yml | 3 +++ 2 files changed, 42 insertions(+) create mode 100644 .github/workflows/lint-yaml.yml create mode 100644 zizmor.yml diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml new file mode 100644 index 00000000..658d8b52 --- /dev/null +++ b/.github/workflows/lint-yaml.yml @@ -0,0 +1,39 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT + +name: Lint YAML + +on: pull_request + +permissions: + contents: read + +jobs: + yaml-lint: + runs-on: ubuntu-latest + + name: yaml + + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: GitHub action templates lint + uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1 + with: + file_or_dir: .github/workflows + config_data: | + line-length: warning + + - name: Install the latest version of uv + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1 + + - name: Check GitHub actions + run: uvx zizmor --min-severity medium .github/workflows/*.yml diff --git a/zizmor.yml b/zizmor.yml new file mode 100644 index 00000000..ee110b08 --- /dev/null +++ b/zizmor.yml @@ -0,0 +1,3 @@ +rules: + excessive-permissions: + disable: true From d6e0d8b87d8b323d7dca477c0a503ef0d610e956 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 3 Dec 2025 18:29:22 +0100 Subject: [PATCH 0808/1064] run yaml lint only if yml files were changes Signed-off-by: Simon L. --- .github/workflows/lint-yaml.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index 658d8b52..c88f697e 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -8,7 +8,10 @@ name: Lint YAML -on: pull_request +on: + pull_request: + paths: + - '**.yml' permissions: contents: read From 86f8f71548a258a63538dc35d1b237a23ba6a211 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 04:13:06 +0000 Subject: [PATCH 0809/1064] build(deps): bump python in /Containers/talk-recording Bumps python from 3.14.0-alpine3.22 to 3.14.1-alpine3.22. --- updated-dependencies: - dependency-name: python dependency-version: 3.14.1-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk-recording/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index cc58aa43..cfc1f952 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.14.0-alpine3.22 +FROM python:3.14.1-alpine3.22 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 7d46e12df70052591d6a9bab47ece0cd97da319f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 4 Dec 2025 13:08:03 +0100 Subject: [PATCH 0810/1064] exchange strval with string cast Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index ef0d0702..27a06bc8 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -189,7 +189,7 @@ readonly class DockerController { $config = $this->configurationManager->GetConfig(); // set AIO_URL - $config['AIO_URL'] = $host . ':' . strval($port) . $path; + $config['AIO_URL'] = $host . ':' . (string)$port . $path; // set wasStartButtonClicked $config['wasStartButtonClicked'] = 1; // set install_latest_major From 911cdef763350d64661459b33da3a06563ce2b7f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 12:18:56 +0000 Subject: [PATCH 0811/1064] build(deps): bump astral-sh/setup-uv in /.github/workflows Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 5.3.1 to 7.1.4. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/f94ec6bedd8674c4426838e6b50417d36b6ab231...1e862dfacbd1d6d858c55d9b792c756523627244) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.1.4 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-yaml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index c88f697e..a911f5ad 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -36,7 +36,7 @@ jobs: line-length: warning - name: Install the latest version of uv - uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1 + uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4 - name: Check GitHub actions run: uvx zizmor --min-severity medium .github/workflows/*.yml From 0a23880281bcbd0bc59f50ce6c1efbe3e458c5a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 12:19:16 +0000 Subject: [PATCH 0812/1064] build(deps): bump actions/checkout in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4.2.2...v6.0.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-yaml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index c88f697e..b3d2f0d8 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false From 9d08ce1ce51a38e96a3842539ac91df3ce9b7487 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 4 Dec 2025 16:14:31 +0100 Subject: [PATCH 0813/1064] readme: add section on how to limit the resource usage of AIO Signed-off-by: Simon L. --- readme.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/readme.md b/readme.md index f6b4f9e2..acc12d95 100644 --- a/readme.md +++ b/readme.md @@ -217,6 +217,7 @@ https://your-domain-that-points-to-this-server.tld:8443 - [How to adjust the internally used docker api version?](#how-to-adjust-the-internally-used-docker-api-version) - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir) - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive) + - [How to limit the resource usage of AIO?](#how-to-limit-the-resource-usage-of-aio) - [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host) - [How to adjust the Talk port?](#how-to-adjust-the-talk-port) - [How to adjust the upload limit for Nextcloud?](#how-to-adjust-the-upload-limit-for-nextcloud) @@ -465,6 +466,9 @@ You can move the whole docker library and all its files including all Nextcloud This should solve the problem. +### How to limit the resource usage of AIO? +In some cases, you might want to limit the overall resource usage of AIO. You can do so by following [this documentation](https://github.com/nextcloud/all-in-one/discussions/7273). + ### How to allow the Nextcloud container to access directories on the host? By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. From bd45cb4544e3007d028ed9986756ffcb2fa83c63 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 4 Dec 2025 16:18:28 +0100 Subject: [PATCH 0814/1064] add additional hint Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index acc12d95..fc46b3fb 100644 --- a/readme.md +++ b/readme.md @@ -467,7 +467,7 @@ You can move the whole docker library and all its files including all Nextcloud This should solve the problem. ### How to limit the resource usage of AIO? -In some cases, you might want to limit the overall resource usage of AIO. You can do so by following [this documentation](https://github.com/nextcloud/all-in-one/discussions/7273). +In some cases, you might want to limit the overall resource usage of AIO. You can do so by following [this documentation](https://github.com/nextcloud/all-in-one/discussions/7273). Another possibility is to use the [manual installation](./manual-install/). ### How to allow the Nextcloud container to access directories on the host? By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. From b80bc2640dba54b8121957f25a97ca2ee976d06c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 4 Dec 2025 16:19:30 +0100 Subject: [PATCH 0815/1064] fix mentioning of docker.io Signed-off-by: Simon L. --- manual-install/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual-install/readme.md b/manual-install/readme.md index 874a5b4b..ea2c2978 100644 --- a/manual-install/readme.md +++ b/manual-install/readme.md @@ -6,7 +6,7 @@ You can run the containers that are build for AIO with docker-compose. This come - You can run it without a container having access to the docker socket - You can modify all values on your own - You can run the containers with docker swarm -- You can run this in environments where access to docker.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268). +- You can run this in environments where access to ghcr.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268). ### Disadvantages - You lose the AIO interface From 57efcd852da78180671212e166adf602e2d6fbab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Dec 2025 04:12:33 +0000 Subject: [PATCH 0816/1064] build(deps): bump httpd in /Containers/apache Bumps httpd from 2.4.65-alpine3.22 to 2.4.66-alpine3.22. --- updated-dependencies: - dependency-name: httpd dependency-version: 2.4.66-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/apache/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index d9602864..c844c364 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -2,7 +2,7 @@ FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile -FROM httpd:2.4.65-alpine3.22 +FROM httpd:2.4.66-alpine3.22 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy From 238117ac47d879a3d51814d8919acc346da6a1e9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 8 Dec 2025 09:45:09 +0100 Subject: [PATCH 0817/1064] mastercontainer: fix docker api version check if DOCKER_API_VERSION was set globally Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 4ca193be..1002ef84 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -116,14 +116,14 @@ fi # Docker api version check # shellcheck disable=SC2001 -API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')" +API_VERSION_NUMB="$(echo "$DOCKER_API_VERSION" | sed 's/\.//')" LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')" if [ -z "$LOCAL_API_VERSION_NUMB" ]; then LOCAL_API_VERSION_NUMB="$(sudo -E -u www-data DOCKER_API_VERSION="$FALLBACK_DOCKER_API_VERSION" docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')" fi if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then - print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!" + print_red "Docker API v$DOCKER_API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!" echo "Alternatively, set the DOCKER_API_VERSION environmental variable to a compatible version." echo "However please note that only v$API_VERSION is officially supported and tested by the maintainers of Nextcloud AIO." echo "See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version" From a9d462489c5fa7f568e8ced174177d565662430e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 8 Dec 2025 10:03:53 +0100 Subject: [PATCH 0818/1064] increase to 12.2.1 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 2b381c90..2432ab13 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v12.2.0

    +

    Nextcloud AIO v12.2.1

    {# Add 2nd tab warning #} From 19ad65966b24c93709dc521444b1783d7d0a7b22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 12:16:55 +0000 Subject: [PATCH 0819/1064] build(deps): bump peter-evans/create-pull-request in /.github/workflows Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.9 to 7.0.11. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/84ae59a2cdc2258d6fa0732dd66352dddae2a412...22a9089034f40e5a961c8808d113e2c98fb63676) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: 7.0.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/collabora.yml | 2 +- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- .github/workflows/watchtower-update.yml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml index 816f57bf..37e974f7 100644 --- a/.github/workflows/collabora.yml +++ b/.github/workflows/collabora.yml @@ -18,7 +18,7 @@ jobs: mv cool-seccomp-profile.json php/ - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 with: commit-message: collabora-seccomp-update automated change signoff: true diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 12a11f1f..1b448139 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -44,7 +44,7 @@ jobs: )" sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 with: commit-message: php dependency updates signoff: true diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index 8b624e39..060b376e 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -22,7 +22,7 @@ jobs: sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 with: commit-message: imaginary-update automated change signoff: true diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index d90d57e1..7fe5bbf9 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -79,7 +79,7 @@ jobs: fi - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 with: commit-message: nextcloud-update automated change signoff: true diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 99ba4e32..1bd47ac4 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -30,7 +30,7 @@ jobs: continue-on-error: true - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: Update psalm baseline diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index 689e7e7e..f28ad9f2 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -45,7 +45,7 @@ jobs: sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 with: commit-message: talk-update automated change signoff: true diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 06555a90..ee8e4669 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -23,7 +23,7 @@ jobs: sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG" fi - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 with: commit-message: Helm Chart updates signoff: true diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index 9d9affce..ba92fd50 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -16,7 +16,7 @@ jobs: run: | sudo bash manual-install/update-yaml.sh - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 with: commit-message: Yaml updates signoff: true diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml index 69b1b14e..be929285 100644 --- a/.github/workflows/watchtower-update.yml +++ b/.github/workflows/watchtower-update.yml @@ -26,7 +26,7 @@ jobs: sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7 + uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 with: commit-message: watchtower-update automated change signoff: true From f5fbc591565d1a3538791d03463653d5d220d425 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 12:16:59 +0000 Subject: [PATCH 0820/1064] build(deps): bump astral-sh/setup-uv in /.github/workflows Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.4 to 7.1.5. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/1e862dfacbd1d6d858c55d9b792c756523627244...ed21f2f24f8dd64503750218de024bcf64c7250a) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.1.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-yaml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index b91d8c63..542f38b8 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -36,7 +36,7 @@ jobs: line-length: warning - name: Install the latest version of uv - uses: astral-sh/setup-uv@1e862dfacbd1d6d858c55d9b792c756523627244 # v7.1.4 + uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 - name: Check GitHub actions run: uvx zizmor --min-severity medium .github/workflows/*.yml From 02b095040bd76c7f445fb2d197cef57da3478d76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Dec 2025 12:17:02 +0000 Subject: [PATCH 0821/1064] build(deps): bump softprops/turnstyle in /.github/workflows Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/softprops/turnstyle/releases) - [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/turnstyle/compare/2e4451ef94c5969eee533c487092052d4d1a53af...15f9da4059166900981058ba251e0b652511c68f) --- updated-dependencies: - dependency-name: softprops/turnstyle dependency-version: 3.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index b4c32778..639b0785 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v6.0.1 - name: Turnstyle - uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2 + uses: softprops/turnstyle@15f9da4059166900981058ba251e0b652511c68f # v2 with: continue-after-seconds: 180 env: From cd8158c9f6463a018b3334bab10005ceb3e5a2c9 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 8 Dec 2025 14:42:30 +0100 Subject: [PATCH 0822/1064] fix excluding zizmor workflow in downstream repo Signed-off-by: Simon L. --- zizmor.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/zizmor.yml b/zizmor.yml index ee110b08..afc373cb 100644 --- a/zizmor.yml +++ b/zizmor.yml @@ -1,3 +1,6 @@ rules: excessive-permissions: disable: true + dangerous-triggers: + ignore: + - build_images.yml From 1691a19036b32f45068d1dea9f1237c49cf4aa0c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 8 Dec 2025 15:36:02 +0100 Subject: [PATCH 0823/1064] make redis port configurable Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- Containers/nextcloud/config/redis.config.php | 6 ++---- Containers/nextcloud/entrypoint.sh | 2 +- Containers/notify-push/start.sh | 6 +++++- Containers/whiteboard/healthcheck.sh | 2 +- Containers/whiteboard/start.sh | 4 ++-- php/containers.json | 3 +++ 7 files changed, 15 insertions(+), 10 deletions(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 03663b85..7ba63a39 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -138,7 +138,7 @@ RUN set -ex; \ \ { \ echo 'session.save_handler = redis'; \ - echo 'session.save_path = "tcp://${REDIS_HOST}:6379?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \ + echo 'session.save_path = "tcp://${REDIS_HOST}:${REDIS_PORT}?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \ echo 'redis.session.locking_enabled = 1'; \ echo 'redis.session.lock_retries = -1'; \ echo 'redis.session.lock_wait_time = 10000'; \ diff --git a/Containers/nextcloud/config/redis.config.php b/Containers/nextcloud/config/redis.config.php index 80848974..b59fe4ea 100644 --- a/Containers/nextcloud/config/redis.config.php +++ b/Containers/nextcloud/config/redis.config.php @@ -9,10 +9,8 @@ if (getenv('REDIS_HOST')) { ), ); - if (getenv('REDIS_HOST_PORT')) { - $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT'); - } elseif (getenv('REDIS_HOST')[0] != '/') { - $CONFIG['redis']['port'] = 6379; + if (getenv('REDIS_PORT')) { + $CONFIG['redis']['port'] = (int) getenv('REDIS_PORT'); } if (getenv('REDIS_DB_INDEX')) { diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 8fdff0d0..86ffe159 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -27,7 +27,7 @@ fi # Only start container if Redis is accessible # shellcheck disable=SC2153 -while ! nc -z "$REDIS_HOST" "6379"; do +while ! nc -z "$REDIS_HOST" "$REDIS_PORT"; do echo "Waiting for Redis to start..." sleep 5 done diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index 9277bdaa..2f30106a 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -52,6 +52,10 @@ fi if [ -z "$REDIS_DB_INDEX" ]; then REDIS_DB_INDEX=0 fi +# Set a default value for REDIS_PORT +if [ -z "$REDIS_PORT" ]; then + REDIS_PORT=6379 +fi # Set a default for db type if [ -z "$DATABASE_TYPE" ]; then DATABASE_TYPE=postgres @@ -76,7 +80,7 @@ fi # Set sensitive values as env export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$CERT_OPTIONS" -export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX" +export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX" # Run it /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \ diff --git a/Containers/whiteboard/healthcheck.sh b/Containers/whiteboard/healthcheck.sh index 4f53988a..5909db82 100644 --- a/Containers/whiteboard/healthcheck.sh +++ b/Containers/whiteboard/healthcheck.sh @@ -1,4 +1,4 @@ #!/bin/bash -nc -z "$REDIS_HOST" 6379 || exit 0 +nc -z "$REDIS_HOST" "$REDIS_PORT" || exit 0 nc -z 127.0.0.1 3002 || exit 1 diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh index 962df9b9..8975e0c6 100644 --- a/Containers/whiteboard/start.sh +++ b/Containers/whiteboard/start.sh @@ -1,7 +1,7 @@ #!/bin/bash # Only start container if nextcloud is accessible -while ! nc -z "$REDIS_HOST" 6379; do +while ! nc -z "$REDIS_HOST" "$REDIS_PORT"; do echo "Waiting for redis to start..." sleep 5 done @@ -11,7 +11,7 @@ if [ -z "$REDIS_DB_INDEX" ]; then REDIS_DB_INDEX=0 fi -export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX" +export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX" # Run it exec npm --prefix /app run server:start diff --git a/php/containers.json b/php/containers.json index 8afb68e9..486a4694 100644 --- a/php/containers.json +++ b/php/containers.json @@ -204,6 +204,7 @@ "POSTGRES_DB=nextcloud_database", "POSTGRES_USER=nextcloud", "REDIS_HOST=nextcloud-aio-redis", + "REDIS_PORT=6379", "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%", "APACHE_HOST=nextcloud-aio-apache", "APACHE_PORT=%APACHE_PORT%", @@ -305,6 +306,7 @@ "NEXTCLOUD_HOST=nextcloud-aio-nextcloud", "TZ=%TIMEZONE%", "REDIS_HOST=nextcloud-aio-redis", + "REDIS_PORT=6379", "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%", "POSTGRES_HOST=nextcloud-aio-database", "POSTGRES_PORT=5432", @@ -875,6 +877,7 @@ "JWT_SECRET_KEY=%WHITEBOARD_SECRET%", "STORAGE_STRATEGY=redis", "REDIS_HOST=nextcloud-aio-redis", + "REDIS_PORT=6379", "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%", "BACKUP_DIR=/tmp" ], From 3ab5740f0cb70a9be7d3b9df3cc71a85cbd1d33b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 8 Dec 2025 19:30:10 +0100 Subject: [PATCH 0824/1064] add further explanation to failed docker check Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index 1002ef84..ad1734f1 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -110,6 +110,10 @@ if ! sudo -E -u www-data docker info &>/dev/null; then echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket." echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled" echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale" + echo "On macOS, see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-macos" + echo "Another possibility might be that Docker api v$API_VERSION is not supported by your docker daemon." + echo "In that case, you should report this to https://github.com/nextcloud/all-in-one/issues" + echo "" exit 1 fi fi From 2498911854c16ef7aad74867870cadbf9be8edb6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Dec 2025 04:13:08 +0000 Subject: [PATCH 0825/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.1.1-cli to 29.1.2-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.1.2-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index f6ecd08e..63c8ea35 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.1.1-cli AS docker +FROM docker:29.1.2-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From 7fa5af0e8cdaec036b299401553b8e5b636791f8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 9 Dec 2025 09:14:59 +0100 Subject: [PATCH 0826/1064] daily-bakup.sh: fix issue with apache-port Signed-off-by: Simon L. --- Containers/mastercontainer/daily-backup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index edc5bddd..d11f3e85 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -23,8 +23,8 @@ fi sudo -E -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running" # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped -APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)" -if [ -z "$APACHE_PORT" ]; then +LOCAL_APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)" +if [ -z "$LOCAL_APACHE_PORT" ]; then echo "APACHE_PORT is not set which is not expected..." else # Connect mastercontainer to nextcloud-aio network to make sure that nextcloud-aio-apache is reachable @@ -32,7 +32,7 @@ else docker network connect nextcloud-aio nextcloud-aio-mastercontainer &>/dev/null # Wait for apache to start - while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do + while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$LOCAL_APACHE_PORT"; do echo "Waiting for apache to become available" sleep 30 done From b6f85b04b511e40f09947f1c10f4594930736117 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 9 Dec 2025 12:03:48 +0000 Subject: [PATCH 0827/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 12545ac3..4e2cfaee 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -438,7 +438,7 @@ services: environment: - TZ=${TIMEZONE} - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS} - - bootstrap.memory_lock=true + - bootstrap.memory_lock=false - cluster.name=nextcloud-aio - discovery.type=single-node - logger.level=WARN From 52f67f2de96033bfe687530302ebf6bd0676f0dc Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 9 Dec 2025 12:14:58 +0000 Subject: [PATCH 0828/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 03663b85..866ad126 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -83,7 +83,7 @@ RUN set -ex; \ \ # pecl will claim success even if one install fails, so we need to perform each install separately pecl install -o igbinary-3.2.16; \ - pecl install APCu-5.1.27; \ + pecl install APCu-5.1.28; \ pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.4.0; \ pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.3.0; \ pecl install -o imagick-3.8.1; \ From 0f3f88da0841c0239cd1fdb106e44c70eb1e251f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 10 Dec 2025 12:29:46 +0000 Subject: [PATCH 0829/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/mastercontainer/Dockerfile | 2 +- php/composer.lock | 74 +++++++++++++-------------- 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index f6ecd08e..4bea57a4 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -52,7 +52,7 @@ RUN set -ex; \ apk add --no-cache --virtual .build-deps \ autoconf \ build-base; \ - pecl install APCu-5.1.27; \ + pecl install APCu-5.1.28; \ docker-php-ext-enable apcu; \ rm -r /tmp/pear; \ runDeps="$( \ diff --git a/php/composer.lock b/php/composer.lock index 2fbf905c..24565073 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -2035,16 +2035,16 @@ }, { "name": "amphp/parallel", - "version": "v2.3.2", + "version": "v2.3.3", "source": { "type": "git", "url": "https://github.com/amphp/parallel.git", - "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce" + "reference": "296b521137a54d3a02425b464e5aee4c93db2c60" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/amphp/parallel/zipball/321b45ae771d9c33a068186b24117e3cd1c48dce", - "reference": "321b45ae771d9c33a068186b24117e3cd1c48dce", + "url": "https://api.github.com/repos/amphp/parallel/zipball/296b521137a54d3a02425b464e5aee4c93db2c60", + "reference": "296b521137a54d3a02425b464e5aee4c93db2c60", "shasum": "" }, "require": { @@ -2107,7 +2107,7 @@ ], "support": { "issues": "https://github.com/amphp/parallel/issues", - "source": "https://github.com/amphp/parallel/tree/v2.3.2" + "source": "https://github.com/amphp/parallel/tree/v2.3.3" }, "funding": [ { @@ -2115,7 +2115,7 @@ "type": "github" } ], - "time": "2025-08-27T21:55:40+00:00" + "time": "2025-11-15T06:23:42+00:00" }, { "name": "amphp/parser", @@ -3111,20 +3111,20 @@ }, { "name": "league/uri", - "version": "7.6.0", + "version": "7.7.0", "source": { "type": "git", "url": "https://github.com/thephpleague/uri.git", - "reference": "f625804987a0a9112d954f9209d91fec52182344" + "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thephpleague/uri/zipball/f625804987a0a9112d954f9209d91fec52182344", - "reference": "f625804987a0a9112d954f9209d91fec52182344", + "url": "https://api.github.com/repos/thephpleague/uri/zipball/8d587cddee53490f9b82bf203d3a9aa7ea4f9807", + "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807", "shasum": "" }, "require": { - "league/uri-interfaces": "^7.6", + "league/uri-interfaces": "^7.7", "php": "^8.1", "psr/http-factory": "^1" }, @@ -3197,7 +3197,7 @@ "docs": "https://uri.thephpleague.com", "forum": "https://thephpleague.slack.com", "issues": "https://github.com/thephpleague/uri-src/issues", - "source": "https://github.com/thephpleague/uri/tree/7.6.0" + "source": "https://github.com/thephpleague/uri/tree/7.7.0" }, "funding": [ { @@ -3205,20 +3205,20 @@ "type": "github" } ], - "time": "2025-11-18T12:17:23+00:00" + "time": "2025-12-07T16:02:06+00:00" }, { "name": "league/uri-interfaces", - "version": "7.6.0", + "version": "7.7.0", "source": { "type": "git", "url": "https://github.com/thephpleague/uri-interfaces.git", - "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368" + "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/ccbfb51c0445298e7e0b7f4481b942f589665368", - "reference": "ccbfb51c0445298e7e0b7f4481b942f589665368", + "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/62ccc1a0435e1c54e10ee6022df28d6c04c2946c", + "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c", "shasum": "" }, "require": { @@ -3281,7 +3281,7 @@ "docs": "https://uri.thephpleague.com", "forum": "https://thephpleague.slack.com", "issues": "https://github.com/thephpleague/uri-src/issues", - "source": "https://github.com/thephpleague/uri-interfaces/tree/7.6.0" + "source": "https://github.com/thephpleague/uri-interfaces/tree/7.7.0" }, "funding": [ { @@ -3289,7 +3289,7 @@ "type": "github" } ], - "time": "2025-11-18T12:17:23+00:00" + "time": "2025-12-07T16:03:21+00:00" }, { "name": "netresearch/jsonmapper", @@ -3344,16 +3344,16 @@ }, { "name": "nikic/php-parser", - "version": "v5.6.2", + "version": "v5.7.0", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "3a454ca033b9e06b63282ce19562e892747449bb" + "reference": "dca41cd15c2ac9d055ad70dbfd011130757d1f82" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/3a454ca033b9e06b63282ce19562e892747449bb", - "reference": "3a454ca033b9e06b63282ce19562e892747449bb", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/dca41cd15c2ac9d055ad70dbfd011130757d1f82", + "reference": "dca41cd15c2ac9d055ad70dbfd011130757d1f82", "shasum": "" }, "require": { @@ -3396,9 +3396,9 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v5.6.2" + "source": "https://github.com/nikic/PHP-Parser/tree/v5.7.0" }, - "time": "2025-10-21T19:32:17+00:00" + "time": "2025-12-06T11:56:16+00:00" }, { "name": "phpdocumentor/reflection-common", @@ -3889,16 +3889,16 @@ }, { "name": "symfony/console", - "version": "v6.4.27", + "version": "v6.4.30", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc" + "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/13d3176cf8ad8ced24202844e9f95af11e2959fc", - "reference": "13d3176cf8ad8ced24202844e9f95af11e2959fc", + "url": "https://api.github.com/repos/symfony/console/zipball/1b2813049506b39eb3d7e64aff033fd5ca26c97e", + "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e", "shasum": "" }, "require": { @@ -3963,7 +3963,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.27" + "source": "https://github.com/symfony/console/tree/v6.4.30" }, "funding": [ { @@ -3983,7 +3983,7 @@ "type": "tidelift" } ], - "time": "2025-10-06T10:25:16+00:00" + "time": "2025-12-05T13:47:41+00:00" }, { "name": "symfony/filesystem", @@ -4550,16 +4550,16 @@ }, { "name": "vimeo/psalm", - "version": "6.13.1", + "version": "6.14.1", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51" + "reference": "cf26e6debc366836754f359ece5b68629a1ee185" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51", - "reference": "1e3b7f0a8ab32b23197b91107adc0a7ed8a05b51", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf26e6debc366836754f359ece5b68629a1ee185", + "reference": "cf26e6debc366836754f359ece5b68629a1ee185", "shasum": "" }, "require": { @@ -4582,7 +4582,7 @@ "fidry/cpu-core-counter": "^0.4.1 || ^0.5.1 || ^1.0.0", "netresearch/jsonmapper": "^5.0", "nikic/php-parser": "^5.0.0", - "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3", + "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3 || ~8.5.0", "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0", "spatie/array-to-xml": "^2.17.0 || ^3.0", "symfony/console": "^6.0 || ^7.0", @@ -4664,7 +4664,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2025-08-06T10:10:28+00:00" + "time": "2025-12-10T09:31:26+00:00" }, { "name": "wapmorgan/php-deprecation-detector", From a3a8cbff34690706c7ce8c3cf489ed663de92d1f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 10 Dec 2025 13:39:37 +0000 Subject: [PATCH 0830/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 21 insertions(+), 21 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 7d6a0c55..01453437 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 12.1.4 +version: 12.2.1 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index e6273a8b..f9fd44e6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-apache:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 662d68a0..e07f9bfb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-clamav:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index e91cfe56..8f8d6d3c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -36,9 +36,9 @@ spec: - name: server_name value: "{{ .Values.NC_DOMAIN }}" {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }} - image: ghcr.io/nextcloud-releases/aio-collabora-online:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-collabora-online:20251210_133359 {{- else }} - image: ghcr.io/nextcloud-releases/aio-collabora:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-collabora:20251210_133359 {{- end }} readinessProbe: exec: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index d65dfa78..1c6491fc 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-postgresql:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index a3877029..f40d6ff3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 command: - chmod - "777" @@ -41,7 +41,7 @@ spec: - name: TZ value: "{{ .Values.TIMEZONE }}" - name: bootstrap.memory_lock - value: "true" + value: "false" - name: cluster.name value: nextcloud-aio - name: discovery.type @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index c8ae83d9..5906d566 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-imaginary:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 2a925878..242b9f16 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 command: - chmod - "777" @@ -186,7 +186,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20251210_133359 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 5f16388a..114ddc1d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -55,7 +55,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-notify-push:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 4e64f6c5..d1ae2b35 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 18ceee18..3af2d622 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-redis:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 81f616fa..9d9c6d80 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-talk:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 0319cce8..58afc7d0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20251210_133359 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 35f29df7..229395ca 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -48,7 +48,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20251128_084214 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20251210_133359 readinessProbe: exec: command: From e5f1cb5955575750602ce19dd8ec0014d1d2371f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 10 Dec 2025 14:59:46 +0000 Subject: [PATCH 0831/1064] watchtower-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/watchtower/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index d2db5ae3..50ba3b7d 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,13 +1,13 @@ # syntax=docker/dockerfile:latest FROM golang:1.25.5-alpine3.22 AS go -ENV WATCHTOWER_COMMIT_HASH=6c5a1b0bea65cea1d4cc1de5196789a01617957a +ENV WATCHTOWER_COMMIT_HASH=1ee8747544ce9a49711d9314f1690b30c29e6a8c RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ build-base; \ - go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.3 + go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.5 FROM alpine:3.22.2 From 1492e7ad46c8c137981dff57cc185db880becf02 Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Thu, 11 Dec 2025 04:19:27 +0000 Subject: [PATCH 0832/1064] Update psalm baseline Signed-off-by: GitHub --- php/psalm-baseline.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index d04c5aa8..dfff8ba0 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,2 +1,2 @@ - + From 8a3628d1d8560c493d721538ff179fe19096f067 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 11 Dec 2025 11:03:36 +0000 Subject: [PATCH 0833/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 866ad126..7ca67cac 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=32.0.2 +ENV NEXTCLOUD_VERSION=32.0.3 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 29dbf6e565e27861264d41c53ae54342d78eb52e Mon Sep 17 00:00:00 2001 From: stefano99 Date: Thu, 11 Dec 2025 12:16:35 +0100 Subject: [PATCH 0834/1064] Docs update: Add encoded characters config for Traefik v3.6.4+ (#7286) Signed-off-by: stefano99 --- reverse-proxy.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/reverse-proxy.md b/reverse-proxy.md index e0497c84..14e7aaaf 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -870,6 +870,11 @@ The examples below define the dynamic configuration in YAML files. If you rather transport: respondingTimeouts: readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links) + http: + # Required for Nextcloud to correctly handle encoded URL characters (%2F and %3F in this case) in newer Traefik versions (v3.6.4+). + encodedCharacters: + allowEncodedSlash: true + allowEncodedQuestionMark: true # If you want to enable HTTP/3 support, uncomment the line below # http3: {} From eada5b90fe7ec99141ce2edd98545d4c1db22036 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 11 Dec 2025 12:19:48 +0000 Subject: [PATCH 0835/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 24565073..d829d29f 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -4550,16 +4550,16 @@ }, { "name": "vimeo/psalm", - "version": "6.14.1", + "version": "6.14.2", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "cf26e6debc366836754f359ece5b68629a1ee185" + "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf26e6debc366836754f359ece5b68629a1ee185", - "reference": "cf26e6debc366836754f359ece5b68629a1ee185", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0", + "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0", "shasum": "" }, "require": { @@ -4664,7 +4664,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2025-12-10T09:31:26+00:00" + "time": "2025-12-11T08:58:52+00:00" }, { "name": "wapmorgan/php-deprecation-detector", From 7f71a94c8cbfdba9a5c45c62804e238e217a0439 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 11 Dec 2025 12:20:33 +0000 Subject: [PATCH 0836/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 4e2cfaee..9da46d0f 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -135,6 +135,7 @@ services: - POSTGRES_DB=nextcloud_database - POSTGRES_USER=nextcloud - REDIS_HOST=nextcloud-aio-redis + - REDIS_PORT=6379 - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} - APACHE_HOST=nextcloud-aio-apache - APACHE_PORT @@ -206,6 +207,7 @@ services: - NEXTCLOUD_HOST=nextcloud-aio-nextcloud - TZ=${TIMEZONE} - REDIS_HOST=nextcloud-aio-redis + - REDIS_PORT=6379 - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} - POSTGRES_HOST=nextcloud-aio-database - POSTGRES_PORT=5432 @@ -475,6 +477,7 @@ services: - JWT_SECRET_KEY=${WHITEBOARD_SECRET} - STORAGE_STRATEGY=redis - REDIS_HOST=nextcloud-aio-redis + - REDIS_PORT=6379 - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} - BACKUP_DIR=/tmp restart: unless-stopped From 65501079013c6df1bedb2ca4c5115909699682aa Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 28 Nov 2025 13:02:20 +0100 Subject: [PATCH 0837/1064] standardize ca-config Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 1 + .../nextcloud/config/postgres.config.php | 4 +- Containers/nextcloud/entrypoint.sh | 107 +++++++++++++----- Containers/notify-push/start.sh | 4 +- 4 files changed, 84 insertions(+), 32 deletions(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 034ebba2..f4891920 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -251,6 +251,7 @@ RUN set -ex; \ chmod 777 -R /usr/local/etc/php/conf.d && \ chmod 777 -R /usr/local/etc/php-fpm.d && \ chmod -R 777 /tmp; \ + chmod -R 777 /etc/openldap; \ \ mkdir -p /nc-updater; \ chmod -R 777 /nc-updater diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php index acde7b82..71a657a7 100644 --- a/Containers/nextcloud/config/postgres.config.php +++ b/Containers/nextcloud/config/postgres.config.php @@ -3,14 +3,14 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) { $CONFIG = array( 'pgsql_ssl' => array( 'mode' => 'verify-ca', - 'rootcert' => '/var/www/html/data/certificates/POSTGRES', + 'rootcert' => '/var/www/html/data/certificates/ca-bundle.crt', ), ); } if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) { $CONFIG = array( 'dbdriveroptions' => array( - 'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/MYSQL', + 'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/ca-bundle.crt', ), ); } diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index c0dfd803..edc6c32c 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -20,6 +20,79 @@ run_upgrade_if_needed_due_to_app_update() { fi } +set_global_ca_bundle_path() { + # Only run if env is set + if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then + php /var/www/html/occ config:system:set default_certificates_bundle_path --value="$CERTIFICATE_BUNDLE" + fi +} + +# Create cert bundle +if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then + + # Enable debug mode + set -x + + # Default vars + CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates" + CERTIFICATE_BUNDLE="/var/www/html/data/certificates/ca-bundle.crt" + + # Remove old root certs and recreate them with current ones + rm -rf "$CERTIFICATES_ROOT_DIR" + mkdir -p "$CERTIFICATES_ROOT_DIR" + + # Retrieve default root cert bundle + if ! [ -f "$SOURCE_LOCATION/resources/config/ca-bundle.crt" ]; then + echo "Root ca-bundle not found. Only concattening configured NEXTCLOUD_TRUSTED_CERTIFICATES files!" + # Recreate cert file + touch "$CERTIFICATE_BUNDLE" + else + # Write default bundle to the target ca file + cat "$SOURCE_LOCATION/resources/config/ca-bundle.crt" > "$CERTIFICATE_BUNDLE" + fi + + # Iterate through certs + TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')" + mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES" + for certificate in "${TRUSTED_CERTIFICATES[@]}"; do + + # Create new line + echo "" >> "$CERTIFICATE_BUNDLE" + + # Check if variable is an actual cert + if echo "${!certificate}" | grep -q "BEGIN CERTIFICATE" && echo "${!certificate}" | grep -q "END CERTIFICATE"; then + # Write out cert to bundle + echo "${!certificate}" >> "$CERTIFICATE_BUNDLE" + fi + + # Create file in cert dir for extra logic in other places + if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then + touch "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" + fi + + done + + # Custom logic for ldap conf + if ! grep -q "TLS_" /etc/openldap/ldap.conf; then + cat << EOL >> /etc/openldap/ldap.conf +TLS_CACERT $CERTIFICATE_BUNDLE +TLS_REQCERT try +EOL + fi + + # Backwards compatibility with older instances + if [ -f "/var/www/html/config/postgres.config.php" ]; then + sed -i "s|/var/www/html/data/certificates/POSTGRES|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php + sed -i "s|/var/www/html/data/certificates/MYSQL|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php + fi + + # Print out bundle one last time + cat "$CERTIFICATE_BUNDLE" + + # Disable debug mode + set +x +fi + # Adjust DATABASE_TYPE to by Nextcloud supported value if [ "$DATABASE_TYPE" = postgres ]; then export DATABASE_TYPE=pgsql @@ -173,6 +246,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then run_upgrade_if_needed_due_to_app_update + set_global_ca_bundle_path + php /var/www/html/occ maintenance:mode --off echo "Getting and backing up the status of apps for later; this might take a while..." @@ -279,16 +354,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then ); EOF - # Write out postgres root cert - if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then - mkdir /var/www/html/data/certificates - echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES" - # Write out mysql root cert - elif [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" ]; then - mkdir /var/www/html/data/certificates - echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL" > "/var/www/html/data/certificates/MYSQL" - fi - echo "Installing with $DATABASE_TYPE database" # Set a default value for POSTGRES_PORT if [ -z "$POSTGRES_PORT" ]; then @@ -316,6 +381,8 @@ EOF # Try to force generation of appdata dir: php /var/www/html/occ maintenance:repair + set_global_ca_bundle_path + if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then max_retries=10 try=0 @@ -532,6 +599,8 @@ fi run_upgrade_if_needed_due_to_app_update +set_global_ca_bundle_path + if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then # Check if appdata is present # If not, something broke (e.g. changing ncdatadir after aio was first started) @@ -649,24 +718,6 @@ else fi # AIO app end # Do not remove or change this line! -# Allow to add custom certs to Nextcloud's trusted cert store -if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then - set -x - TRUSTED_CERTIFICATES="$(env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP '^[A-Z_a-z0-9]+')" - mapfile -t TRUSTED_CERTIFICATES <<< "$TRUSTED_CERTIFICATES" - CERTIFICATES_ROOT_DIR="/var/www/html/data/certificates" - mkdir -p "$CERTIFICATES_ROOT_DIR" - for certificate in "${TRUSTED_CERTIFICATES[@]}"; do - # shellcheck disable=SC2001 - CERTIFICATE_NAME="$(echo "$certificate" | sed 's|^NEXTCLOUD_TRUSTED_CERTIFICATES_||')" - if ! [ -f "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" ]; then - echo "${!certificate}" > "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" - php /var/www/html/occ security:certificates:import "$CERTIFICATES_ROOT_DIR/$CERTIFICATE_NAME" - fi - done - set +x -fi - # Notify push if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then php /var/www/html/occ app:install notify_push diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index 9277bdaa..375009fc 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -68,10 +68,10 @@ fi # Postgres root cert if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then - CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES" + CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/ca-bundle.crt" # Mysql root cert elif [ -f "/nextcloud/data/certificates/MYSQL" ]; then - CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/MYSQL" + CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/ca-bundle.crt" fi # Set sensitive values as env From 0be8409c365aa4996c577070b025baa496fa7ef6 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 11 Dec 2025 15:21:13 +0100 Subject: [PATCH 0838/1064] increase to 12.3.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 2432ab13..4e25dcf3 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v12.2.1

    +

    Nextcloud AIO v12.3.0

    {# Add 2nd tab warning #} From 76cae30d5ca4048b3caca5872d67bc1c70c203cf Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 11 Dec 2025 15:56:27 +0100 Subject: [PATCH 0839/1064] update helm chart Signed-off-by: Simon L. --- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 2 ++ .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 ++ .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 242b9f16..3911d7eb 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -160,6 +160,8 @@ spec: value: nextcloud-aio-redis - name: REDIS_HOST_PASSWORD value: "{{ .Values.REDIS_PASSWORD }}" + - name: REDIS_PORT + value: "6379" - name: REMOVE_DISABLED_APPS value: "{{ .Values.REMOVE_DISABLED_APPS }}" - name: SIGNALING_SECRET diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 114ddc1d..dc33201f 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -53,6 +53,8 @@ spec: value: nextcloud-aio-redis - name: REDIS_HOST_PASSWORD value: "{{ .Values.REDIS_PASSWORD }}" + - name: REDIS_PORT + value: "6379" - name: TZ value: "{{ .Values.TIMEZONE }}" image: ghcr.io/nextcloud-releases/aio-notify-push:20251210_133359 diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 229395ca..410d6ae8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -44,6 +44,8 @@ spec: value: nextcloud-aio-redis - name: REDIS_HOST_PASSWORD value: "{{ .Values.REDIS_PASSWORD }}" + - name: REDIS_PORT + value: "6379" - name: STORAGE_STRATEGY value: redis - name: TZ From 17bf4f91d7d20a91ed499d126eb014beb50d735f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 12 Dec 2025 13:06:50 +0100 Subject: [PATCH 0840/1064] nextcloud: fix configuration of `default_certificates_bundle_path` and allow to use bundle for mailer Signed-off-by: Simon L. --- .../nextcloud/config/certificates-bundle.config.php | 5 +++++ Containers/nextcloud/config/smtp.config.php | 11 +++++++++++ Containers/nextcloud/entrypoint.sh | 13 ------------- 3 files changed, 16 insertions(+), 13 deletions(-) create mode 100644 Containers/nextcloud/config/certificates-bundle.config.php diff --git a/Containers/nextcloud/config/certificates-bundle.config.php b/Containers/nextcloud/config/certificates-bundle.config.php new file mode 100644 index 00000000..cc05b06a --- /dev/null +++ b/Containers/nextcloud/config/certificates-bundle.config.php @@ -0,0 +1,5 @@ + array( + 'ssl' => array( + 'verify_peer_name' => false, + 'cafile' => '/var/www/html/data/certificates/ca-bundle.crt', + ) + ) + ); +} diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 526a4b67..eea3d65b 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -20,13 +20,6 @@ run_upgrade_if_needed_due_to_app_update() { fi } -set_global_ca_bundle_path() { - # Only run if env is set - if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then - php /var/www/html/occ config:system:set default_certificates_bundle_path --value="$CERTIFICATE_BUNDLE" - fi -} - # Create cert bundle if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then @@ -246,8 +239,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then run_upgrade_if_needed_due_to_app_update - set_global_ca_bundle_path - php /var/www/html/occ maintenance:mode --off echo "Getting and backing up the status of apps for later; this might take a while..." @@ -381,8 +372,6 @@ EOF # Try to force generation of appdata dir: php /var/www/html/occ maintenance:repair - set_global_ca_bundle_path - if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then max_retries=10 try=0 @@ -599,8 +588,6 @@ fi run_upgrade_if_needed_due_to_app_update -set_global_ca_bundle_path - if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then # Check if appdata is present # If not, something broke (e.g. changing ncdatadir after aio was first started) From 2998dfdf435148a637f1a2bd2adb1e95972138ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 04:15:48 +0000 Subject: [PATCH 0841/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.4.2 to v1.5.0. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.5.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index fe5d89f7..e2f40160 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.4.2 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.0 USER root RUN set -ex; \ From 4c1947afdcf9994dd4a7d3b74fefe32126e08c5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 12:21:36 +0000 Subject: [PATCH 0842/1064] build(deps): bump dessant/lock-threads in /.github/workflows Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 5.0.1 to 6.0.0. - [Release notes](https://github.com/dessant/lock-threads/releases) - [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md) - [Commits](https://github.com/dessant/lock-threads/compare/1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771...7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7) --- updated-dependencies: - dependency-name: dessant/lock-threads dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/lock-threads.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml index be8273d5..bda40ee2 100644 --- a/.github/workflows/lock-threads.yml +++ b/.github/workflows/lock-threads.yml @@ -14,7 +14,7 @@ jobs: action: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5 + - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v5 with: issue-inactive-days: '14' process-only: 'issues' From d0b5e64272df65b96aa3259dd5228575d4eb13df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 12:21:43 +0000 Subject: [PATCH 0843/1064] build(deps): bump astral-sh/setup-uv in /.github/workflows Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.5 to 7.1.6. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/ed21f2f24f8dd64503750218de024bcf64c7250a...681c641aba71e4a1c380be3ab5e12ad51f415867) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.1.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-yaml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index 542f38b8..9b5710cb 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -36,7 +36,7 @@ jobs: line-length: warning - name: Install the latest version of uv - uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7.1.5 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 - name: Check GitHub actions run: uvx zizmor --min-severity medium .github/workflows/*.yml From 5fef93eabf77b693dbd4b4ce35e4bc60012bab60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 12:21:53 +0000 Subject: [PATCH 0844/1064] build(deps): bump actions/upload-artifact in /.github/workflows Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/playwright.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 3919690b..252a6510 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -82,7 +82,7 @@ jobs: exit 1 fi - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@v6 if: ${{ !cancelled() }} with: name: playwright-report From 92d036d04ad6cf10f5c5d2ebaed604b786433645 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 04:15:35 +0000 Subject: [PATCH 0845/1064] build(deps): bump python in /Containers/talk-recording Bumps python from 3.14.1-alpine3.22 to 3.14.2-alpine3.22. --- updated-dependencies: - dependency-name: python dependency-version: 3.14.2-alpine3.22 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk-recording/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index cfc1f952..beeb517e 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.14.1-alpine3.22 +FROM python:3.14.2-alpine3.22 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From a66445d4437791835682750bb338eac6d8d34229 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 16 Dec 2025 10:40:45 +0100 Subject: [PATCH 0846/1064] nextcloud: allow to configure `FULLTEXTSEARCH_PROTOCOL` Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 5 ++++- php/containers.json | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index eea3d65b..d5ca8952 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -972,6 +972,9 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then php /var/www/html/occ app:disable fulltextsearch_elasticsearch php /var/www/html/occ app:disable files_fulltextsearch else + if [ -z "$FULLTEXTSEARCH_PROTOCOL" ]; then + FULLTEXTSEARCH_PROTOCOL="http" + fi if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then php /var/www/html/occ app:install fulltextsearch elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then @@ -994,7 +997,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then php /var/www/html/occ app:update files_fulltextsearch fi php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}' - php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}" + php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"$FULLTEXTSEARCH_PROTOCOL://$FULLTEXTSEARCH_USER:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:$FULLTEXTSEARCH_PORT\",\"elastic_index\":\"$FULLTEXTSEARCH_INDEX\"}" php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":true,\"files_office\":true}" # Do the index diff --git a/php/containers.json b/php/containers.json index 486a4694..d8556184 100644 --- a/php/containers.json +++ b/php/containers.json @@ -237,6 +237,7 @@ "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%", "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%", "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch", + "FULLTEXTSEARCH_PROTOCOL=http", "FULLTEXTSEARCH_PORT=9200", "FULLTEXTSEARCH_USER=elastic", "FULLTEXTSEARCH_INDEX=nextcloud-aio", From f415bf201d521111ad40a56654673ac8586d1898 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 16 Dec 2025 10:31:33 +0100 Subject: [PATCH 0847/1064] s3-config: adjust the multibucket setting Signed-off-by: Simon L. Co-Authored-By: Kate <26026535+provokateurin@users.noreply.github.com> --- Containers/nextcloud/config/s3.config.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php index 66e1476d..59217a78 100644 --- a/Containers/nextcloud/config/s3.config.php +++ b/Containers/nextcloud/config/s3.config.php @@ -6,9 +6,10 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE'); $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET'); $CONFIG = array( - $multibucket === 'true' ? 'objectstore_multibucket' : 'objectstore' => array( + 'objectstore' => array( 'class' => '\OC\Files\ObjectStore\S3', 'arguments' => array( + 'multibucket' => $multibucket === 'true', 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', From 0f0265abd4096ad73eb7dc340ff24bc13e9e97e0 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Tue, 16 Dec 2025 11:09:08 +0000 Subject: [PATCH 0848/1064] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 9da46d0f..e9362ccc 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -165,6 +165,7 @@ services: - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT} - FULLTEXTSEARCH_ENABLED - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch + - FULLTEXTSEARCH_PROTOCOL=http - FULLTEXTSEARCH_PORT=9200 - FULLTEXTSEARCH_USER=elastic - FULLTEXTSEARCH_INDEX=nextcloud-aio From 1dadf3ff10c338d6e74bfabe3ab06c0d3f59c989 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 16 Dec 2025 13:01:52 +0100 Subject: [PATCH 0849/1064] Merge pull request #7328 from nextcloud/enh/noid/update-helm --- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 3911d7eb..e95b8b0b 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -114,6 +114,8 @@ spec: value: "{{ .Values.FULLTEXTSEARCH_PASSWORD }}" - name: FULLTEXTSEARCH_PORT value: "9200" + - name: FULLTEXTSEARCH_PROTOCOL + value: http - name: FULLTEXTSEARCH_USER value: elastic - name: IMAGINARY_ENABLED From 082bbab85561944db7de12b351611e11253bdca9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Dec 2025 04:13:11 +0000 Subject: [PATCH 0850/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.7.3.1 to 25.04.8.1.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.8.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 071d0751..50b6cfef 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.7.3.1 +FROM collabora/code:25.04.8.1.1 USER root ARG DEBIAN_FRONTEND=noninteractive From 06f492397b04dd412e7c111f959f0bfc846897c5 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 17 Dec 2025 12:27:56 +0100 Subject: [PATCH 0851/1064] helm: make documentation more clear about storage classes Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 4 ++-- nextcloud-aio-helm-chart/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 02428db8..39aa7007 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -425,8 +425,8 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf # shellcheck disable=SC2129 echo "" >> /tmp/sample.conf # shellcheck disable=SC2129 -echo 'STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!' >> /tmp/sample.conf -echo 'STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf +echo 'STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).' >> /tmp/sample.conf +echo 'STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf for variable in "${VOLUME_VARIABLE[@]}"; do echo "$variable: 1Gi # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf done diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml index 10603a7c..8b17bc97 100755 --- a/nextcloud-aio-helm-chart/values.yaml +++ b/nextcloud-aio-helm-chart/values.yaml @@ -38,8 +38,8 @@ REMOVE_DISABLED_APPS: yes # Setting this to no keep Nextcloud apps that a TALK_PORT: 3478 # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work! UPDATE_NEXTCLOUD_APPS: no # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays. -STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! -STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones! +STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce). +STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones! APACHE_STORAGE_SIZE: 1Gi # You can change the size of the apache volume that default to 1Gi with this value CLAMAV_STORAGE_SIZE: 1Gi # You can change the size of the clamav volume that default to 1Gi with this value DATABASE_STORAGE_SIZE: 1Gi # You can change the size of the database volume that default to 1Gi with this value From adedd78c34948409525d7dd1d7dfbcd801f9bcfd Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 17 Dec 2025 13:43:32 +0100 Subject: [PATCH 0852/1064] fix typo Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 2 +- nextcloud-aio-helm-chart/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index 39aa7007..f39d3035 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -426,7 +426,7 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf echo "" >> /tmp/sample.conf # shellcheck disable=SC2129 echo 'STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).' >> /tmp/sample.conf -echo 'STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf +echo 'STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWX volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf for variable in "${VOLUME_VARIABLE[@]}"; do echo "$variable: 1Gi # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf done diff --git a/nextcloud-aio-helm-chart/values.yaml b/nextcloud-aio-helm-chart/values.yaml index 8b17bc97..25fb2c92 100755 --- a/nextcloud-aio-helm-chart/values.yaml +++ b/nextcloud-aio-helm-chart/values.yaml @@ -39,7 +39,7 @@ TALK_PORT: 3478 # This allows to adjust the port that the talk containe UPDATE_NEXTCLOUD_APPS: no # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays. STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce). -STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWO volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones! +STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWX volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones! APACHE_STORAGE_SIZE: 1Gi # You can change the size of the apache volume that default to 1Gi with this value CLAMAV_STORAGE_SIZE: 1Gi # You can change the size of the clamav volume that default to 1Gi with this value DATABASE_STORAGE_SIZE: 1Gi # You can change the size of the database volume that default to 1Gi with this value From 748857a495cc13a513674ea3e5a1d4a76de76d35 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 17 Dec 2025 15:11:24 +0100 Subject: [PATCH 0853/1064] onlyoffice: disable background check for editors Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 1 + Containers/nextcloud/run-exec-commands.sh | 5 ----- php/containers.json | 4 ---- 3 files changed, 1 insertion(+), 9 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index d5ca8952..6825f04c 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -831,6 +831,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then fi # Set OnlyOffice configuration + php /var/www/html/occ config:system:set onlyoffice editors_check_interval --value="0" --type=integer php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET" php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET" php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt" diff --git a/Containers/nextcloud/run-exec-commands.sh b/Containers/nextcloud/run-exec-commands.sh index 9ef6ba69..e8066881 100644 --- a/Containers/nextcloud/run-exec-commands.sh +++ b/Containers/nextcloud/run-exec-commands.sh @@ -19,11 +19,6 @@ else echo "Activating Collabora config..." php /var/www/html/occ richdocuments:activate-config fi - # OnlyOffice must work also if using manual-install - if [ "$ONLYOFFICE_ENABLED" = yes ]; then - echo "Activating OnlyOffice config..." - php /var/www/html/occ onlyoffice:documentserver --check - fi fi signal_handler() { diff --git a/php/containers.json b/php/containers.json index d8556184..8c507f91 100644 --- a/php/containers.json +++ b/php/containers.json @@ -723,10 +723,6 @@ "ONLYOFFICE_SECRET" ], "restart": "unless-stopped", - "nextcloud_exec_commands": [ - "echo 'Activating OnlyOffice config...'", - "php /var/www/html/occ onlyoffice:documentserver --check" - ], "profiles": [ "onlyoffice" ], From 7b91fcbbd34c80fde199b0b297769c11c94b75af Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 17 Dec 2025 15:24:28 +0100 Subject: [PATCH 0854/1064] nextcloud: Allow to disable imagick without having to enable it each time Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 1 + Containers/nextcloud/start.sh | 12 +++++------- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 05b3dd0a..f40de2ce 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -93,6 +93,7 @@ RUN set -ex; \ apcu \ memcached \ redis \ + imagick \ ; \ rm -r /tmp/pear; \ \ diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh index 14cb35d1..05ccb8b0 100644 --- a/Containers/nextcloud/start.sh +++ b/Containers/nextcloud/start.sh @@ -86,15 +86,13 @@ fi # Install additional php extensions if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then if ! [ -f "/additional-php-extensions-are-installed" ]; then + # Allow to disable imagick without having to enable it each time + if ! echo "$ADDITIONAL_PHP_EXTENSIONS" | grep -q imagick; then + # Remove the ini file as there is no docker-php-ext-disable script available + rm /usr/local/etc/php/conf.d/docker-php-ext-imagick.ini + fi read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS" for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do - if [ "$app" = imagick ]; then - echo "Enabling Imagick..." - if ! docker-php-ext-enable imagick >/dev/null; then - echo "Could not install PHP extension imagick!" - fi - continue - fi # shellcheck disable=SC2086 if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then echo "Installing PHP build dependencies..." From 3ca5f5b3000799c3012530153b7b9ba4a1c7b648 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Dec 2025 04:16:17 +0000 Subject: [PATCH 0855/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.12.2-scratch to 2.12.3-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.12.3-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index a74fa1ae..f94886cb 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.12.2-scratch AS nats +FROM nats:2.12.3-scratch AS nats FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling FROM alpine:3.22.2 AS janus From 576c6a18bde86af0811b05fef4c6b307a8eedd0f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 18 Dec 2025 09:58:11 +0000 Subject: [PATCH 0856/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 20 insertions(+), 20 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 01453437..16e7a82c 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 12.2.1 +version: 12.3.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index f9fd44e6..6eddefe9 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-apache:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index e07f9bfb..26eda032 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-clamav:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 8f8d6d3c..c0984e1d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -36,9 +36,9 @@ spec: - name: server_name value: "{{ .Values.NC_DOMAIN }}" {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }} - image: ghcr.io/nextcloud-releases/aio-collabora-online:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-collabora-online:20251218_095503 {{- else }} - image: ghcr.io/nextcloud-releases/aio-collabora:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-collabora:20251218_095503 {{- end }} readinessProbe: exec: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 1c6491fc..b7b54647 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-postgresql:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index f40d6ff3..14f19447 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 5906d566..9f0c54c5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-imaginary:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index e95b8b0b..3cbfa2fe 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 command: - chmod - "777" @@ -190,7 +190,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20251218_095503 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index dc33201f..a9822a80 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -57,7 +57,7 @@ spec: value: "6379" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-notify-push:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index d1ae2b35..c8160edd 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 3af2d622..8446167d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-redis:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 9d9c6d80..c28e7335 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-talk:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 58afc7d0..a0d36c08 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20251218_095503 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 410d6ae8..e311f230 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -50,7 +50,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20251210_133359 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20251218_095503 readinessProbe: exec: command: From 638c8e262d3e5a11cf314dd500cb6550628fbe54 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 04:11:37 +0000 Subject: [PATCH 0857/1064] build(deps): bump alpine from 3.22.2 to 3.23.2 in /Containers/alpine Bumps alpine from 3.22.2 to 3.23.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/alpine/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile index 25ac9671..718c5510 100644 --- a/Containers/alpine/Dockerfile +++ b/Containers/alpine/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.2 +FROM alpine:3.23.2 RUN set -ex; \ apk upgrade --no-cache -a From 32c6325ab8b150378f85493c61a7ec37871fc2ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 04:11:43 +0000 Subject: [PATCH 0858/1064] build(deps): bump alpine from 3.22.2 to 3.23.2 in /Containers/borgbackup Bumps alpine from 3.22.2 to 3.23.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/borgbackup/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile index 3d4ce1ce..637d035c 100644 --- a/Containers/borgbackup/Dockerfile +++ b/Containers/borgbackup/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.2 +FROM alpine:3.23.2 RUN set -ex; \ \ From ad92033faf7d03825e6e5474f6fd80eeb82688ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 04:11:46 +0000 Subject: [PATCH 0859/1064] build(deps): bump alpine from 3.22.2 to 3.23.2 in /Containers/clamav Bumps alpine from 3.22.2 to 3.23.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index eab313fd..196b109a 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.2 +FROM alpine:3.23.2 RUN set -ex; \ apk upgrade --no-cache -a; \ From 93aefb05a9f4bd2dda53c9596c4a8ce436d786fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 04:11:54 +0000 Subject: [PATCH 0860/1064] build(deps): bump alpine in /Containers/domaincheck Bumps alpine from 3.22.2 to 3.23.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/domaincheck/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile index c4b340e2..769c24ac 100644 --- a/Containers/domaincheck/Dockerfile +++ b/Containers/domaincheck/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.2 +FROM alpine:3.23.2 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache bash lighttpd netcat-openbsd; \ From 224e4ed91793841615a3f87e3976476871dffc56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 04:12:02 +0000 Subject: [PATCH 0861/1064] build(deps): bump alpine from 3.22.2 to 3.23.2 in /Containers/imaginary Bumps alpine from 3.22.2 to 3.23.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index ea0a70de..79ea1228 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -14,7 +14,7 @@ RUN set -ex; \ build-base; \ go install github.com/h2non/imaginary@"$IMAGINARY_HASH"; -FROM alpine:3.22.2 +FROM alpine:3.23.2 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ From 86328d650977ba91665d6c97b39a5d602ef354a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 04:12:58 +0000 Subject: [PATCH 0862/1064] build(deps): bump alpine in /Containers/notify-push Bumps alpine from 3.22.2 to 3.23.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/notify-push/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile index 812ec840..83b4cab1 100644 --- a/Containers/notify-push/Dockerfile +++ b/Containers/notify-push/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.22.2 +FROM alpine:3.23.2 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From e136b51fc1fa6b1479e6222b12f97c9ca60ca1a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 04:13:19 +0000 Subject: [PATCH 0863/1064] build(deps): bump alpine from 3.22.2 to 3.23.2 in /Containers/talk Bumps alpine from 3.22.2 to 3.23.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index a74fa1ae..fe7d017d 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -2,7 +2,7 @@ FROM nats:2.12.2-scratch AS nats FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling -FROM alpine:3.22.2 AS janus +FROM alpine:3.23.2 AS janus ARG JANUS_VERSION=v1.3.3 WORKDIR /src @@ -35,7 +35,7 @@ RUN set -ex; \ make configs; \ rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample -FROM alpine:3.22.2 +FROM alpine:3.23.2 ENV ETURNAL_ETC_DIR="/conf" ENV SKIP_CERT_VERIFY=false COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local From 667a6ebfad10f461b0cf8b3f20c607bb0d28e36f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Dec 2025 04:13:29 +0000 Subject: [PATCH 0864/1064] build(deps): bump alpine from 3.22.2 to 3.23.2 in /Containers/watchtower Bumps alpine from 3.22.2 to 3.23.2. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 50ba3b7d..14f6c672 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -9,7 +9,7 @@ RUN set -ex; \ build-base; \ go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.5 -FROM alpine:3.22.2 +FROM alpine:3.23.2 RUN set -ex; \ apk upgrade --no-cache -a; \ From 15fa3be6555e0916be19c0a788ed3208aa010022 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 30 Dec 2025 13:46:07 +0100 Subject: [PATCH 0865/1064] Update collabora.yml Signed-off-by: Simon L. --- .github/workflows/collabora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml index 37e974f7..8e464925 100644 --- a/.github/workflows/collabora.yml +++ b/.github/workflows/collabora.yml @@ -14,7 +14,7 @@ jobs: - name: Run collabora-profile-update run: | rm -f php/cool-seccomp-profile.json - wget https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/master/docker/cool-seccomp-profile.json + wget https://raw.githubusercontent.com/CollaboraOnline/online/refs/heads/main/docker/cool-seccomp-profile.json mv cool-seccomp-profile.json php/ - name: Create Pull Request From e8176e15f5076397629bc38c1867070add001a9f Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Wed, 31 Dec 2025 04:22:04 +0000 Subject: [PATCH 0866/1064] Update psalm baseline Signed-off-by: GitHub --- php/psalm-baseline.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index dfff8ba0..8c90cdc8 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,2 +1,2 @@ - + From 093b553354ce412192dc1947a2cd6bf3a6be2dd2 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 31 Dec 2025 12:03:35 +0000 Subject: [PATCH 0867/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 126 ++++++++++++++++++++++++---------------------- 1 file changed, 65 insertions(+), 61 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index d829d29f..ed6667ed 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -333,16 +333,16 @@ }, { "name": "http-interop/http-factory-guzzle", - "version": "1.2.0", + "version": "1.2.1", "source": { "type": "git", "url": "https://github.com/http-interop/http-factory-guzzle.git", - "reference": "8f06e92b95405216b237521cc64c804dd44c4a81" + "reference": "c2c859ceb05c3f42e710b60555f4c35b6a4a3995" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/http-interop/http-factory-guzzle/zipball/8f06e92b95405216b237521cc64c804dd44c4a81", - "reference": "8f06e92b95405216b237521cc64c804dd44c4a81", + "url": "https://api.github.com/repos/http-interop/http-factory-guzzle/zipball/c2c859ceb05c3f42e710b60555f4c35b6a4a3995", + "reference": "c2c859ceb05c3f42e710b60555f4c35b6a4a3995", "shasum": "" }, "require": { @@ -385,9 +385,9 @@ ], "support": { "issues": "https://github.com/http-interop/http-factory-guzzle/issues", - "source": "https://github.com/http-interop/http-factory-guzzle/tree/1.2.0" + "source": "https://github.com/http-interop/http-factory-guzzle/tree/1.2.1" }, - "time": "2021-07-21T13:50:14+00:00" + "time": "2025-12-15T11:28:16+00:00" }, { "name": "laravel/serializable-closure", @@ -1644,16 +1644,16 @@ }, { "name": "twig/twig", - "version": "v3.22.1", + "version": "v3.22.2", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3" + "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/1de2ec1fc43ab58a4b7e80b214b96bfc895750f3", - "reference": "1de2ec1fc43ab58a4b7e80b214b96bfc895750f3", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/946ddeafa3c9f4ce279d1f34051af041db0e16f2", + "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2", "shasum": "" }, "require": { @@ -1707,7 +1707,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.22.1" + "source": "https://github.com/twigphp/Twig/tree/v3.22.2" }, "funding": [ { @@ -1719,7 +1719,7 @@ "type": "tidelift" } ], - "time": "2025-11-16T16:01:12+00:00" + "time": "2025-12-14T11:28:47+00:00" } ], "packages-dev": [ @@ -3455,16 +3455,16 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "5.6.5", + "version": "5.6.6", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761" + "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/90614c73d3800e187615e2dd236ad0e2a01bf761", - "reference": "90614c73d3800e187615e2dd236ad0e2a01bf761", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/5cee1d3dfc2d2aa6599834520911d246f656bcb8", + "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8", "shasum": "" }, "require": { @@ -3474,7 +3474,7 @@ "phpdocumentor/reflection-common": "^2.2", "phpdocumentor/type-resolver": "^1.7", "phpstan/phpdoc-parser": "^1.7|^2.0", - "webmozart/assert": "^1.9.1" + "webmozart/assert": "^1.9.1 || ^2" }, "require-dev": { "mockery/mockery": "~1.3.5 || ~1.6.0", @@ -3513,9 +3513,9 @@ "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "support": { "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues", - "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.5" + "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.6" }, - "time": "2025-11-27T19:50:05+00:00" + "time": "2025-12-22T21:13:58+00:00" }, { "name": "phpdocumentor/type-resolver", @@ -3763,16 +3763,16 @@ }, { "name": "spatie/array-to-xml", - "version": "3.4.3", + "version": "3.4.4", "source": { "type": "git", "url": "https://github.com/spatie/array-to-xml.git", - "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf" + "reference": "88b2f3852a922dd73177a68938f8eb2ec70c7224" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/7b9202dccfe18d4e3a13303156d6bbcc1c61dabf", - "reference": "7b9202dccfe18d4e3a13303156d6bbcc1c61dabf", + "url": "https://api.github.com/repos/spatie/array-to-xml/zipball/88b2f3852a922dd73177a68938f8eb2ec70c7224", + "reference": "88b2f3852a922dd73177a68938f8eb2ec70c7224", "shasum": "" }, "require": { @@ -3815,7 +3815,7 @@ "xml" ], "support": { - "source": "https://github.com/spatie/array-to-xml/tree/3.4.3" + "source": "https://github.com/spatie/array-to-xml/tree/3.4.4" }, "funding": [ { @@ -3827,7 +3827,7 @@ "type": "github" } ], - "time": "2025-11-27T09:08:26+00:00" + "time": "2025-12-15T09:00:41+00:00" }, { "name": "sserbin/twig-linter", @@ -3889,16 +3889,16 @@ }, { "name": "symfony/console", - "version": "v6.4.30", + "version": "v6.4.31", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e" + "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/1b2813049506b39eb3d7e64aff033fd5ca26c97e", - "reference": "1b2813049506b39eb3d7e64aff033fd5ca26c97e", + "url": "https://api.github.com/repos/symfony/console/zipball/f9f8a889f54c264f9abac3fc0f7a371ffca51997", + "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997", "shasum": "" }, "require": { @@ -3963,7 +3963,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.30" + "source": "https://github.com/symfony/console/tree/v6.4.31" }, "funding": [ { @@ -3983,29 +3983,29 @@ "type": "tidelift" } ], - "time": "2025-12-05T13:47:41+00:00" + "time": "2025-12-22T08:30:34+00:00" }, { "name": "symfony/filesystem", - "version": "v7.4.0", + "version": "v8.0.1", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "d551b38811096d0be9c4691d406991b47c0c630a" + "reference": "d937d400b980523dc9ee946bb69972b5e619058d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/d551b38811096d0be9c4691d406991b47c0c630a", - "reference": "d551b38811096d0be9c4691d406991b47c0c630a", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/d937d400b980523dc9ee946bb69972b5e619058d", + "reference": "d937d400b980523dc9ee946bb69972b5e619058d", "shasum": "" }, "require": { - "php": ">=8.2", + "php": ">=8.4", "symfony/polyfill-ctype": "~1.8", "symfony/polyfill-mbstring": "~1.8" }, "require-dev": { - "symfony/process": "^6.4|^7.0|^8.0" + "symfony/process": "^7.4|^8.0" }, "type": "library", "autoload": { @@ -4033,7 +4033,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v7.4.0" + "source": "https://github.com/symfony/filesystem/tree/v8.0.1" }, "funding": [ { @@ -4053,20 +4053,20 @@ "type": "tidelift" } ], - "time": "2025-11-27T13:27:24+00:00" + "time": "2025-12-01T09:13:36+00:00" }, { "name": "symfony/finder", - "version": "v6.4.27", + "version": "v6.4.31", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b" + "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/a1b6aa435d2fba50793b994a839c32b6064f063b", - "reference": "a1b6aa435d2fba50793b994a839c32b6064f063b", + "url": "https://api.github.com/repos/symfony/finder/zipball/5547f2e1f0ca8e2e7abe490156b62da778cfbe2b", + "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b", "shasum": "" }, "require": { @@ -4101,7 +4101,7 @@ "description": "Finds files and directories via an intuitive fluent interface", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/finder/tree/v6.4.27" + "source": "https://github.com/symfony/finder/tree/v6.4.31" }, "funding": [ { @@ -4121,7 +4121,7 @@ "type": "tidelift" } ], - "time": "2025-10-15T18:32:00+00:00" + "time": "2025-12-11T14:52:17+00:00" }, { "name": "symfony/polyfill-intl-grapheme", @@ -4550,16 +4550,16 @@ }, { "name": "vimeo/psalm", - "version": "6.14.2", + "version": "6.14.3", "source": { "type": "git", "url": "https://github.com/vimeo/psalm.git", - "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0" + "reference": "d0b040a91f280f071c1abcb1b77ce3822058725a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/vimeo/psalm/zipball/bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0", - "reference": "bbd217fc98c0daa0a13aea2a7f119d03ba3fc9a0", + "url": "https://api.github.com/repos/vimeo/psalm/zipball/d0b040a91f280f071c1abcb1b77ce3822058725a", + "reference": "d0b040a91f280f071c1abcb1b77ce3822058725a", "shasum": "" }, "require": { @@ -4585,8 +4585,8 @@ "php": "~8.1.31 || ~8.2.27 || ~8.3.16 || ~8.4.3 || ~8.5.0", "sebastian/diff": "^4.0 || ^5.0 || ^6.0 || ^7.0", "spatie/array-to-xml": "^2.17.0 || ^3.0", - "symfony/console": "^6.0 || ^7.0", - "symfony/filesystem": "~6.3.12 || ~6.4.3 || ^7.0.3", + "symfony/console": "^6.0 || ^7.0 || ^8.0", + "symfony/filesystem": "~6.3.12 || ~6.4.3 || ^7.0.3 || ^8.0", "symfony/polyfill-php84": "^1.31.0" }, "provide": { @@ -4608,7 +4608,7 @@ "psalm/plugin-phpunit": "^0.19", "slevomat/coding-standard": "^8.4", "squizlabs/php_codesniffer": "^3.6", - "symfony/process": "^6.0 || ^7.0" + "symfony/process": "^6.0 || ^7.0 || ^8.0" }, "suggest": { "ext-curl": "In order to send data to shepherd", @@ -4664,7 +4664,7 @@ "issues": "https://github.com/vimeo/psalm/issues", "source": "https://github.com/vimeo/psalm" }, - "time": "2025-12-11T08:58:52+00:00" + "time": "2025-12-23T15:36:48+00:00" }, { "name": "wapmorgan/php-deprecation-detector", @@ -4735,23 +4735,23 @@ }, { "name": "webmozart/assert", - "version": "1.12.1", + "version": "2.0.0", "source": { "type": "git", "url": "https://github.com/webmozarts/assert.git", - "reference": "9be6926d8b485f55b9229203f962b51ed377ba68" + "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/webmozarts/assert/zipball/9be6926d8b485f55b9229203f962b51ed377ba68", - "reference": "9be6926d8b485f55b9229203f962b51ed377ba68", + "url": "https://api.github.com/repos/webmozarts/assert/zipball/1b34b004e35a164bc5bb6ebd33c844b2d8069a54", + "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54", "shasum": "" }, "require": { "ext-ctype": "*", "ext-date": "*", "ext-filter": "*", - "php": "^7.2 || ^8.0" + "php": "^8.2" }, "suggest": { "ext-intl": "", @@ -4761,7 +4761,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.10-dev" + "dev-feature/2-0": "2.0-dev" } }, "autoload": { @@ -4777,6 +4777,10 @@ { "name": "Bernhard Schussek", "email": "bschussek@gmail.com" + }, + { + "name": "Woody Gilk", + "email": "woody.gilk@gmail.com" } ], "description": "Assertions to validate method input/output with nice error messages.", @@ -4787,9 +4791,9 @@ ], "support": { "issues": "https://github.com/webmozarts/assert/issues", - "source": "https://github.com/webmozarts/assert/tree/1.12.1" + "source": "https://github.com/webmozarts/assert/tree/2.0.0" }, - "time": "2025-10-29T15:56:20+00:00" + "time": "2025-12-16T21:36:00+00:00" } ], "aliases": [], From 68400eafde480f2856ab9a0eecb0c6d9754b1027 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 31 Dec 2025 12:11:32 +0000 Subject: [PATCH 0868/1064] watchtower-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/watchtower/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 50ba3b7d..93f91252 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,13 +1,13 @@ # syntax=docker/dockerfile:latest FROM golang:1.25.5-alpine3.22 AS go -ENV WATCHTOWER_COMMIT_HASH=1ee8747544ce9a49711d9314f1690b30c29e6a8c +ENV WATCHTOWER_COMMIT_HASH=f6a7b29c312bec5f389a4fb52259919f0678800b RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ build-base; \ - go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.12.5 + go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.13.1 FROM alpine:3.22.2 From 5b360e96ac7d132a5d9a0db33b9319ca8440f4c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jan 2026 04:13:30 +0000 Subject: [PATCH 0869/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.1.2-cli to 29.1.3-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.1.3-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index ebf8b27d..253394de 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.1.2-cli AS docker +FROM docker:29.1.3-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From 6a356b5390939c68b76707c85d26b6c7aa44b12b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 5 Jan 2026 09:46:10 +0100 Subject: [PATCH 0870/1064] rp-docs: traefik: encode `%` Signed-off-by: Simon L. --- reverse-proxy.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 14e7aaaf..50a6bccd 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -871,10 +871,11 @@ The examples below define the dynamic configuration in YAML files. If you rather respondingTimeouts: readTimeout: 24h # Allows uploads > 100MB; prevents connection reset due to chunking (public upload-only links) http: - # Required for Nextcloud to correctly handle encoded URL characters (%2F and %3F in this case) in newer Traefik versions (v3.6.4+). + # Required for Nextcloud to correctly handle encoded URL characters (%2F, %3F and %25 in this case) in newer Traefik versions (v3.6.4+). encodedCharacters: allowEncodedSlash: true allowEncodedQuestionMark: true + allowEncodedPercent: true # If you want to enable HTTP/3 support, uncomment the line below # http3: {} From cea609d746345a5191b105b58799610be1effe5b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 5 Jan 2026 09:53:30 +0100 Subject: [PATCH 0871/1064] update OO Signed-off-by: Simon L. --- Containers/onlyoffice/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index c2b94d8c..d028ccbc 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile -FROM onlyoffice/documentserver:9.2.0.1 +FROM onlyoffice/documentserver:9.2.1.1 # USER root is probably used From 06cdd8eca1dda533978e0ff69fd9b4e6501393f7 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 5 Jan 2026 09:57:39 +0100 Subject: [PATCH 0872/1064] update remaining dependencies to alpine 3.23 Signed-off-by: Simon L. --- Containers/apache/Dockerfile | 2 +- Containers/imaginary/Dockerfile | 4 ++-- Containers/mastercontainer/Dockerfile | 4 ++-- Containers/nextcloud/Dockerfile | 2 +- Containers/postgresql/Dockerfile | 2 +- Containers/talk-recording/Dockerfile | 2 +- Containers/watchtower/Dockerfile | 2 +- readme.md | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index c844c364..0948fb25 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -2,7 +2,7 @@ FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile -FROM httpd:2.4.66-alpine3.22 +FROM httpd:2.4.66-alpine3.23 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 79ea1228..319325b1 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.5-alpine3.22 AS go +FROM golang:1.25.5-alpine3.23 AS go -ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee +ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee RUN set -ex; \ apk upgrade --no-cache -a; \ diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 253394de..e10895e8 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -5,8 +5,8 @@ FROM docker:29.1.3-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy -# From https://github.com/docker-library/php/blob/master/8.4/alpine3.22/fpm/Dockerfile -FROM php:8.4.15-fpm-alpine3.22 +# From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile +FROM php:8.4.15-fpm-alpine3.23 EXPOSE 80 EXPOSE 8080 diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 05b3dd0a..578e7165 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.28-fpm-alpine3.22 +FROM php:8.3.28-fpm-alpine3.23 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index 4da6a372..725b8042 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -# From https://github.com/docker-library/postgres/blob/master/17/alpine3.22/Dockerfile +# From https://github.com/docker-library/postgres/blob/master/17/alpine3.23/Dockerfile FROM postgres:17.7-alpine COPY --chmod=775 start.sh /start.sh diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index beeb517e..65af7db4 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM python:3.14.2-alpine3.22 +FROM python:3.14.2-alpine3.23 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 14f6c672..fcf4678a 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.5-alpine3.22 AS go +FROM golang:1.25.5-alpine3.23 AS go ENV WATCHTOWER_COMMIT_HASH=1ee8747544ce9a49711d9314f1690b30c29e6a8c diff --git a/readme.md b/readme.md index fc46b3fb..bcbf7d57 100644 --- a/readme.md +++ b/readme.md @@ -504,7 +504,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st ### How to add OS packages permanently to the Nextcloud container? Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. -You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.22. By default `imagemagick` is added. If you want to keep it, you need to specify it as well. +You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.23. By default `imagemagick` is added. If you want to keep it, you need to specify it as well. ### How to add PHP extensions permanently to the Nextcloud container? Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. From 8a184fdce00484107cebc9442e3741bad4c2a3e0 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 5 Jan 2026 12:03:44 +0000 Subject: [PATCH 0873/1064] imaginary-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 319325b1..11250a43 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM golang:1.25.5-alpine3.23 AS go -ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee +ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee RUN set -ex; \ apk upgrade --no-cache -a; \ From 84c581b8bf1d08a5a89b8efd36d372f5fec791ec Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 5 Jan 2026 15:43:17 +0100 Subject: [PATCH 0874/1064] notify-push & whiteboard: URL-encode passwords Signed-off-by: Simon L. --- Containers/notify-push/Dockerfile | 1 + Containers/notify-push/start.sh | 4 ++++ Containers/whiteboard/Dockerfile | 2 +- Containers/whiteboard/start.sh | 3 +++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile index 83b4cab1..029c93f2 100644 --- a/Containers/notify-push/Dockerfile +++ b/Containers/notify-push/Dockerfile @@ -11,6 +11,7 @@ RUN set -ex; \ netcat-openbsd \ tzdata \ bash \ + jq \ openssl; \ # Give root a random password echo "root:$(openssl rand -base64 12)" | chpasswd; \ diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index 4f07907b..26d74333 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -70,6 +70,10 @@ if [ "$POSTGRES_USER" = nextcloud ]; then export POSTGRES_USER fi +# URL-encode passwords +POSTGRES_PASSWORD="$(jq -rn --arg v "$POSTGRES_PASSWORD" '$v|@uri')" +REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')" + # Postgres root cert if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/ca-bundle.crt" diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index e2f40160..f6b8cc7d 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -4,7 +4,7 @@ FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.0 USER root RUN set -ex; \ - apk add --no-cache bash; \ + apk add --no-cache bash jq; \ chmod 777 -R /tmp; \ if [ -f /usr/lib/chromium/chrome_crashpad_handler ] && [ ! -f /usr/lib/chromium/chrome_crashpad_handler.real ]; then \ mv /usr/lib/chromium/chrome_crashpad_handler /usr/lib/chromium/chrome_crashpad_handler.real; \ diff --git a/Containers/whiteboard/start.sh b/Containers/whiteboard/start.sh index 8975e0c6..e0babd7f 100644 --- a/Containers/whiteboard/start.sh +++ b/Containers/whiteboard/start.sh @@ -11,6 +11,9 @@ if [ -z "$REDIS_DB_INDEX" ]; then REDIS_DB_INDEX=0 fi +# URL-encode password +REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')" + export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX" # Run it From 9da86241d4e96f5486f26c2d1243f8874c234d1b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jan 2026 04:18:07 +0000 Subject: [PATCH 0875/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.3.0-alpine to 3.3.1-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.3.1-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index ed2e9e2d..796c855a 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.3.0-alpine +FROM haproxy:3.3.1-alpine # hadolint ignore=DL3002 USER root From d178e12ae4df07a08d198fbc60f820aba58a513b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jan 2026 04:18:11 +0000 Subject: [PATCH 0876/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.8 to 8.19.9. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 6e739095..7975bcbb 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.8 +FROM elasticsearch:8.19.9 USER root From 5718c1e7edc5673b5adfbf657ca20ca00ae2af44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jan 2026 04:18:39 +0000 Subject: [PATCH 0877/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.4.15-fpm-alpine3.23 to 8.4.16-fpm-alpine3.23. --- updated-dependencies: - dependency-name: php dependency-version: 8.4.16-fpm-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index e10895e8..c5b91b7d 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:29.1.3-cli AS docker FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile -FROM php:8.4.15-fpm-alpine3.23 +FROM php:8.4.16-fpm-alpine3.23 EXPOSE 80 EXPOSE 8080 From 7a623fb12038ac1f0083359102f16c9a99f2bb62 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Jan 2026 04:19:00 +0000 Subject: [PATCH 0878/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.28-fpm-alpine3.23 to 8.3.29-fpm-alpine3.23. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.29-fpm-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 3ee04ae3..6b6be7f8 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.28-fpm-alpine3.23 +FROM php:8.3.29-fpm-alpine3.23 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From e2b425bcda4956b7d9b1e1e01667d9ddd3ba1a96 Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Tue, 6 Jan 2026 04:23:38 +0000 Subject: [PATCH 0879/1064] Update psalm baseline Signed-off-by: GitHub --- php/psalm-baseline.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/psalm-baseline.xml b/php/psalm-baseline.xml index 8c90cdc8..a9b7140d 100644 --- a/php/psalm-baseline.xml +++ b/php/psalm-baseline.xml @@ -1,2 +1,2 @@ - + From 1f6871ff5cc4dce028b71dd164d982d058376826 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Wed, 7 Jan 2026 12:03:32 +0100 Subject: [PATCH 0880/1064] Fix typo in variable throughout the code base Signed-off-by: Pablo Zmdl --- php/public/index.php | 22 ++++----- php/src/Cron/BackupNotification.php | 66 +++++++++++++-------------- php/src/Cron/CheckFreeDiskSpace.php | 6 +-- php/src/Cron/OutdatedNotification.php | 8 ++-- php/src/Cron/UpdateNotification.php | 12 ++--- 5 files changed, 57 insertions(+), 57 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index c49629bd..b57f65a5 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -77,11 +77,11 @@ $app->get('/containers', function (Request $request, Response $response, array $ $view->addExtension(new \AIO\Twig\ClassExtension()); /** @var \AIO\Data\ConfigurationManager $configurationManager */ $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class); - /** @var \AIO\Docker\DockerActionManager $dockerActionManger */ - $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class); + /** @var \AIO\Docker\DockerActionManager $dockerActionManager */ + $dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class); /** @var \AIO\Controller\DockerController $dockerController */ $dockerController = $container->get(\AIO\Controller\DockerController::class); - $dockerActionManger->ConnectMasterContainerToNetwork(); + $dockerActionManager->ConnectMasterContainerToNetwork(); $dockerController->StartDomaincheckContainer(); // Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image. @@ -99,17 +99,17 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'), 'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(), 'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'), - 'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManger->IsMastercontainerUpdateAvailable() ), + 'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManager->IsMastercontainerUpdateAvailable() ), 'has_backup_run_once' => $configurationManager->hasBackupRunOnce(), - 'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(), - 'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(), + 'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(), + 'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(), 'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(), 'borg_backup_mode' => $configurationManager->GetBackupMode(), 'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(), - 'has_update_available' => $dockerActionManger->isAnyUpdateAvailable(), + 'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(), 'last_backup_time' => $configurationManager->GetLastBackupTime(), 'backup_times' => $configurationManager->GetBackupTimes(), - 'current_channel' => $dockerActionManger->GetCurrentChannel(), + 'current_channel' => $dockerActionManager->GetCurrentChannel(), 'is_clamav_enabled' => $configurationManager->isClamavEnabled(), 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(), 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(), @@ -144,10 +144,10 @@ $app->get('/containers', function (Request $request, Response $response, array $ })->setName('profile'); $app->get('/login', function (Request $request, Response $response, array $args) use ($container) { $view = Twig::fromRequest($request); - /** @var \AIO\Docker\DockerActionManager $dockerActionManger */ - $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class); + /** @var \AIO\Docker\DockerActionManager $dockerActionManager */ + $dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class); return $view->render($response, 'login.twig', [ - 'is_login_allowed' => $dockerActionManger->isLoginAllowed(), + 'is_login_allowed' => $dockerActionManager->isLoginAllowed(), ]); }); $app->get('/setup', function (Request $request, Response $response, array $args) use ($container) { diff --git a/php/src/Cron/BackupNotification.php b/php/src/Cron/BackupNotification.php index 17da93b2..6fbab65f 100644 --- a/php/src/Cron/BackupNotification.php +++ b/php/src/Cron/BackupNotification.php @@ -1,33 +1,33 @@ -get(\AIO\Docker\DockerActionManager::class); -/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */ -$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class); - -$id = 'nextcloud-aio-nextcloud'; -$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id); - -$backupExitCode = $dockerActionManger->GetBackupcontainerExitCode(); - -if ($backupExitCode === 0) { - if (getenv('SEND_SUCCESS_NOTIFICATIONS') === "0") { - error_log("Daily backup successful! Only logging successful backup and not sending backup notification since that has been disabled! You can get further info by looking at the backup logs in the AIO interface."); - } else { - $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup successful!', 'You can get further info by looking at the backup logs in the AIO interface.'); - } -} - -if ($backupExitCode > 0) { - $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup failed!', 'You can get further info by looking at the backup logs in the AIO interface.'); -} +get(\AIO\Docker\DockerActionManager::class); +/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */ +$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class); + +$id = 'nextcloud-aio-nextcloud'; +$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id); + +$backupExitCode = $dockerActionManager->GetBackupcontainerExitCode(); + +if ($backupExitCode === 0) { + if (getenv('SEND_SUCCESS_NOTIFICATIONS') === "0") { + error_log("Daily backup successful! Only logging successful backup and not sending backup notification since that has been disabled! You can get further info by looking at the backup logs in the AIO interface."); + } else { + $dockerActionManager->sendNotification($nextcloudContainer, 'Daily backup successful!', 'You can get further info by looking at the backup logs in the AIO interface.'); + } +} + +if ($backupExitCode > 0) { + $dockerActionManager->sendNotification($nextcloudContainer, 'Daily backup failed!', 'You can get further info by looking at the backup logs in the AIO interface.'); +} diff --git a/php/src/Cron/CheckFreeDiskSpace.php b/php/src/Cron/CheckFreeDiskSpace.php index b462195e..1b5d2d64 100644 --- a/php/src/Cron/CheckFreeDiskSpace.php +++ b/php/src/Cron/CheckFreeDiskSpace.php @@ -11,8 +11,8 @@ require __DIR__ . '/../../vendor/autoload.php'; $container = \AIO\DependencyInjection::GetContainer(); -/** @var \AIO\Docker\DockerActionManager $dockerActionManger */ -$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class); +/** @var \AIO\Docker\DockerActionManager $dockerActionManager */ +$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class); /** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */ $containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class); @@ -22,5 +22,5 @@ $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id); $df = disk_free_space(DataConst::GetDataDirectory()); if ($df !== false && (int)$df < 1024 * 1024 * 1024 * 5) { error_log("The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!"); - $dockerActionManger->sendNotification($nextcloudContainer, 'Low on space!', 'The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!'); + $dockerActionManager->sendNotification($nextcloudContainer, 'Low on space!', 'The drive that hosts the mastercontainer volume has less than 5 GB free space. Container updates and backups might not succeed due to that!'); } diff --git a/php/src/Cron/OutdatedNotification.php b/php/src/Cron/OutdatedNotification.php index e652ba3a..628f0924 100644 --- a/php/src/Cron/OutdatedNotification.php +++ b/php/src/Cron/OutdatedNotification.php @@ -10,17 +10,17 @@ require __DIR__ . '/../../vendor/autoload.php'; $container = \AIO\DependencyInjection::GetContainer(); -/** @var \AIO\Docker\DockerActionManager $dockerActionManger */ -$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class); +/** @var \AIO\Docker\DockerActionManager $dockerActionManager */ +$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class); /** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */ $containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class); $id = 'nextcloud-aio-nextcloud'; $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id); -$isNextcloudImageOutdated = $dockerActionManger->isNextcloudImageOutdated(); +$isNextcloudImageOutdated = $dockerActionManager->isNextcloudImageOutdated(); if ($isNextcloudImageOutdated === true) { - $dockerActionManger->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh'); + $dockerActionManager->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh'); } diff --git a/php/src/Cron/UpdateNotification.php b/php/src/Cron/UpdateNotification.php index e1d57f6a..2c12e2f4 100644 --- a/php/src/Cron/UpdateNotification.php +++ b/php/src/Cron/UpdateNotification.php @@ -10,21 +10,21 @@ require __DIR__ . '/../../vendor/autoload.php'; $container = \AIO\DependencyInjection::GetContainer(); -/** @var \AIO\Docker\DockerActionManager $dockerActionManger */ -$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class); +/** @var \AIO\Docker\DockerActionManager $dockerActionManager */ +$dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class); /** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */ $containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class); $id = 'nextcloud-aio-nextcloud'; $nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id); -$isMastercontainerUpdateAvailable = $dockerActionManger->IsMastercontainerUpdateAvailable(); -$isAnyUpdateAvailable = $dockerActionManger->isAnyUpdateAvailable(); +$isMastercontainerUpdateAvailable = $dockerActionManager->IsMastercontainerUpdateAvailable(); +$isAnyUpdateAvailable = $dockerActionManager->isAnyUpdateAvailable(); if ($isMastercontainerUpdateAvailable === true) { - $dockerActionManger->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your AIO interface to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates the mastercontainer.'); + $dockerActionManager->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your AIO interface to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates the mastercontainer.'); } if ($isAnyUpdateAvailable === true) { - $dockerActionManger->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your AIO interface to update them. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates your containers and your Nextcloud apps.'); + $dockerActionManager->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your AIO interface to update them. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates your containers and your Nextcloud apps.'); } From 05d0ea928276819ac71293f9ace4f98a354ab1b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Jan 2026 12:26:14 +0000 Subject: [PATCH 0881/1064] build(deps): bump astral-sh/setup-uv in /.github/workflows Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.6 to 7.2.0. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/681c641aba71e4a1c380be3ab5e12ad51f415867...61cb8a9741eeb8a550a1b8544337180c0fc8476b) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-yaml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index 9b5710cb..3bb1d33f 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -36,7 +36,7 @@ jobs: line-length: warning - name: Install the latest version of uv - uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 + uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 - name: Check GitHub actions run: uvx zizmor --min-severity medium .github/workflows/*.yml From 13b885928b2f9fe695575b47cf00edfa1b5c094e Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 7 Jan 2026 13:52:42 +0100 Subject: [PATCH 0882/1064] fix zizmor config Signed-off-by: Simon L. --- zizmor.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/zizmor.yml b/zizmor.yml index afc373cb..a991eaa5 100644 --- a/zizmor.yml +++ b/zizmor.yml @@ -4,3 +4,7 @@ rules: dangerous-triggers: ignore: - build_images.yml + unpinned-uses: + config: + policies: + actions/*: ref-pin From 4253308781bf227d46d2283473d567e002f3b683 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 7 Jan 2026 17:27:28 +0100 Subject: [PATCH 0883/1064] increase to v12.4.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 4e25dcf3..c318e8a6 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
    -

    Nextcloud AIO v12.3.0

    +

    Nextcloud AIO v12.4.0

    {# Add 2nd tab warning #} From 2ce06a49c711a7e401385f0696752b6b2a473fdf Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 7 Jan 2026 18:01:30 +0100 Subject: [PATCH 0884/1064] fix bug with imagick Signed-off-by: Simon L. --- Containers/nextcloud/start.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh index 05ccb8b0..a5f38534 100644 --- a/Containers/nextcloud/start.sh +++ b/Containers/nextcloud/start.sh @@ -93,6 +93,10 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then fi read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS" for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do + if [ "$app" = imagick ]; then + # imagick is already enabled by default, so does not need to be enabled anymore. + continue + fi # shellcheck disable=SC2086 if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then echo "Installing PHP build dependencies..." From a83c4e2ed1716acd5b7635063f7377e1cd52ac23 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 8 Jan 2026 15:25:23 +0100 Subject: [PATCH 0885/1064] nextcloud-entrypoint: remove custom logic for ldap.conf again as it does not work Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 6825f04c..43432e6d 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -65,14 +65,6 @@ if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then done - # Custom logic for ldap conf - if ! grep -q "TLS_" /etc/openldap/ldap.conf; then - cat << EOL >> /etc/openldap/ldap.conf -TLS_CACERT $CERTIFICATE_BUNDLE -TLS_REQCERT try -EOL - fi - # Backwards compatibility with older instances if [ -f "/var/www/html/config/postgres.config.php" ]; then sed -i "s|/var/www/html/data/certificates/POSTGRES|/var/www/html/data/certificates/ca-bundle.crt|" /var/www/html/config/postgres.config.php From 6200327a778321afab206a38be20cd6ab088d90a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 8 Jan 2026 16:15:51 +0100 Subject: [PATCH 0886/1064] add two further commands to the bug-report template Signed-off-by: Simon L. --- .github/ISSUE_TEMPLATE/Bug_report.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md index ec25fc4a..5d6cc059 100644 --- a/.github/ISSUE_TEMPLATE/Bug_report.md +++ b/.github/ISSUE_TEMPLATE/Bug_report.md @@ -32,6 +32,10 @@ labels: 0. Needs triage #### Output of `sudo docker logs nextcloud-aio-mastercontainer` +#### Output of `sudo docker inspect nextcloud-aio-mastercontainer` + +#### Output of `sudo docker ps -a` + #### Other valuable info #### A picture of a cute animal From 71550aeeccf9a010f9bb4fa59ab1baf366a9be88 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 8 Jan 2026 12:41:42 +0100 Subject: [PATCH 0887/1064] run playwright tests also on push Signed-off-by: Simon L. --- .github/workflows/playwright-on-push.yml | 123 ++++++++++++++++++ ...ml => playwright-on-workflow-dispatch.yml} | 0 2 files changed, 123 insertions(+) create mode 100644 .github/workflows/playwright-on-push.yml rename .github/workflows/{playwright.yml => playwright-on-workflow-dispatch.yml} (100%) diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml new file mode 100644 index 00000000..af8dec02 --- /dev/null +++ b/.github/workflows/playwright-on-push.yml @@ -0,0 +1,123 @@ +name: Playwright Tests on push + +on: + pull_request: + paths: + - 'php/**' + push: + branches: + - main + paths: + - 'php/**' + +concurrency: + group: playwright-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +env: + BASE_URL: https://localhost:8080 + +jobs: + test: + timeout-minutes: 60 + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v6.0.1 + + - uses: actions/setup-node@v6 + with: + node-version: lts/* + + - name: Install dependencies + run: cd php/tests && npm ci + + - name: Install Playwright Browsers + run: cd php/tests && npx playwright install --with-deps chromium + + - name: Set up php 8.4 + uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0 + with: + extensions: apcu + php-version: 8.4 + coverage: none + ini-file: development + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Adjust some things and fix permissions + run: | + cd php + rm -r ./data + rm -r ./session + composer install --no-dev + composer clear-cache + sudo chmod 777 -R ./ + + - name: Start fresh development server + run: | + docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true + docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true + docker pull ghcr.io/nextcloud-releases/all-in-one:develop + docker run \ + -d \ + --init \ + --name nextcloud-aio-mastercontainer \ + --restart always \ + --publish 8080:8080 \ + --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ + --volume ./php:/var/www/docker-aio/php \ + --volume /var/run/docker.sock:/var/run/docker.sock:ro \ + --env SKIP_DOMAIN_VALIDATION=true \ + --env APACHE_PORT=11000 \ + ghcr.io/nextcloud-releases/all-in-one:develop + echo Waiting for 10 seconds for the development container to start ... + sleep 10 + + - name: Run Playwright tests for initial setup + run: | + cd php/tests + export DEBUG=pw:api + if ! npx playwright test tests/initial-setup.spec.js; then + docker logs nextcloud-aio-mastercontainer + docker logs nextcloud-aio-borgbackup + exit 1 + fi + + - name: Start fresh development server + run: | + docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true + docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true + docker run \ + -d \ + --init \ + --name nextcloud-aio-mastercontainer \ + --restart always \ + --publish 8080:8080 \ + --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ + --volume ./php:/var/www/docker-aio/php \ + --volume /var/run/docker.sock:/var/run/docker.sock:ro \ + --env SKIP_DOMAIN_VALIDATION=false \ + --env APACHE_PORT=11000 \ + ghcr.io/nextcloud-releases/all-in-one:develop + echo Waiting for 10 seconds for the development container to start ... + sleep 10 + + - name: Run Playwright tests for backup restore + run: | + cd php/tests + export DEBUG=pw:api + if ! npx playwright test tests/restore-instance.spec.js; then + docker logs nextcloud-aio-mastercontainer + docker logs nextcloud-aio-borgbackup + exit 1 + fi + + - uses: actions/upload-artifact@v6 + if: ${{ !cancelled() }} + with: + name: playwright-report + path: php/tests/playwright-report/ + retention-days: 14 + overwrite: true diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright-on-workflow-dispatch.yml similarity index 100% rename from .github/workflows/playwright.yml rename to .github/workflows/playwright-on-workflow-dispatch.yml From cdd21ae1ff62f02992670677cd4b7aecc2f49107 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Sat, 10 Jan 2026 15:07:08 +0100 Subject: [PATCH 0888/1064] refactor: change private properties to public in Container class and update related methods Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- php/src/Container/Container.php | 148 ++++-------------- php/src/ContainerDefinitionFetcher.php | 2 +- php/src/Controller/DockerController.php | 6 +- php/src/Docker/DockerActionManager.php | 112 ++++++------- php/templates/components/container-state.twig | 18 +-- php/templates/containers.twig | 12 +- 6 files changed, 105 insertions(+), 193 deletions(-) diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php index baee1c00..6e5d2b54 100644 --- a/php/src/Container/Container.php +++ b/php/src/Container/Container.php @@ -5,121 +5,56 @@ namespace AIO\Container; use AIO\Data\ConfigurationManager; use AIO\Docker\DockerActionManager; use AIO\ContainerDefinitionFetcher; +use JsonException; readonly class Container { public function __construct( - private string $identifier, - private string $displayName, - private string $containerName, - private string $restartPolicy, - private int $maxShutdownTime, - private ContainerPorts $ports, - private string $internalPorts, - private ContainerVolumes $volumes, - private ContainerEnvironmentVariables $containerEnvironmentVariables, + public string $identifier, + public string $displayName, + public string $containerName, + public string $restartPolicy, + public int $maxShutdownTime, + public ContainerPorts $ports, + public string $internalPorts, + public ContainerVolumes $volumes, + public ContainerEnvironmentVariables $containerEnvironmentVariables, /** @var string[] */ - private array $dependsOn, + public array $dependsOn, private string $uiSecret, /** @var string[] */ - private array $devices, - private bool $enableNvidiaGpu, + public array $devices, + public bool $enableNvidiaGpu, /** @var string[] */ - private array $capAdd, - private int $shmSize, - private bool $apparmorUnconfined, + public array $capAdd, + public int $shmSize, + public bool $apparmorUnconfined, /** @var string[] */ - private array $backupVolumes, - private array $nextcloudExecCommands, - private bool $readOnlyRootFs, - private array $tmpfs, - private bool $init, - private string $imageTag, - private AioVariables $aioVariables, - private string $documentation, + public array $backupVolumes, + public array $nextcloudExecCommands, + public bool $readOnlyRootFs, + public array $tmpfs, + public bool $init, + public string $imageTag, + public AioVariables $aioVariables, + public string $documentation, private DockerActionManager $dockerActionManager ) { } - public function GetIdentifier() : string { - return $this->identifier; - } - - public function GetDisplayName() : string { - return $this->displayName; - } - - public function GetContainerName() : string { - return $this->containerName; - } - - public function GetRestartPolicy() : string { - return $this->restartPolicy; - } - - public function GetImageTag() : string { - return $this->imageTag; - } - - public function GetReadOnlySetting() : bool { - return $this->readOnlyRootFs; - } - - public function GetInit() : bool { - return $this->init; - } - - public function GetShmSize() : int { - return $this->shmSize; - } - - public function isApparmorUnconfined() : bool { - return $this->apparmorUnconfined; - } - - public function GetMaxShutdownTime() : int { - return $this->maxShutdownTime; - } - public function GetUiSecret() : string { return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret); } - public function GetTmpfs() : array { - return $this->tmpfs; - } - - public function GetDevices() : array { - return $this->devices; - } - - public function isNvidiaGpuEnabled() : bool { - return $this->enableNvidiaGpu; - } - - public function GetCapAdds() : array { - return $this->capAdd; - } - - public function GetBackupVolumes() : array { - return $this->backupVolumes; - } - - public function GetPorts() : ContainerPorts { - return $this->ports; - } - - public function GetInternalPort() : string { - return $this->internalPorts; - } - - public function GetVolumes() : ContainerVolumes { - return $this->volumes; - } - + /** + * @throws JsonException + */ public function GetRunningState() : ContainerState { return $this->dockerActionManager->GetContainerRunningState($this); } + /** + * @throws JsonException + */ public function GetRestartingState() : ContainerState { return $this->dockerActionManager->GetContainerRestartingState($this); } @@ -131,27 +66,4 @@ readonly class Container { public function GetStartingState() : ContainerState { return $this->dockerActionManager->GetContainerStartingState($this); } - - /** - * @return string[] - */ - public function GetDependsOn() : array { - return $this->dependsOn; - } - - public function GetNextcloudExecCommands() : array { - return $this->nextcloudExecCommands; - } - - public function GetEnvironmentVariables() : ContainerEnvironmentVariables { - return $this->containerEnvironmentVariables; - } - - public function GetAioVariables() : AioVariables { - return $this->aioVariables; - } - - public function GetDocumentation() : string { - return $this->documentation; - } } diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 7b092e45..d7498047 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -25,7 +25,7 @@ readonly class ContainerDefinitionFetcher { $containers = $this->FetchDefinition(); foreach ($containers as $container) { - if ($container->GetIdentifier() === $id) { + if ($container->identifier === $id) { return $container; } } diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 27a06bc8..a924e61f 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -23,7 +23,7 @@ readonly class DockerController { $container = $this->containerDefinitionFetcher->GetContainerById($id); // Start all dependencies first and then itself - foreach($container->GetDependsOn() as $dependency) { + foreach($container->dependsOn as $dependency) { $this->PerformRecursiveContainerStart($dependency, $pullImage); } @@ -46,7 +46,7 @@ readonly class DockerController { $container = $this->containerDefinitionFetcher->GetContainerById($id); // Pull all dependencies first and then itself - foreach($container->GetDependsOn() as $dependency) { + foreach($container->dependsOn as $dependency) { $this->PerformRecursiveImagePull($dependency); } @@ -255,7 +255,7 @@ readonly class DockerController { // We want to stop the Nextcloud container after 10s and not wait for the configured stop_grace_period $this->dockerActionManager->StopContainer($container, $forceStopNextcloud); } - foreach($container->GetDependsOn() as $dependency) { + foreach($container->dependsOn as $dependency) { $this->PerformRecursiveContainerStop($dependency, $forceStopNextcloud); } } diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 9e8a8ff2..529af1fe 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -36,15 +36,15 @@ readonly class DockerActionManager { } private function BuildImageName(Container $container): string { - $tag = $container->GetImageTag(); + $tag = $container->imageTag; if ($tag === '%AIO_CHANNEL%') { $tag = $this->GetCurrentChannel(); } - return $container->GetContainerName() . ':' . $tag; + return $container->containerName . ':' . $tag; } public function GetContainerRunningState(Container $container): ContainerState { - $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier()))); + $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier))); try { $response = $this->guzzleClient->get($url); } catch (RequestException $e) { @@ -64,7 +64,7 @@ readonly class DockerActionManager { } public function GetContainerRestartingState(Container $container): ContainerState { - $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier()))); + $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier))); try { $response = $this->guzzleClient->get($url); } catch (RequestException $e) { @@ -84,16 +84,16 @@ readonly class DockerActionManager { } public function GetContainerUpdateState(Container $container): VersionState { - $tag = $container->GetImageTag(); + $tag = $container->imageTag; if ($tag === '%AIO_CHANNEL%') { $tag = $this->GetCurrentChannel(); } - $runningDigests = $this->GetRepoDigestsOfContainer($container->GetIdentifier()); + $runningDigests = $this->GetRepoDigestsOfContainer($container->identifier); if ($runningDigests === null) { return VersionState::Different; } - $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag); + $remoteDigest = $this->GetLatestDigestOfTag($container->containerName, $tag); if ($remoteDigest === null) { return VersionState::Equal; } @@ -112,8 +112,8 @@ readonly class DockerActionManager { return $runningState; } - $containerName = $container->GetIdentifier(); - $internalPort = $container->GetInternalPort(); + $containerName = $container->identifier; + $internalPort = $container->internalPorts; if ($internalPort === '%APACHE_PORT%') { $internalPort = $this->configurationManager->GetApachePort(); } elseif ($internalPort === '%TALK_PORT%') { @@ -134,7 +134,7 @@ readonly class DockerActionManager { } public function DeleteContainer(Container $container): void { - $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->GetIdentifier()))); + $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->identifier))); try { $this->guzzleClient->delete($url); } catch (RequestException $e) { @@ -166,17 +166,17 @@ readonly class DockerActionManager { } public function StartContainer(Container $container): void { - $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->GetIdentifier()))); + $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->identifier))); try { $this->guzzleClient->post($url); } catch (RequestException $e) { - throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents()); + throw new \Exception("Could not start container " . $container->identifier . ": " . $e->getResponse()?->getBody()->getContents()); } } public function CreateVolumes(Container $container): void { $url = $this->BuildApiUrl('volumes/create'); - foreach ($container->GetVolumes()->GetVolumes() as $volume) { + foreach ($container->volumes->GetVolumes() as $volume) { $forbiddenChars = [ '/', ]; @@ -202,9 +202,9 @@ readonly class DockerActionManager { public function CreateContainer(Container $container): void { $volumes = []; - foreach ($container->GetVolumes()->GetVolumes() as $volume) { + foreach ($container->volumes->GetVolumes() as $volume) { // // NEXTCLOUD_MOUNT gets added via bind-mount later on - // if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') { + // if ($container->identifier === 'nextcloud-aio-nextcloud') { // if ($volume->name === $this->configurationManager->GetNextcloudMount()) { // continue; // } @@ -228,7 +228,7 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Binds'] = $volumes; } - $aioVariables = $container->GetAioVariables()->GetVariables(); + $aioVariables = $container->aioVariables->GetVariables(); foreach ($aioVariables as $variable) { $config = $this->configurationManager->GetConfig(); $variable = $this->replaceEnvPlaceholders($variable); @@ -238,9 +238,9 @@ readonly class DockerActionManager { sleep(1); } - $envs = $container->GetEnvironmentVariables()->GetVariables(); + $envs = $container->containerEnvironmentVariables->GetVariables(); // Special thing for the nextcloud container - if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') { + if ($container->identifier === 'nextcloud-aio-nextcloud') { $envs[] = $this->GetAllNextcloudExecCommands(); } foreach ($envs as $key => $env) { @@ -251,13 +251,13 @@ readonly class DockerActionManager { $requestBody['Env'] = $envs; } - $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy(); + $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->restartPolicy; - $requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting(); + $requestBody['HostConfig']['ReadonlyRootfs'] = $container->readOnlyRootFs; $exposedPorts = []; - if ($container->GetInternalPort() !== 'host') { - foreach ($container->GetPorts()->GetPorts() as $value) { + if ($container->internalPorts !== 'host') { + foreach ($container->ports->GetPorts() as $value) { $port = $value->port; $protocol = $value->protocol; if ($port === '%APACHE_PORT%') { @@ -279,7 +279,7 @@ readonly class DockerActionManager { if (count($exposedPorts) > 0) { $requestBody['ExposedPorts'] = $exposedPorts; - foreach ($container->GetPorts()->GetPorts() as $value) { + foreach ($container->ports->GetPorts() as $value) { $port = $value->port; $protocol = $value->protocol; if ($port === '%APACHE_PORT%') { @@ -314,7 +314,7 @@ readonly class DockerActionManager { } $devices = []; - foreach ($container->GetDevices() as $device) { + foreach ($container->devices as $device) { if ($device === '/dev/dri' && !$this->configurationManager->isDriDeviceEnabled()) { continue; } @@ -325,7 +325,7 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Devices'] = $devices; } - if ($container->isNvidiaGpuEnabled() && $this->configurationManager->isNvidiaGpuEnabled()) { + if ($container->enableNvidiaGpu && $this->configurationManager->isNvidiaGpuEnabled()) { $requestBody['HostConfig']['Runtime'] = 'nvidia'; $requestBody['HostConfig']['DeviceRequests'] = [ [ @@ -336,13 +336,13 @@ readonly class DockerActionManager { ]; } - $shmSize = $container->GetShmSize(); + $shmSize = $container->shmSize; if ($shmSize > 0) { $requestBody['HostConfig']['ShmSize'] = $shmSize; } $tmpfs = []; - foreach ($container->GetTmpfs() as $tmp) { + foreach ($container->tmpfs as $tmp) { $mode = ""; if (str_contains($tmp, ':')) { $mode = explode(':', $tmp)[1]; @@ -354,9 +354,9 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Tmpfs'] = $tmpfs; } - $requestBody['HostConfig']['Init'] = $container->GetInit(); + $requestBody['HostConfig']['Init'] = $container->init; - $capAdds = $container->GetCapAdds(); + $capAdds = $container->capAdd; if (count($capAdds) > 0) { $requestBody['HostConfig']['CapAdd'] = $capAdds; } @@ -368,14 +368,14 @@ readonly class DockerActionManager { // Disable SELinux for AIO containers so that it does not break them $requestBody['HostConfig']['SecurityOpt'] = ["label:disable"]; - if ($container->isApparmorUnconfined()) { + if ($container->apparmorUnconfined) { $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable"]; } $mounts = []; // Special things for the backup container which should not be exposed in the containers.json - if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) { + if (str_starts_with($container->identifier, 'nextcloud-aio-borgbackup')) { // Additional backup directories foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) { if ($additionalBackupVolumes !== '') { @@ -384,7 +384,7 @@ readonly class DockerActionManager { } // Make volumes read only in case of borgbackup container. The viewer makes them writeable - $isReadOnly = $container->GetIdentifier() === 'nextcloud-aio-borgbackup'; + $isReadOnly = $container->identifier === 'nextcloud-aio-borgbackup'; foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) { if ($additionalBackupDirectories !== '') { @@ -397,12 +397,12 @@ readonly class DockerActionManager { } // Special things for the talk container which should not be exposed in the containers.json - } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') { + } elseif ($container->identifier === 'nextcloud-aio-talk') { // This is needed due to a bug in libwebsockets used in Janus which cannot handle unlimited ulimits $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]]; // // Special things for the nextcloud container which should not be exposed in the containers.json - // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') { - // foreach ($container->GetVolumes()->GetVolumes() as $volume) { + // } elseif ($container->identifier === 'nextcloud-aio-nextcloud') { + // foreach ($container->volumes->GetVolumes() as $volume) { // if ($volume->name !== $this->configurationManager->GetNextcloudMount()) { // continue; // } @@ -410,11 +410,11 @@ readonly class DockerActionManager { // } // Special things for the caddy community container - } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') { + } elseif ($container->identifier === 'nextcloud-aio-caddy') { $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway']; // Special things for the collabora container which should not be exposed in the containers.json - } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') { + } elseif ($container->identifier === 'nextcloud-aio-collabora') { if (!$this->configurationManager->isSeccompDisabled()) { // Load reference seccomp profile for collabora $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath()); @@ -437,9 +437,9 @@ readonly class DockerActionManager { $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"]; // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589 - $requestBody['Hostname'] = $container->GetIdentifier(); + $requestBody['Hostname'] = $container->identifier; - $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier()); + $url = $this->BuildApiUrl('containers/create?name=' . $container->identifier); try { $this->guzzleClient->request( 'POST', @@ -449,18 +449,18 @@ readonly class DockerActionManager { ] ); } catch (RequestException $e) { - throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents()); + throw new \Exception("Could not create container " . $container->identifier . ": " . $e->getResponse()?->getBody()->getContents()); } } public function isRegistryReachable(Container $container): bool { - $tag = $container->GetImageTag(); + $tag = $container->imageTag; if ($tag === '%AIO_CHANNEL%') { $tag = $this->GetCurrentChannel(); } - $remoteDigest = $this->GetLatestDigestOfTag($container->GetContainerName(), $tag); + $remoteDigest = $this->GetLatestDigestOfTag($container->containerName, $tag); if ($remoteDigest === null) { return false; @@ -472,7 +472,7 @@ readonly class DockerActionManager { public function PullImage(Container $container, bool $pullImage = true): void { // Skip database image pull if the last shutdown was not clean - if ($container->GetIdentifier() === 'nextcloud-aio-database') { + if ($container->identifier === 'nextcloud-aio-database') { if ($this->GetDatabasecontainerExitCode() > 0) { $pullImage = false; error_log('Not pulling the latest database image because the container was not correctly shut down.'); @@ -484,7 +484,7 @@ readonly class DockerActionManager { if ($pullImage) { if (!$this->isRegistryReachable($container)) { $pullImage = false; - error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.'); + error_log('Not pulling the ' . $container->containerName . ' image for the ' . $container->identifier . ' container because the registry does not seem to be reachable.'); } } @@ -598,7 +598,7 @@ readonly class DockerActionManager { if ($container->GetUpdateState() === VersionState::Different) { $updateAvailable = '1'; } - foreach ($container->GetDependsOn() as $dependency) { + foreach ($container->dependsOn as $dependency) { $updateAvailable .= $this->isContainerUpdateAvailable($dependency); } return $updateAvailable; @@ -622,10 +622,10 @@ readonly class DockerActionManager { $container = $this->containerDefinitionFetcher->GetContainerById($id); $backupVolumes = ''; - foreach ($container->GetBackupVolumes() as $backupVolume) { + foreach ($container->backupVolumes as $backupVolume) { $backupVolumes .= $backupVolume . ' '; } - foreach ($container->GetDependsOn() as $dependency) { + foreach ($container->dependsOn as $dependency) { $backupVolumes .= $this->getBackupVolumes($dependency); } return $backupVolumes; @@ -641,10 +641,10 @@ readonly class DockerActionManager { $container = $this->containerDefinitionFetcher->GetContainerById($id); $nextcloudExecCommands = ''; - foreach ($container->GetNextcloudExecCommands() as $execCommand) { + foreach ($container->nextcloudExecCommands as $execCommand) { $nextcloudExecCommands .= $execCommand . PHP_EOL; } - foreach ($container->GetDependsOn() as $dependency) { + foreach ($container->dependsOn as $dependency) { $nextcloudExecCommands .= $this->GetNextcloudExecCommands($dependency); } return $nextcloudExecCommands; @@ -776,7 +776,7 @@ readonly class DockerActionManager { public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh'): void { if ($this->GetContainerStartingState($container) === ContainerState::Running) { - $containerName = $container->GetIdentifier(); + $containerName = $container->identifier; // schedule the exec $url = $this->BuildApiUrl(sprintf('containers/%s/exec', urlencode($containerName))); @@ -901,14 +901,14 @@ readonly class DockerActionManager { // Add a secondary alias for domaincheck container, to keep it as similar to actual apache controller as possible. // If a reverse-proxy is relying on container name as hostname this allows it to operate as usual and still validate the domain // The domaincheck container and apache container are never supposed to be active at the same time because they use the same APACHE_PORT anyway, so this doesn't add any new constraints. - $alias = ($container->GetIdentifier() === 'nextcloud-aio-domaincheck') ? 'nextcloud-aio-apache' : ''; + $alias = ($container->identifier === 'nextcloud-aio-domaincheck') ? 'nextcloud-aio-apache' : ''; - $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), alias: $alias); + $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, alias: $alias); - if ($container->GetIdentifier() === 'nextcloud-aio-apache' || $container->GetIdentifier() === 'nextcloud-aio-domaincheck') { + if ($container->identifier === 'nextcloud-aio-apache' || $container->identifier === 'nextcloud-aio-domaincheck') { $apacheAdditionalNetwork = $this->configurationManager->GetApacheAdditionalNetwork(); if ($apacheAdditionalNetwork !== '') { - $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort(), $apacheAdditionalNetwork, false, $alias); + $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, $apacheAdditionalNetwork, false, $alias); } } } @@ -917,9 +917,9 @@ readonly class DockerActionManager { if ($forceStopContainer) { $maxShutDownTime = 10; } else { - $maxShutDownTime = $container->GetMaxShutdownTime(); + $maxShutDownTime = $container->maxShutdownTime; } - $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $maxShutDownTime)); + $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->identifier), $maxShutDownTime)); try { $this->guzzleClient->post($url); } catch (RequestException $e) { diff --git a/php/templates/components/container-state.twig b/php/templates/components/container-state.twig index 8375d033..07580e66 100644 --- a/php/templates/components/container-state.twig +++ b/php/templates/components/container-state.twig @@ -3,24 +3,24 @@ {% if c.GetStartingState().value == 'starting' %} - {{ c.GetDisplayName() }} - (Starting) + {{ c.displayName }} + (Starting) {% elseif c.GetRunningState().value == 'running' %} - {{ c.GetDisplayName() }} - (Running) + {{ c.displayName }} + (Running) {% else %} - {{ c.GetDisplayName() }} - (Stopped) + {{ c.displayName }} + (Stopped) {% endif %} - {% if c.GetDocumentation() != '' %} - (docs) + {% if c.documentation != '' %} + (docs) {% endif %} {% if c.GetUiSecret() != '' %}
    - Show password for {{ c.GetDisplayName() }} + Show password for {{ c.displayName }}
    {% endif %} diff --git a/php/templates/containers.twig b/php/templates/containers.twig index c318e8a6..0e7d1427 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -45,19 +45,19 @@ {% endif %} {% for container in containers %} - {% if container.GetDisplayName() != '' and container.GetRunningState().value == 'running' %} + {% if container.displayName != '' and container.GetRunningState().value == 'running' %} {% set isAnyRunning = true %} {% endif %} - {% if container.GetDisplayName() != '' and container.GetRestartingState().value == 'restarting' %} + {% if container.displayName != '' and container.GetRestartingState().value == 'restarting' %} {% set isAnyRestarting = true %} {% endif %} - {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %} + {% if container.identifier == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %} {% set isWatchtowerRunning = true %} {% endif %} - {% if container.GetIdentifier() == 'nextcloud-aio-domaincheck' and container.GetRunningState().value == 'running' %} + {% if container.identifier == 'nextcloud-aio-domaincheck' and container.GetRunningState().value == 'running' %} {% set isDomaincheckRunning = true %} {% endif %} - {% if container.GetIdentifier() == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %} + {% if container.identifier == 'nextcloud-aio-apache' and container.GetStartingState().value == 'starting' %} {% set isApacheStarting = true %} {% endif %} {% endfor %} @@ -280,7 +280,7 @@
      {# @var containers \AIO\Container\Container[] #} {% for container in containers %} - {% if container.GetDisplayName() != '' %} + {% if container.displayName != '' %} {% include 'components/container-state.twig' with {'c': container} only %} {% endif %} {% endfor %} From a53e315e7fc87e58e20a4bb98fe4e0858d075edb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 11 Jan 2026 15:05:21 +0000 Subject: [PATCH 0889/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.1.3-cli to 29.1.4-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.1.4-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index c5b91b7d..d2019e49 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.1.3-cli AS docker +FROM docker:29.1.4-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From b998fa8ebf6907f9d3aa14f09446af2675e775ee Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 12 Jan 2026 10:58:58 +0100 Subject: [PATCH 0890/1064] s3.config.php: allow to configure num_buckets Signed-off-by: Simon L. --- Containers/nextcloud/config/s3.config.php | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/nextcloud/config/s3.config.php b/Containers/nextcloud/config/s3.config.php index 59217a78..6ea06697 100644 --- a/Containers/nextcloud/config/s3.config.php +++ b/Containers/nextcloud/config/s3.config.php @@ -10,6 +10,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) { 'class' => '\OC\Files\ObjectStore\S3', 'arguments' => array( 'multibucket' => $multibucket === 'true', + 'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64, 'bucket' => getenv('OBJECTSTORE_S3_BUCKET'), 'key' => getenv('OBJECTSTORE_S3_KEY') ?: '', 'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '', From b1baefb959119199291ad0a33226b7e4c8760f30 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jan 2026 16:03:10 +0000 Subject: [PATCH 0891/1064] build(deps): bump softprops/turnstyle in /.github/workflows Bumps [softprops/turnstyle](https://github.com/softprops/turnstyle) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/softprops/turnstyle/releases) - [Changelog](https://github.com/softprops/turnstyle/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/turnstyle/compare/15f9da4059166900981058ba251e0b652511c68f...e565d2d86403c5d23533937e95980570545e5586) --- updated-dependencies: - dependency-name: softprops/turnstyle dependency-version: 3.2.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 639b0785..a4f441c2 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v6.0.1 - name: Turnstyle - uses: softprops/turnstyle@15f9da4059166900981058ba251e0b652511c68f # v2 + uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2 with: continue-after-seconds: 180 env: From 95a320a3e470aa50c2fe14bba347464d8c5b7740 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 13 Jan 2026 11:06:14 +0100 Subject: [PATCH 0892/1064] DockerActionManager: disable seccomp policy for borgbackup container Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 9e8a8ff2..67134576 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -376,6 +376,11 @@ readonly class DockerActionManager { // Special things for the backup container which should not be exposed in the containers.json if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) { + // Disable seccomp policy if seccomp is enabled in the kernel to fix issues like https://github.com/nextcloud/all-in-one/issues/7308 + if (!$this->configurationManager->isSeccompDisabled()) { + $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable", "seccomp:unconfined"]; + } + // Additional backup directories foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) { if ($additionalBackupVolumes !== '') { From c2f070b278a4772f3b75818a185817e4b946317c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 13 Jan 2026 11:44:05 +0100 Subject: [PATCH 0893/1064] aio-cadddy: mention how to remove the container again Signed-off-by: Simon L. --- community-containers/caddy/readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index a8baf9ea..a8d673b0 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -17,6 +17,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active! - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack +- If you want to remove the container again and revert back to the default, you need to follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy ### Repository https://github.com/szaimen/aio-caddy From 81f477211fdf95bdf5386a5a9b57c54623d8e776 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 13 Jan 2026 11:44:43 +0100 Subject: [PATCH 0894/1064] fix detail Signed-off-by: Simon L. --- community-containers/caddy/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index a8d673b0..803bbec2 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -17,7 +17,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active! - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack -- If you want to remove the container again and revert back to the default, you need to follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy +- If you want to remove the container again and revert back to the default, you need to disable the container via the AIO-interface and follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy ### Repository https://github.com/szaimen/aio-caddy From 6fe3337a21ff0e6f63a45b22f55a648555ecd0ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jan 2026 04:09:32 +0000 Subject: [PATCH 0895/1064] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.9 to 8.19.10. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index 7975bcbb..ed0cafe9 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.9 +FROM elasticsearch:8.19.10 USER root From eadf0dc5cde07f21ebe75cc96aa7eba65e91d081 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jan 2026 04:10:53 +0000 Subject: [PATCH 0896/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.5.0 to v1.5.1. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.5.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index f6b8cc7d..37ba25e0 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.0 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.1 USER root RUN set -ex; \ From 9a6e2cbe4975ba09c3a46caaeb14cc451fc59a3c Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 14 Jan 2026 11:54:57 +0000 Subject: [PATCH 0897/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-collabora-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-imaginary-deployment.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-notify-push-deployment.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 20 insertions(+), 20 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 16e7a82c..7d990549 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 12.3.0 +version: 12.4.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 6eddefe9..6cdf8db8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-apache:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 26eda032..d7627802 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-clamav:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index c0984e1d..7e86c402 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -36,9 +36,9 @@ spec: - name: server_name value: "{{ .Values.NC_DOMAIN }}" {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }} - image: ghcr.io/nextcloud-releases/aio-collabora-online:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-collabora-online:20260114_114729 {{- else }} - image: ghcr.io/nextcloud-releases/aio-collabora:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-collabora:20260114_114729 {{- end }} readinessProbe: exec: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index b7b54647..055ecd0a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-postgresql:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index 14f19447..df30e6a8 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index 9f0c54c5..d2fc1375 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-imaginary:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index 3cbfa2fe..fe72d307 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 command: - chmod - "777" @@ -190,7 +190,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20260114_114729 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index a9822a80..5b05336e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -57,7 +57,7 @@ spec: value: "6379" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-notify-push:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index c8160edd..0e3a7fda 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 8446167d..1ccebd79 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-redis:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index c28e7335..8635a6ce 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-talk:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index a0d36c08..2cfcaa53 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20260114_114729 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index e311f230..50dfc3c4 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -50,7 +50,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20251218_095503 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20260114_114729 readinessProbe: exec: command: From 045e5edf841324dd8eff918be27fa9e3fd332efb Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 14 Jan 2026 12:03:59 +0000 Subject: [PATCH 0898/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 95 ++++++++++++++++++++++++----------------------- 1 file changed, 48 insertions(+), 47 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index ed6667ed..ce1ae80f 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -391,16 +391,16 @@ }, { "name": "laravel/serializable-closure", - "version": "v2.0.7", + "version": "v2.0.8", "source": { "type": "git", "url": "https://github.com/laravel/serializable-closure.git", - "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd" + "reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/cb291e4c998ac50637c7eeb58189c14f5de5b9dd", - "reference": "cb291e4c998ac50637c7eeb58189c14f5de5b9dd", + "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/7581a4407012f5f53365e11bafc520fd7f36bc9b", + "reference": "7581a4407012f5f53365e11bafc520fd7f36bc9b", "shasum": "" }, "require": { @@ -448,7 +448,7 @@ "issues": "https://github.com/laravel/serializable-closure/issues", "source": "https://github.com/laravel/serializable-closure" }, - "time": "2025-11-21T20:52:36+00:00" + "time": "2026-01-08T16:22:46+00:00" }, { "name": "nikic/fast-route", @@ -2755,22 +2755,22 @@ }, { "name": "danog/advanced-json-rpc", - "version": "v3.2.2", + "version": "v3.2.3", "source": { "type": "git", "url": "https://github.com/danog/php-advanced-json-rpc.git", - "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb" + "reference": "ae703ea7b4811797a10590b6078de05b3b33dd91" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/danog/php-advanced-json-rpc/zipball/aadb1c4068a88c3d0530cfe324b067920661efcb", - "reference": "aadb1c4068a88c3d0530cfe324b067920661efcb", + "url": "https://api.github.com/repos/danog/php-advanced-json-rpc/zipball/ae703ea7b4811797a10590b6078de05b3b33dd91", + "reference": "ae703ea7b4811797a10590b6078de05b3b33dd91", "shasum": "" }, "require": { "netresearch/jsonmapper": "^5", "php": ">=8.1", - "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0" + "phpdocumentor/reflection-docblock": "^4.3.4 || ^5.0.0 || ^6" }, "replace": { "felixfbecker/php-advanced-json-rpc": "^3" @@ -2801,9 +2801,9 @@ "description": "A more advanced JSONRPC implementation", "support": { "issues": "https://github.com/danog/php-advanced-json-rpc/issues", - "source": "https://github.com/danog/php-advanced-json-rpc/tree/v3.2.2" + "source": "https://github.com/danog/php-advanced-json-rpc/tree/v3.2.3" }, - "time": "2025-02-14T10:55:15+00:00" + "time": "2026-01-12T21:07:10+00:00" }, { "name": "daverandom/libdns", @@ -3455,16 +3455,16 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "5.6.6", + "version": "6.0.0", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8" + "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/5cee1d3dfc2d2aa6599834520911d246f656bcb8", - "reference": "5cee1d3dfc2d2aa6599834520911d246f656bcb8", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/02600c041e7d0f4b7d1fe1d260565ec525472fa9", + "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9", "shasum": "" }, "require": { @@ -3472,8 +3472,8 @@ "ext-filter": "*", "php": "^7.4 || ^8.0", "phpdocumentor/reflection-common": "^2.2", - "phpdocumentor/type-resolver": "^1.7", - "phpstan/phpdoc-parser": "^1.7|^2.0", + "phpdocumentor/type-resolver": "^2.0", + "phpstan/phpdoc-parser": "^2.0", "webmozart/assert": "^1.9.1 || ^2" }, "require-dev": { @@ -3483,7 +3483,8 @@ "phpstan/phpstan-mockery": "^1.1", "phpstan/phpstan-webmozart-assert": "^1.2", "phpunit/phpunit": "^9.5", - "psalm/phar": "^5.26" + "psalm/phar": "^5.26", + "shipmonk/dead-code-detector": "^0.5.1" }, "type": "library", "extra": { @@ -3513,44 +3514,44 @@ "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "support": { "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues", - "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/5.6.6" + "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.0" }, - "time": "2025-12-22T21:13:58+00:00" + "time": "2026-01-07T20:22:53+00:00" }, { "name": "phpdocumentor/type-resolver", - "version": "1.12.0", + "version": "2.0.0", "source": { "type": "git", "url": "https://github.com/phpDocumentor/TypeResolver.git", - "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195" + "reference": "327a05bbee54120d4786a0dc67aad30226ad4cf9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/92a98ada2b93d9b201a613cb5a33584dde25f195", - "reference": "92a98ada2b93d9b201a613cb5a33584dde25f195", + "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/327a05bbee54120d4786a0dc67aad30226ad4cf9", + "reference": "327a05bbee54120d4786a0dc67aad30226ad4cf9", "shasum": "" }, "require": { "doctrine/deprecations": "^1.0", - "php": "^7.3 || ^8.0", + "php": "^7.4 || ^8.0", "phpdocumentor/reflection-common": "^2.0", - "phpstan/phpdoc-parser": "^1.18|^2.0" + "phpstan/phpdoc-parser": "^2.0" }, "require-dev": { "ext-tokenizer": "*", "phpbench/phpbench": "^1.2", - "phpstan/extension-installer": "^1.1", - "phpstan/phpstan": "^1.8", - "phpstan/phpstan-phpunit": "^1.1", + "phpstan/extension-installer": "^1.4", + "phpstan/phpstan": "^2.1", + "phpstan/phpstan-phpunit": "^2.0", "phpunit/phpunit": "^9.5", - "rector/rector": "^0.13.9", - "vimeo/psalm": "^4.25" + "psalm/phar": "^4" }, "type": "library", "extra": { "branch-alias": { - "dev-1.x": "1.x-dev" + "dev-1.x": "1.x-dev", + "dev-2.x": "2.x-dev" } }, "autoload": { @@ -3571,22 +3572,22 @@ "description": "A PSR-5 based resolver of Class names, Types and Structural Element Names", "support": { "issues": "https://github.com/phpDocumentor/TypeResolver/issues", - "source": "https://github.com/phpDocumentor/TypeResolver/tree/1.12.0" + "source": "https://github.com/phpDocumentor/TypeResolver/tree/2.0.0" }, - "time": "2025-11-21T15:09:14+00:00" + "time": "2026-01-06T21:53:42+00:00" }, { "name": "phpstan/phpdoc-parser", - "version": "2.3.0", + "version": "2.3.1", "source": { "type": "git", "url": "https://github.com/phpstan/phpdoc-parser.git", - "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495" + "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/1e0cd5370df5dd2e556a36b9c62f62e555870495", - "reference": "1e0cd5370df5dd2e556a36b9c62f62e555870495", + "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/16dbf9937da8d4528ceb2145c9c7c0bd29e26374", + "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374", "shasum": "" }, "require": { @@ -3618,9 +3619,9 @@ "description": "PHPDoc parser with support for nullable, intersection and generic types", "support": { "issues": "https://github.com/phpstan/phpdoc-parser/issues", - "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.0" + "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.1" }, - "time": "2025-08-30T15:50:23+00:00" + "time": "2026-01-12T11:33:04+00:00" }, { "name": "revolt/event-loop", @@ -4735,16 +4736,16 @@ }, { "name": "webmozart/assert", - "version": "2.0.0", + "version": "2.1.2", "source": { "type": "git", "url": "https://github.com/webmozarts/assert.git", - "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54" + "reference": "ce6a2f100c404b2d32a1dd1270f9b59ad4f57649" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/webmozarts/assert/zipball/1b34b004e35a164bc5bb6ebd33c844b2d8069a54", - "reference": "1b34b004e35a164bc5bb6ebd33c844b2d8069a54", + "url": "https://api.github.com/repos/webmozarts/assert/zipball/ce6a2f100c404b2d32a1dd1270f9b59ad4f57649", + "reference": "ce6a2f100c404b2d32a1dd1270f9b59ad4f57649", "shasum": "" }, "require": { @@ -4791,9 +4792,9 @@ ], "support": { "issues": "https://github.com/webmozarts/assert/issues", - "source": "https://github.com/webmozarts/assert/tree/2.0.0" + "source": "https://github.com/webmozarts/assert/tree/2.1.2" }, - "time": "2025-12-16T21:36:00+00:00" + "time": "2026-01-13T14:02:24+00:00" } ], "aliases": [], From 069195bf237fab2fe9f831bb6d815d011bea14fa Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 15 Jan 2026 12:47:51 +0100 Subject: [PATCH 0899/1064] nextcloud: update to 32.0.4 Signed-off-by: Simon L. --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 6b6be7f8..9c468bbb 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=32.0.3 +ENV NEXTCLOUD_VERSION=32.0.4 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From b5b642232891dccc59ef4e7c8bc5bc8c5b7bb626 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 15 Jan 2026 13:41:20 +0100 Subject: [PATCH 0900/1064] Revert "DockerActionManager: disable seccomp policy for borgbackup container" Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 67134576..9e8a8ff2 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -376,11 +376,6 @@ readonly class DockerActionManager { // Special things for the backup container which should not be exposed in the containers.json if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) { - // Disable seccomp policy if seccomp is enabled in the kernel to fix issues like https://github.com/nextcloud/all-in-one/issues/7308 - if (!$this->configurationManager->isSeccompDisabled()) { - $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable", "seccomp:unconfined"]; - } - // Additional backup directories foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) { if ($additionalBackupVolumes !== '') { From 9e362e1dc9ece2fc4bbfd5f10b656d99cae4e6ce Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 15 Jan 2026 13:48:06 +0100 Subject: [PATCH 0901/1064] increase to 12.5.0 Signed-off-by: Simon L. --- php/templates/containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/containers.twig b/php/templates/containers.twig index c318e8a6..9c55350e 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,7 @@
      -

      Nextcloud AIO v12.4.0

      +

      Nextcloud AIO v12.5.0

      {# Add 2nd tab warning #} From 59ad7dc98be6eecbe7866add09ac771cd8ccf0ee Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 16 Jan 2026 15:12:44 +0100 Subject: [PATCH 0902/1064] move version to a dedicated file Signed-off-by: Simon L. --- nextcloud-aio-helm-chart/update-helm.sh | 2 +- php/templates/containers.twig | 3 ++- php/templates/includes/aio-version.twig | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 php/templates/includes/aio-version.twig diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh index f39d3035..9e5aba86 100755 --- a/nextcloud-aio-helm-chart/update-helm.sh +++ b/nextcloud-aio-helm-chart/update-helm.sh @@ -407,7 +407,7 @@ rm latest.yml mv latest.yml.backup latest.yml # Get version of AIO -AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/containers.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')" +AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/includes/aio-version.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')" sed -i "s|^version:.*|version: $AIO_VERSION|" ../helm-chart/Chart.yaml # Conversion of sample.conf diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 9c55350e..d0ed38b1 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -17,7 +17,8 @@
      -

      Nextcloud AIO v12.5.0

      + {% set aio_version = include('includes/aio-version.twig') %} +

      Nextcloud AIO v{{ aio_version }}

      {# Add 2nd tab warning #} diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig new file mode 100644 index 00000000..b7d7205d --- /dev/null +++ b/php/templates/includes/aio-version.twig @@ -0,0 +1 @@ +12.5.0 From 792ba0dfb352fe6a0018dd7ee470c777da5658df Mon Sep 17 00:00:00 2001 From: Zoey Date: Fri, 16 Jan 2026 22:54:58 +0100 Subject: [PATCH 0903/1064] update NPMplus images in reverse proxy guide Signed-off-by: Zoey --- reverse-proxy.md | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/reverse-proxy.md b/reverse-proxy.md index 50a6bccd..bdeb3244 100644 --- a/reverse-proxy.md +++ b/reverse-proxy.md @@ -564,19 +564,14 @@ Note: this will cause that a non root user can bind privileged ports. Second, see these screenshots for a working config: -![grafik](https://github.com/user-attachments/assets/c32c8fe8-7417-4f8f-9625-24b95651e630) +image -![grafik](https://github.com/user-attachments/assets/f14bba5c-69ce-4514-a2ac-5e5d7fb97792) +image - +image -![grafik](https://github.com/user-attachments/assets/75d7f539-35d1-4a3e-8c51-43123f698893) +image -![grafik](https://github.com/user-attachments/assets/e494edb5-8b70-4d45-bc9b-374219230041) - -`proxy_set_header Accept-Encoding $http_accept_encoding;` - -⚠️ **Please note:** Nextcloud will complain that X-XXS-Protection is set to the wrong value, this is intended by NPMplus.
      ⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration. From d5c3e79b31f34a66687db78bc9f1065bf24b31e4 Mon Sep 17 00:00:00 2001 From: ph818 <71797925+ph818@users.noreply.github.com> Date: Sat, 17 Jan 2026 17:17:28 -0500 Subject: [PATCH 0904/1064] Update local-instance.md Clarifying DNS-challenge description. Signed-off-by: ph818 <71797925+ph818@users.noreply.github.com> --- local-instance.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/local-instance.md b/local-instance.md index 1da26280..8abbddb6 100644 --- a/local-instance.md +++ b/local-instance.md @@ -22,10 +22,11 @@ The normal way is the following: **Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example. ## 3. Use the ACME DNS-challenge -You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge +You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge ## 4. Use Cloudflare If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up. ## 5. Buy a certificate and use that If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config. + From a3e43c5cd913d45b34d137bbecfb806d559cb6e7 Mon Sep 17 00:00:00 2001 From: ph818 <71797925+ph818@users.noreply.github.com> Date: Sat, 17 Jan 2026 17:22:42 -0500 Subject: [PATCH 0905/1064] Update readme.md Clarifying the Instructions for DNS-challenge so following the links will make more sense (configuring the caddyfile of the external caddy reverse proxy). Signed-off-by: ph818 <71797925+ph818@users.noreply.github.com> --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index bcbf7d57..66059954 100644 --- a/readme.md +++ b/readme.md @@ -340,7 +340,7 @@ Although it does not seems like it is the case but from AIO perspective a Cloudf For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817 ### How to get Nextcloud running using the ACME DNS-challenge? -You can install AIO in reverse proxy mode where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic. +You can install AIO behind an external reverse proxy where is also documented how to get it running using the ACME DNS-challenge for getting a valid certificate for AIO. See the [reverse proxy documentation](./reverse-proxy.md). (Meant is the `Caddy with ACME DNS-challenge` section). Also see https://github.com/dani-garcia/vaultwarden/wiki/Running-a-private-vaultwarden-instance-with-Let%27s-Encrypt-certs#getting-a-custom-caddy-build for additional docs on this topic. ### How to run Nextcloud locally? No domain wanted, or wanting intranet access within your LAN. If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly. From 4a65c04e3d7410109ca35121c6aedd0d8e4f0986 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jan 2026 04:28:14 +0000 Subject: [PATCH 0906/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.1.4-cli to 29.1.5-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.1.5-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index d2019e49..a719c71a 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.1.4-cli AS docker +FROM docker:29.1.5-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From 9822a63c44dc965a202b539fcacb2ad9339243c3 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 19 Jan 2026 10:07:52 +0100 Subject: [PATCH 0907/1064] nextcloud-entrypoint: make recording server dependent on `REMOVE_DISABLED_APPS` Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 43432e6d..5f47a0f4 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -894,7 +894,9 @@ if [ -d "/var/www/html/custom_apps/spreed" ]; then RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"http://$TALK_RECORDING_HOST:1234/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}" php /var/www/html/occ config:app:set spreed recording_servers --value="$RECORDING_SERVERS_STRING" else - php /var/www/html/occ config:app:delete spreed recording_servers + if [ "$REMOVE_DISABLED_APPS" = yes ]; then + php /var/www/html/occ config:app:delete spreed recording_servers + fi fi fi From 0e22f38d16b4a1a0eb375ce1945f796d5b40da4d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 19 Jan 2026 10:25:14 +0100 Subject: [PATCH 0908/1064] add `wud.watch=false` to all containers Signed-off-by: Simon L. --- Containers/apache/Dockerfile | 1 + Containers/borgbackup/Dockerfile | 1 + Containers/clamav/Dockerfile | 1 + Containers/collabora-online/Dockerfile | 1 + Containers/collabora/Dockerfile | 1 + Containers/docker-socket-proxy/Dockerfile | 1 + Containers/domaincheck/Dockerfile | 1 + Containers/fulltextsearch/Dockerfile | 1 + Containers/imaginary/Dockerfile | 3 ++- Containers/nextcloud/Dockerfile | 1 + Containers/notify-push/Dockerfile | 1 + Containers/onlyoffice/Dockerfile | 1 + Containers/postgresql/Dockerfile | 1 + Containers/redis/Dockerfile | 1 + Containers/talk-recording/Dockerfile | 1 + Containers/talk/Dockerfile | 1 + Containers/watchtower/Dockerfile | 1 + Containers/whiteboard/Dockerfile | 1 + php/src/Docker/DockerActionManager.php | 2 +- 19 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index 0948fb25..9ccadfb8 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -88,4 +88,5 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile index 637d035c..97d6198b 100644 --- a/Containers/borgbackup/Dockerfile +++ b/Containers/borgbackup/Dockerfile @@ -24,5 +24,6 @@ ENTRYPOINT ["/start.sh"] USER root LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6" diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index 196b109a..e81fb06e 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -33,5 +33,6 @@ VOLUME /var/lib/clamav ENTRYPOINT ["/start.sh"] CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh diff --git a/Containers/collabora-online/Dockerfile b/Containers/collabora-online/Dockerfile index 72f79928..ec8b63f0 100644 --- a/Containers/collabora-online/Dockerfile +++ b/Containers/collabora-online/Dockerfile @@ -12,4 +12,5 @@ USER 1001 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 50b6cfef..976360cb 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -11,4 +11,5 @@ USER 1001 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 796c855a..62590f6f 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -19,4 +19,5 @@ COPY --chmod=664 haproxy.cfg /haproxy.cfg ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile index 769c24ac..8122f315 100644 --- a/Containers/domaincheck/Dockerfile +++ b/Containers/domaincheck/Dockerfile @@ -18,4 +18,5 @@ ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1 LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index ed0cafe9..ff1e923f 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -22,5 +22,6 @@ USER 1000:0 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" ENV ES_JAVA_OPTS="-Xms512M -Xmx512M" diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 11250a43..04f190b5 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM golang:1.25.5-alpine3.23 AS go -ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee +ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee RUN set -ex; \ apk upgrade --no-cache -a; \ @@ -43,4 +43,5 @@ ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 9c468bbb..afb3def5 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -264,4 +264,5 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"] HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile index 029c93f2..425115c4 100644 --- a/Containers/notify-push/Dockerfile +++ b/Containers/notify-push/Dockerfile @@ -23,4 +23,5 @@ ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/onlyoffice/Dockerfile b/Containers/onlyoffice/Dockerfile index d028ccbc..13b4d456 100644 --- a/Containers/onlyoffice/Dockerfile +++ b/Containers/onlyoffice/Dockerfile @@ -8,4 +8,5 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/postgresql/Dockerfile b/Containers/postgresql/Dockerfile index 725b8042..56090f26 100644 --- a/Containers/postgresql/Dockerfile +++ b/Containers/postgresql/Dockerfile @@ -44,4 +44,5 @@ ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index 7cc1ff84..cc9181ad 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -21,4 +21,5 @@ ENTRYPOINT ["/start.sh"] HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/talk-recording/Dockerfile b/Containers/talk-recording/Dockerfile index 65af7db4..8df5b89e 100644 --- a/Containers/talk-recording/Dockerfile +++ b/Containers/talk-recording/Dockerfile @@ -58,4 +58,5 @@ CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.co HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index fc5f0379..fb78f943 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -107,4 +107,5 @@ CMD ["supervisord", "-c", "/supervisord.conf"] HEALTHCHECK CMD /healthcheck.sh LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index cd5238ac..6b948c9b 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -24,4 +24,5 @@ USER root ENTRYPOINT ["/start.sh"] LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 37ba25e0..0a45981d 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -23,4 +23,5 @@ WORKDIR /tmp ENTRYPOINT ["/start.sh"] LABEL com.centurylinklabs.watchtower.enable="false" \ + wud.watch="false" \ org.label-schema.vendor="Nextcloud" diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 9e8a8ff2..99264d54 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -434,7 +434,7 @@ readonly class DockerActionManager { // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature. // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels // Additionally set a default org.label-schema.vendor and com.docker.compose.project - $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"]; + $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "wud.watch" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"]; // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589 $requestBody['Hostname'] = $container->GetIdentifier(); From c5b146f84c1b517d956cc5e1796f953b8381e385 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Jan 2026 04:08:44 +0000 Subject: [PATCH 0909/1064] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.25.5-alpine3.23 to 1.25.6-alpine3.23. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.6-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 11250a43..a0c583e0 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.5-alpine3.23 AS go +FROM golang:1.25.6-alpine3.23 AS go ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee From dbabfe14f0b35d0d6df9e16dd09d626888ae602d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Jan 2026 04:09:56 +0000 Subject: [PATCH 0910/1064] build(deps): bump golang in /Containers/watchtower Bumps golang from 1.25.5-alpine3.23 to 1.25.6-alpine3.23. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.6-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index cd5238ac..2ee06f51 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.25.5-alpine3.23 AS go +FROM golang:1.25.6-alpine3.23 AS go ENV WATCHTOWER_COMMIT_HASH=f6a7b29c312bec5f389a4fb52259919f0678800b From f58465f93022b1960428c88d4c5a65c4636aec7d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 19 Jan 2026 15:21:28 +0100 Subject: [PATCH 0911/1064] DockeractionManager: rewrite `PullImage` function to re-try 3 times before failing Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 9e8a8ff2..34ca4f56 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -503,14 +503,24 @@ readonly class DockerActionManager { } catch (\Throwable $e) { $imageIsThere = false; } - try { - $this->guzzleClient->post($url); - } catch (RequestException $e) { - $message = "Could not pull image " . $imageName . ": " . $e->getResponse()?->getBody()->getContents(); - if ($imageIsThere === false) { - throw new \Exception($message); - } else { - error_log($message); + + $maxRetries = 3; + for ($attempt = 1; $attempt <= $maxRetries; $attempt++) { + try { + $this->guzzleClient->post($url); + break; + } catch (RequestException $e) { + $message = "Could not pull image " . $imageName . " (attempt $attempt/$maxRetries): " . $e->getResponse()?->getBody()->getContents(); + if ($attempt === $maxRetries) { + if ($imageIsThere === false) { + throw new \Exception($message); + } else { + error_log($message); + } + } else { + error_log($message . ' Retrying...'); + sleep(1); + } } } } From b7d63253db7e5d74a83bd0d5f4bd7c51793c8da1 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 20 Jan 2026 11:50:04 +0100 Subject: [PATCH 0912/1064] postgres.config.php: fix `PDO::MYSQL_ATTR_SSL_CA` Signed-off-by: Simon L. --- Containers/nextcloud/config/postgres.config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php index 71a657a7..0dc835cc 100644 --- a/Containers/nextcloud/config/postgres.config.php +++ b/Containers/nextcloud/config/postgres.config.php @@ -10,7 +10,7 @@ if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) { if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL')) { $CONFIG = array( 'dbdriveroptions' => array( - 'PDO::MYSQL_ATTR_SSL_CA' => '/var/www/html/data/certificates/ca-bundle.crt', + PDO::MYSQL_ATTR_SSL_CA => '/var/www/html/data/certificates/ca-bundle.crt', ), ); } From 88a45d1a8087b8097c257905b91ea77db30f4a6c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 20 Jan 2026 13:20:09 +0100 Subject: [PATCH 0913/1064] add cooldown to dependabot Signed-off-by: Simon L. --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f79c4ce2..7fe1067e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,6 +10,8 @@ updates: labels: - 3. to review - dependencies + cooldown: + default-days: 7 - package-ecosystem: composer directory: "/php/" schedule: From fcdd000731f025f11f6bcfe26c6e47c46bc64e63 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Jan 2026 04:10:21 +0000 Subject: [PATCH 0914/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.5.1 to v1.5.3. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.5.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 37ba25e0..31500313 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.1 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.3 USER root RUN set -ex; \ From 3b3eea7ef02e7bf5f11dc632cfc3b654d101859f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 21 Jan 2026 10:54:39 +0100 Subject: [PATCH 0915/1064] don't ask for a cute anmial picture Signed-off-by: Simon L. --- .github/ISSUE_TEMPLATE/Bug_report.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/Bug_report.md b/.github/ISSUE_TEMPLATE/Bug_report.md index 5d6cc059..aca2e718 100644 --- a/.github/ISSUE_TEMPLATE/Bug_report.md +++ b/.github/ISSUE_TEMPLATE/Bug_report.md @@ -37,5 +37,3 @@ labels: 0. Needs triage #### Output of `sudo docker ps -a` #### Other valuable info - -#### A picture of a cute animal From 2c968917ebcac51b6c0a6cc033fde63e8fb72cc7 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 21 Jan 2026 12:03:53 +0000 Subject: [PATCH 0916/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 48 +++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index ce1ae80f..75e53dfe 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -3111,20 +3111,20 @@ }, { "name": "league/uri", - "version": "7.7.0", + "version": "7.8.0", "source": { "type": "git", "url": "https://github.com/thephpleague/uri.git", - "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807" + "reference": "4436c6ec8d458e4244448b069cc572d088230b76" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thephpleague/uri/zipball/8d587cddee53490f9b82bf203d3a9aa7ea4f9807", - "reference": "8d587cddee53490f9b82bf203d3a9aa7ea4f9807", + "url": "https://api.github.com/repos/thephpleague/uri/zipball/4436c6ec8d458e4244448b069cc572d088230b76", + "reference": "4436c6ec8d458e4244448b069cc572d088230b76", "shasum": "" }, "require": { - "league/uri-interfaces": "^7.7", + "league/uri-interfaces": "^7.8", "php": "^8.1", "psr/http-factory": "^1" }, @@ -3138,11 +3138,11 @@ "ext-gmp": "to improve IPV4 host parsing", "ext-intl": "to handle IDN host with the best performance", "ext-uri": "to use the PHP native URI class", - "jeremykendall/php-domain-parser": "to resolve Public Suffix and Top Level Domain", - "league/uri-components": "Needed to easily manipulate URI objects components", - "league/uri-polyfill": "Needed to backport the PHP URI extension for older versions of PHP", + "jeremykendall/php-domain-parser": "to further parse the URI host and resolve its Public Suffix and Top Level Domain", + "league/uri-components": "to provide additional tools to manipulate URI objects components", + "league/uri-polyfill": "to backport the PHP URI extension for older versions of PHP", "php-64bit": "to improve IPV4 host parsing", - "rowbot/url": "to handle WHATWG URL", + "rowbot/url": "to handle URLs using the WHATWG URL Living Standard specification", "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present" }, "type": "library", @@ -3197,7 +3197,7 @@ "docs": "https://uri.thephpleague.com", "forum": "https://thephpleague.slack.com", "issues": "https://github.com/thephpleague/uri-src/issues", - "source": "https://github.com/thephpleague/uri/tree/7.7.0" + "source": "https://github.com/thephpleague/uri/tree/7.8.0" }, "funding": [ { @@ -3205,20 +3205,20 @@ "type": "github" } ], - "time": "2025-12-07T16:02:06+00:00" + "time": "2026-01-14T17:24:56+00:00" }, { "name": "league/uri-interfaces", - "version": "7.7.0", + "version": "7.8.0", "source": { "type": "git", "url": "https://github.com/thephpleague/uri-interfaces.git", - "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c" + "reference": "c5c5cd056110fc8afaba29fa6b72a43ced42acd4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/62ccc1a0435e1c54e10ee6022df28d6c04c2946c", - "reference": "62ccc1a0435e1c54e10ee6022df28d6c04c2946c", + "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/c5c5cd056110fc8afaba29fa6b72a43ced42acd4", + "reference": "c5c5cd056110fc8afaba29fa6b72a43ced42acd4", "shasum": "" }, "require": { @@ -3231,7 +3231,7 @@ "ext-gmp": "to improve IPV4 host parsing", "ext-intl": "to handle IDN host with the best performance", "php-64bit": "to improve IPV4 host parsing", - "rowbot/url": "to handle WHATWG URL", + "rowbot/url": "to handle URLs using the WHATWG URL Living Standard specification", "symfony/polyfill-intl-idn": "to handle IDN host via the Symfony polyfill if ext-intl is not present" }, "type": "library", @@ -3281,7 +3281,7 @@ "docs": "https://uri.thephpleague.com", "forum": "https://thephpleague.slack.com", "issues": "https://github.com/thephpleague/uri-src/issues", - "source": "https://github.com/thephpleague/uri-interfaces/tree/7.7.0" + "source": "https://github.com/thephpleague/uri-interfaces/tree/7.8.0" }, "funding": [ { @@ -3289,7 +3289,7 @@ "type": "github" } ], - "time": "2025-12-07T16:03:21+00:00" + "time": "2026-01-15T06:54:53+00:00" }, { "name": "netresearch/jsonmapper", @@ -3455,16 +3455,16 @@ }, { "name": "phpdocumentor/reflection-docblock", - "version": "6.0.0", + "version": "6.0.1", "source": { "type": "git", "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", - "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9" + "reference": "2f5cbed597cb261d1ea458f3da3a9ad32e670b1e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/02600c041e7d0f4b7d1fe1d260565ec525472fa9", - "reference": "02600c041e7d0f4b7d1fe1d260565ec525472fa9", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/2f5cbed597cb261d1ea458f3da3a9ad32e670b1e", + "reference": "2f5cbed597cb261d1ea458f3da3a9ad32e670b1e", "shasum": "" }, "require": { @@ -3514,9 +3514,9 @@ "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", "support": { "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues", - "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.0" + "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.1" }, - "time": "2026-01-07T20:22:53+00:00" + "time": "2026-01-20T15:30:42+00:00" }, { "name": "phpdocumentor/type-resolver", From b12c36f675274fd159ead5b19f7c74adf83302d7 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 21 Jan 2026 12:12:48 +0000 Subject: [PATCH 0917/1064] watchtower-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/watchtower/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index cd5238ac..0aeb6fd7 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,13 +1,13 @@ # syntax=docker/dockerfile:latest FROM golang:1.25.5-alpine3.23 AS go -ENV WATCHTOWER_COMMIT_HASH=f6a7b29c312bec5f389a4fb52259919f0678800b +ENV WATCHTOWER_COMMIT_HASH=f522ce27e1fbe4618da54833025a95be62aa838a RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ build-base; \ - go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.13.1 + go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.0 FROM alpine:3.23.2 From 708e542270df92a7baf4e01fc314bb45054f8183 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 21 Jan 2026 12:16:29 +0000 Subject: [PATCH 0918/1064] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 9c468bbb..6968ac31 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=32.0.4 +ENV NEXTCLOUD_VERSION=32.0.5 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From f59b2776c796ea4216ec8c6d5063ba5fb877e0dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Jan 2026 04:08:30 +0000 Subject: [PATCH 0919/1064] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.4.16-fpm-alpine3.23 to 8.4.17-fpm-alpine3.23. --- updated-dependencies: - dependency-name: php dependency-version: 8.4.17-fpm-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index d2019e49..ed930781 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -6,7 +6,7 @@ FROM docker:29.1.4-cli AS docker FROM caddy:2.10.2-alpine AS caddy # From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile -FROM php:8.4.16-fpm-alpine3.23 +FROM php:8.4.17-fpm-alpine3.23 EXPOSE 80 EXPOSE 8080 From 8eed705a906351ed15e8f379650e1c6d22021d44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Jan 2026 04:08:35 +0000 Subject: [PATCH 0920/1064] build(deps): bump php in /Containers/nextcloud Bumps php from 8.3.29-fpm-alpine3.23 to 8.3.30-fpm-alpine3.23. --- updated-dependencies: - dependency-name: php dependency-version: 8.3.30-fpm-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 9c468bbb..f3181a05 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM php:8.3.29-fpm-alpine3.23 +FROM php:8.3.30-fpm-alpine3.23 ENV PHP_MEMORY_LIMIT=512M ENV PHP_UPLOAD_LIMIT=16G From a7c091a5b26835db3ca579e9266fa02cc37172d0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 22 Jan 2026 12:21:26 +0100 Subject: [PATCH 0921/1064] mastercontainer: also add `wud.watch` label Signed-off-by: Simon L. --- Containers/mastercontainer/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index e92d0a86..2fea59d1 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -127,6 +127,7 @@ RUN set -ex; \ # hadolint ignore=DL3048 LABEL org.label-schema.vendor="Nextcloud" \ + wud.watch="false" \ com.docker.compose.project="nextcloud-aio" # hadolint ignore=DL3002 From 8fb3126ce7e11bdc9d6d2f7c609478ce72c89848 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 21 Jan 2026 14:30:23 +0100 Subject: [PATCH 0922/1064] `CreateContainer`: also insert the max shutdown time into the container itself Signed-off-by: Simon L. --- php/src/Docker/DockerActionManager.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 1743c4a5..fb3701a4 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -356,6 +356,11 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Init'] = $container->init; + $maxShutDownTime = $container->maxShutdownTime; + if ($maxShutDownTime > 0) { + $requestBody['StopTimeout'] = $maxShutDownTime; + } + $capAdds = $container->capAdd; if (count($capAdds) > 0) { $requestBody['HostConfig']['CapAdd'] = $capAdds; From 00688a52bd9e85768398eb01c8389f940233268d Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 22 Jan 2026 13:12:02 +0000 Subject: [PATCH 0923/1064] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-apache-service.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-clamav-service.yaml | 2 +- .../templates/nextcloud-aio-collabora-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-collabora-service.yaml | 2 +- .../templates/nextcloud-aio-database-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-database-service.yaml | 2 +- .../nextcloud-aio-fulltextsearch-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-fulltextsearch-service.yaml | 2 +- .../templates/nextcloud-aio-imaginary-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-imaginary-service.yaml | 2 +- .../templates/nextcloud-aio-nextcloud-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-nextcloud-service.yaml | 2 +- .../templates/nextcloud-aio-notify-push-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-notify-push-service.yaml | 2 +- .../templates/nextcloud-aio-onlyoffice-deployment.yaml | 8 ++++---- .../templates/nextcloud-aio-onlyoffice-service.yaml | 2 +- .../templates/nextcloud-aio-redis-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-redis-service.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 6 +++--- .../nextcloud-aio-talk-recording-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-talk-recording-service.yaml | 2 +- .../templates/nextcloud-aio-talk-service.yaml | 4 ++-- .../templates/nextcloud-aio-whiteboard-deployment.yaml | 6 +++--- .../templates/nextcloud-aio-whiteboard-service.yaml | 2 +- 27 files changed, 60 insertions(+), 60 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index 7d990549..6288a381 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 12.4.0 +version: 12.5.0 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 6cdf8db8..e540791c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-apache name: nextcloud-aio-apache @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-apache spec: @@ -61,7 +61,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-apache:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml index 404ee626..98e33a4d 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-apache name: nextcloud-aio-apache diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index d7627802..57ec7739 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-clamav name: nextcloud-aio-clamav @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-clamav spec: @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-clamav:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml index 8dc8597d..8b236093 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-clamav name: nextcloud-aio-clamav diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 7e86c402..cd4e1368 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-collabora name: nextcloud-aio-collabora @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-collabora spec: @@ -36,9 +36,9 @@ spec: - name: server_name value: "{{ .Values.NC_DOMAIN }}" {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }} - image: ghcr.io/nextcloud-releases/aio-collabora-online:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-collabora-online:20260122_105751 {{- else }} - image: ghcr.io/nextcloud-releases/aio-collabora:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-collabora:20260122_105751 {{- end }} readinessProbe: exec: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml index ebe7bf3f..5c81ef3e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-collabora name: nextcloud-aio-collabora diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index 055ecd0a..be6a9c90 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-database name: nextcloud-aio-database @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-database spec: @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-postgresql:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml index 9451d908..45fdce3a 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-database name: nextcloud-aio-database diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index df30e6a8..bed60a0c 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-fulltextsearch name: nextcloud-aio-fulltextsearch @@ -18,13 +18,13 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-fulltextsearch spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml index ae759475..efe474b3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-fulltextsearch name: nextcloud-aio-fulltextsearch diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index d2fc1375..af15d4b3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-imaginary name: nextcloud-aio-imaginary @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-imaginary spec: @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-imaginary:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml index a5fb3266..44a57006 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-imaginary name: nextcloud-aio-imaginary diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index fe72d307..8b6e8211 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-nextcloud name: nextcloud-aio-nextcloud @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-nextcloud spec: @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751 command: - chmod - "777" @@ -190,7 +190,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20260122_105751 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml index 18cf84d8..08ab70f2 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-nextcloud name: nextcloud-aio-nextcloud diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index 5b05336e..c8e30d05 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-notify-push name: nextcloud-aio-notify-push @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-notify-push spec: @@ -57,7 +57,7 @@ spec: value: "6379" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-notify-push:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml index 2b7bfccd..986d98d4 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-notify-push name: nextcloud-aio-notify-push diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index 0e3a7fda..2bb79f19 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-onlyoffice name: nextcloud-aio-onlyoffice @@ -18,13 +18,13 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-onlyoffice spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-alpine:20260122_105751 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml index 6ff9afa1..5fc10b85 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-onlyoffice name: nextcloud-aio-onlyoffice diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 1ccebd79..28335e64 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-redis name: nextcloud-aio-redis @@ -17,7 +17,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-redis spec: @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-redis:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml index af82a0bb..a6a9a0a5 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-redis name: nextcloud-aio-redis diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index 8635a6ce..679dd66e 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-talk spec: @@ -52,7 +52,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-talk:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 2cfcaa53..8e631656 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-talk-recording name: nextcloud-aio-talk-recording @@ -18,7 +18,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-talk-recording spec: @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml index 4410ed72..87fe0355 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-talk-recording name: nextcloud-aio-talk-recording diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml index 10d17177..65388792 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk-public @@ -27,7 +27,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-talk name: nextcloud-aio-talk diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 50dfc3c4..5788cfa0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-whiteboard name: nextcloud-aio-whiteboard @@ -16,7 +16,7 @@ spec: template: metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-whiteboard spec: @@ -50,7 +50,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20260114_114729 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20260122_105751 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml index 8c8cb5aa..299f1ec3 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: annotations: - kompose.version: 1.37.0 (fb0539e64) + kompose.version: 1.38.0 (a8f5d1cbd) labels: io.kompose.service: nextcloud-aio-whiteboard name: nextcloud-aio-whiteboard From c47ace7718a790c01e631ec3b4398293a298fa11 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 22 Jan 2026 13:33:38 +0000 Subject: [PATCH 0924/1064] imaginary-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 0a0c14ce..650c4c67 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:latest FROM golang:1.25.6-alpine3.23 AS go -ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee +ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee RUN set -ex; \ apk upgrade --no-cache -a; \ From 664ca0b26d0e69e1ebda9ea2010113b1f63b4d90 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 22 Jan 2026 21:08:08 +0100 Subject: [PATCH 0925/1064] Add Code of conduct See: https://github.com/nextcloud/server/blob/master/CODE_OF_CONDUCT.md Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- CODE_OF_CONDUCT.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..fec85a59 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,13 @@ + +In the Nextcloud community, participants from all over the world come together to create Free Software for a free internet. This is made possible by the support, hard work and enthusiasm of thousands of people, including those who create and use Nextcloud software. + +Our code of conduct offers some guidance to ensure Nextcloud participants can cooperate effectively in a positive and inspiring atmosphere, and to explain how together we can strengthen and support each other. + +The Code of Conduct is shared by all contributors and users who engage with the Nextcloud team and its community services. It presents a summary of the shared values and “common sense” thinking in our community. + +You can find our full code of conduct on our website: https://nextcloud.com/code-of-conduct/ + +Please, keep our CoC in mind when you contribute! That way, everyone can be a part of our community in a productive, positive, creative and fun way. From 89be3d9e234af8db8c07847539b6ae8354e16b29 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 22 Jan 2026 21:12:39 +0100 Subject: [PATCH 0926/1064] Add files via upload Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- .github/pull_request_template.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 00000000..7958ceab --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,25 @@ + + +* Resolves: # + +## Summary + + +## TODO + +- [ ] ... + +## Checklist + +- Code is [properly formatted](https://docs.nextcloud.com/server/latest/developer_manual/digging_deeper/continuous_integration.html#linting) +- [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits +- [ ] Tests ([unit](https://docs.nextcloud.com/server/latest/developer_manual/app_development/tutorial.html#unit-tests), [integration](https://docs.nextcloud.com/server/latest/developer_manual/app_development/tutorial.html#integration-tests), api and/or acceptance) are included +- [ ] Screenshots before/after for front-end changes +- [ ] Documentation ([manuals](https://github.com/nextcloud/documentation/) or wiki) has been updated or is not required +- [ ] [Backports requested](https://github.com/nextcloud/backportbot/#usage) where applicable (ex: critical bugfixes) +- [ ] [Labels added](https://github.com/nextcloud/server/labels) where applicable (ex: bug/enhancement, `3. to review`, feature component) +- [ ] [Milestone added](https://github.com/nextcloud/server/milestones) for target branch/version (ex: 32.x for `stable32`) From db07c79db1cc692903a637cb0cadd5d9b79755ca Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 22 Jan 2026 21:20:36 +0100 Subject: [PATCH 0927/1064] novodb: add (deprecated) to its display name Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/nocodb/nocodb.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/nocodb/nocodb.json b/community-containers/nocodb/nocodb.json index 7ef4cc5c..e93d173c 100644 --- a/community-containers/nocodb/nocodb.json +++ b/community-containers/nocodb/nocodb.json @@ -2,7 +2,7 @@ "aio_services_v1": [ { "container_name": "nextcloud-aio-nocodb", - "display_name": "NocoDB", + "display_name": "NocoDB (deprecated)", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb", "image": "nocodb/nocodb", "image_tag": "latest", From e1718faf0b4364283a4925a8b7163511f272ffae Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 22 Jan 2026 21:24:35 +0100 Subject: [PATCH 0928/1064] Update README with licensing and maintenance notes Added caution and note about NocoDB licensing and maintenance status. Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/nocodb/readme.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/community-containers/nocodb/readme.md b/community-containers/nocodb/readme.md index 4c1281b5..fa23f8f6 100644 --- a/community-containers/nocodb/readme.md +++ b/community-containers/nocodb/readme.md @@ -1,3 +1,8 @@ +> [!CAUTION] +> NocoDB is licensed under a non-free license. +> +> And is no longer maintained. + > [!NOTE] > This container is there to compensate for the lack of functionality in Nextcloud Tables. > From 0e868c4570826497fd32b24d3d4bbd7d03d6557d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 Jan 2026 12:08:36 +0000 Subject: [PATCH 0929/1064] build(deps): bump actions/checkout in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v6.0.1...v6.0.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codespell.yml | 2 +- .github/workflows/collabora.yml | 2 +- .github/workflows/community-containers.yml | 2 +- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/docker-lint.yml | 2 +- .github/workflows/helm-release.yml | 2 +- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/json-validator.yml | 2 +- .github/workflows/lint-helm.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/lint-yaml.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/playwright-on-push.yml | 2 +- .github/workflows/playwright-on-workflow-dispatch.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- .github/workflows/update-copyright.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- .github/workflows/watchtower-update.yml | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 2bd4823a..2fff5ddb 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: Check spelling uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2 with: diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml index 8e464925..abf5d520 100644 --- a/.github/workflows/collabora.yml +++ b/.github/workflows/collabora.yml @@ -10,7 +10,7 @@ jobs: name: update collabora runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - name: Run collabora-profile-update run: | rm -f php/cool-seccomp-profile.json diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml index 7446677f..cfe35ee0 100644 --- a/.github/workflows/community-containers.yml +++ b/.github/workflows/community-containers.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: Validate structure run: | CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)" diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 1b448139..3a40363b 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -10,7 +10,7 @@ jobs: name: Run dependency update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml index 917df1d6..b9ce68ef 100644 --- a/.github/workflows/docker-lint.yml +++ b/.github/workflows/docker-lint.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: Install hadolint run: | diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index a4f441c2..f621f229 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: Turnstyle uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2 diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index 060b376e..7440a09f 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -10,7 +10,7 @@ jobs: name: update to latest imaginary commit on master branch runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - name: Run imaginary-update run: | # Imaginary diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml index 4cbd28ed..4213296b 100644 --- a/.github/workflows/json-validator.yml +++ b/.github/workflows/json-validator.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: Validate Json run: | sudo apt-get update diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml index 7beec865..1ea877a6 100644 --- a/.github/workflows/lint-helm.yml +++ b/.github/workflows/lint-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 0c5e2c74..12cba439 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1 + uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1 with: persist-credentials: false diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index 3bb1d33f..010077ca 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index 7fe5bbf9..b96ac2b9 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -11,7 +11,7 @@ jobs: name: Run nextcloud-update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - name: Run nextcloud-update script run: | # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index c8638683..ee35830c 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -16,7 +16,7 @@ jobs: name: PHP Deprecation Detector runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml index af8dec02..28ba7d9c 100644 --- a/.github/workflows/playwright-on-push.yml +++ b/.github/workflows/playwright-on-push.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - uses: actions/setup-node@v6 with: diff --git a/.github/workflows/playwright-on-workflow-dispatch.yml b/.github/workflows/playwright-on-workflow-dispatch.yml index 252a6510..483811f2 100644 --- a/.github/workflows/playwright-on-workflow-dispatch.yml +++ b/.github/workflows/playwright-on-workflow-dispatch.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - uses: actions/setup-node@v6 with: diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 1bd47ac4..14715108 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index bdae585e..cbc77bf5 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -32,7 +32,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1 + uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1 with: persist-credentials: false diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 86954033..0ef69085 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -15,7 +15,7 @@ jobs: name: Check Shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - name: Run Shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 with: diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index f28ad9f2..c1b96d24 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -10,7 +10,7 @@ jobs: name: update talk runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - name: Run talk-container-update run: | # Recording diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 7e9b5cdc..3b04704d 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml index f7960ead..95329d3c 100644 --- a/.github/workflows/update-copyright.yml +++ b/.github/workflows/update-copyright.yml @@ -8,4 +8,4 @@ jobs: name: update copyright runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index ee8e4669..2f441735 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: update helm chart run: | set -x diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index ba92fd50..41b0adf2 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.1 + uses: actions/checkout@v6.0.2 - name: update yaml files run: | sudo bash manual-install/update-yaml.sh diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml index be929285..b26cd1a4 100644 --- a/.github/workflows/watchtower-update.yml +++ b/.github/workflows/watchtower-update.yml @@ -10,7 +10,7 @@ jobs: name: update watchtower runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.1 + - uses: actions/checkout@v6.0.2 - name: Run watchtower-container-update run: | # Watchtower From d2940b0dc8d3c92d9647c4faf101b4e19e37b6d1 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Sat, 24 Jan 2026 12:03:23 +0000 Subject: [PATCH 0930/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 75e53dfe..30c13df6 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -1644,16 +1644,16 @@ }, { "name": "twig/twig", - "version": "v3.22.2", + "version": "v3.23.0", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2" + "reference": "a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/946ddeafa3c9f4ce279d1f34051af041db0e16f2", - "reference": "946ddeafa3c9f4ce279d1f34051af041db0e16f2", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9", + "reference": "a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9", "shasum": "" }, "require": { @@ -1707,7 +1707,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.22.2" + "source": "https://github.com/twigphp/Twig/tree/v3.23.0" }, "funding": [ { @@ -1719,7 +1719,7 @@ "type": "tidelift" } ], - "time": "2025-12-14T11:28:47+00:00" + "time": "2026-01-23T21:00:41+00:00" } ], "packages-dev": [ From 7e2e0d11daf517a303da09ac4906d032697220d5 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Sun, 25 Jan 2026 12:03:33 +0000 Subject: [PATCH 0931/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 30c13df6..42bc1415 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -3890,16 +3890,16 @@ }, { "name": "symfony/console", - "version": "v6.4.31", + "version": "v6.4.32", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997" + "reference": "0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/f9f8a889f54c264f9abac3fc0f7a371ffca51997", - "reference": "f9f8a889f54c264f9abac3fc0f7a371ffca51997", + "url": "https://api.github.com/repos/symfony/console/zipball/0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3", + "reference": "0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3", "shasum": "" }, "require": { @@ -3964,7 +3964,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.31" + "source": "https://github.com/symfony/console/tree/v6.4.32" }, "funding": [ { @@ -3984,7 +3984,7 @@ "type": "tidelift" } ], - "time": "2025-12-22T08:30:34+00:00" + "time": "2026-01-13T08:45:59+00:00" }, { "name": "symfony/filesystem", @@ -4058,16 +4058,16 @@ }, { "name": "symfony/finder", - "version": "v6.4.31", + "version": "v6.4.32", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b" + "reference": "3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/5547f2e1f0ca8e2e7abe490156b62da778cfbe2b", - "reference": "5547f2e1f0ca8e2e7abe490156b62da778cfbe2b", + "url": "https://api.github.com/repos/symfony/finder/zipball/3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de", + "reference": "3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de", "shasum": "" }, "require": { @@ -4102,7 +4102,7 @@ "description": "Finds files and directories via an intuitive fluent interface", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/finder/tree/v6.4.31" + "source": "https://github.com/symfony/finder/tree/v6.4.32" }, "funding": [ { @@ -4122,7 +4122,7 @@ "type": "tidelift" } ], - "time": "2025-12-11T14:52:17+00:00" + "time": "2026-01-10T14:09:00+00:00" }, { "name": "symfony/polyfill-intl-grapheme", @@ -4460,16 +4460,16 @@ }, { "name": "symfony/string", - "version": "v7.4.0", + "version": "v7.4.4", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003" + "reference": "1c4b10461bf2ec27537b5f36105337262f5f5d6f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/d50e862cb0a0e0886f73ca1f31b865efbb795003", - "reference": "d50e862cb0a0e0886f73ca1f31b865efbb795003", + "url": "https://api.github.com/repos/symfony/string/zipball/1c4b10461bf2ec27537b5f36105337262f5f5d6f", + "reference": "1c4b10461bf2ec27537b5f36105337262f5f5d6f", "shasum": "" }, "require": { @@ -4527,7 +4527,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.4.0" + "source": "https://github.com/symfony/string/tree/v7.4.4" }, "funding": [ { @@ -4547,7 +4547,7 @@ "type": "tidelift" } ], - "time": "2025-11-27T13:27:24+00:00" + "time": "2026-01-12T10:54:30+00:00" }, { "name": "vimeo/psalm", From 0df6c0a645e1a117978d70e109d676977f5dc243 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Sun, 25 Jan 2026 11:41:58 +0100 Subject: [PATCH 0932/1064] mastercontainer: make check for correct volume name more strict Signed-off-by: Simon L. --- Containers/mastercontainer/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index ad1734f1..a65e29ae 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -166,7 +166,7 @@ elif ! sudo -E -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nex print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.) Using a different name is not supported since the built-in backup solution will not work in that case!" exit 1 -elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then +elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer --format '{{.Mounts}}' | grep -q " nextcloud_aio_mastercontainer "; then print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer? This is not supported since the built-in backup solution will not work in that case!" exit 1 From ebe3d7ee838a7d74dd1129555ad99a80dfd0c834 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 26 Jan 2026 11:55:19 +0100 Subject: [PATCH 0933/1064] increase to v12.6.0 Signed-off-by: Simon L. --- php/templates/includes/aio-version.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig index b7d7205d..062985d4 100644 --- a/php/templates/includes/aio-version.twig +++ b/php/templates/includes/aio-version.twig @@ -1 +1 @@ -12.5.0 +12.6.0 From 27eae80466a43ea5e181309fb150730b0283c9a0 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 22 Jan 2026 17:50:28 +0100 Subject: [PATCH 0934/1064] pin all actions via commit hash Signed-off-by: Simon L. --- .github/workflows/codespell.yml | 2 +- .github/workflows/collabora.yml | 2 +- .github/workflows/community-containers.yml | 2 +- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/docker-lint.yml | 2 +- .github/workflows/helm-release.yml | 2 +- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/json-validator.yml | 2 +- .github/workflows/lint-helm.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/playwright-on-push.yml | 6 +++--- .github/workflows/playwright-on-workflow-dispatch.yml | 6 +++--- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- .github/workflows/update-copyright.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- .github/workflows/watchtower-update.yml | 2 +- zizmor.yml | 6 ++---- 24 files changed, 29 insertions(+), 31 deletions(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 2fff5ddb..94af09c8 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v6.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Check spelling uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2 with: diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml index abf5d520..39758f3e 100644 --- a/.github/workflows/collabora.yml +++ b/.github/workflows/collabora.yml @@ -10,7 +10,7 @@ jobs: name: update collabora runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run collabora-profile-update run: | rm -f php/cool-seccomp-profile.json diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml index cfe35ee0..c901358d 100644 --- a/.github/workflows/community-containers.yml +++ b/.github/workflows/community-containers.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Validate structure run: | CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)" diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 3a40363b..66404af5 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -10,7 +10,7 @@ jobs: name: Run dependency update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml index b9ce68ef..7a5509df 100644 --- a/.github/workflows/docker-lint.yml +++ b/.github/workflows/docker-lint.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install hadolint run: | diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index f621f229..528c6cd3 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Turnstyle uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2 diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index 7440a09f..e182b073 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -10,7 +10,7 @@ jobs: name: update to latest imaginary commit on master branch runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run imaginary-update run: | # Imaginary diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml index 4213296b..68b66812 100644 --- a/.github/workflows/json-validator.yml +++ b/.github/workflows/json-validator.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Validate Json run: | sudo apt-get update diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml index 1ea877a6..e65d7cdc 100644 --- a/.github/workflows/lint-helm.yml +++ b/.github/workflows/lint-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 12cba439..69c42c2b 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index b96ac2b9..aaaa26eb 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -11,7 +11,7 @@ jobs: name: Run nextcloud-update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run nextcloud-update script run: | # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index ee35830c..61ae7c0d 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -16,7 +16,7 @@ jobs: name: PHP Deprecation Detector runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml index 28ba7d9c..2eda156e 100644 --- a/.github/workflows/playwright-on-push.yml +++ b/.github/workflows/playwright-on-push.yml @@ -24,9 +24,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: node-version: lts/* @@ -114,7 +114,7 @@ jobs: exit 1 fi - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 if: ${{ !cancelled() }} with: name: playwright-report diff --git a/.github/workflows/playwright-on-workflow-dispatch.yml b/.github/workflows/playwright-on-workflow-dispatch.yml index 483811f2..ab31c564 100644 --- a/.github/workflows/playwright-on-workflow-dispatch.yml +++ b/.github/workflows/playwright-on-workflow-dispatch.yml @@ -13,9 +13,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-node@v6 + - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: node-version: lts/* @@ -82,7 +82,7 @@ jobs: exit 1 fi - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 if: ${{ !cancelled() }} with: name: playwright-report diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 14715108..45860741 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index cbc77bf5..47a6994c 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -32,7 +32,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 0ef69085..8b746c05 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -15,7 +15,7 @@ jobs: name: Check Shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run Shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 with: diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index c1b96d24..6057ed1a 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -10,7 +10,7 @@ jobs: name: update talk runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run talk-container-update run: | # Recording diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 3b04704d..07e6549b 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml index 95329d3c..f453a05c 100644 --- a/.github/workflows/update-copyright.yml +++ b/.github/workflows/update-copyright.yml @@ -8,4 +8,4 @@ jobs: name: update copyright runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 2f441735..69974d3a 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: update helm chart run: | set -x diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index 41b0adf2..41a54a41 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: update yaml files run: | sudo bash manual-install/update-yaml.sh diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml index b26cd1a4..34938de0 100644 --- a/.github/workflows/watchtower-update.yml +++ b/.github/workflows/watchtower-update.yml @@ -10,7 +10,7 @@ jobs: name: update watchtower runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.2 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run watchtower-container-update run: | # Watchtower diff --git a/zizmor.yml b/zizmor.yml index a991eaa5..7601baa4 100644 --- a/zizmor.yml +++ b/zizmor.yml @@ -4,7 +4,5 @@ rules: dangerous-triggers: ignore: - build_images.yml - unpinned-uses: - config: - policies: - actions/*: ref-pin + artipacked: + disable: true From 3e6deb8802848222f3a00b38b101464d3afc922e Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Mon, 26 Jan 2026 12:04:00 +0000 Subject: [PATCH 0935/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 42bc1415..ee344d52 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -3578,16 +3578,16 @@ }, { "name": "phpstan/phpdoc-parser", - "version": "2.3.1", + "version": "2.3.2", "source": { "type": "git", "url": "https://github.com/phpstan/phpdoc-parser.git", - "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374" + "reference": "a004701b11273a26cd7955a61d67a7f1e525a45a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/16dbf9937da8d4528ceb2145c9c7c0bd29e26374", - "reference": "16dbf9937da8d4528ceb2145c9c7c0bd29e26374", + "url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/a004701b11273a26cd7955a61d67a7f1e525a45a", + "reference": "a004701b11273a26cd7955a61d67a7f1e525a45a", "shasum": "" }, "require": { @@ -3619,9 +3619,9 @@ "description": "PHPDoc parser with support for nullable, intersection and generic types", "support": { "issues": "https://github.com/phpstan/phpdoc-parser/issues", - "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.1" + "source": "https://github.com/phpstan/phpdoc-parser/tree/2.3.2" }, - "time": "2026-01-12T11:33:04+00:00" + "time": "2026-01-25T14:56:51+00:00" }, { "name": "revolt/event-loop", From 3f85f10bfb7e0cf913b94365209a09edd13b0cf1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jan 2026 13:08:44 +0000 Subject: [PATCH 0936/1064] build(deps): bump actions/checkout in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6.0.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codespell.yml | 2 +- .github/workflows/collabora.yml | 2 +- .github/workflows/community-containers.yml | 2 +- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/docker-lint.yml | 2 +- .github/workflows/helm-release.yml | 2 +- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/json-validator.yml | 2 +- .github/workflows/lint-helm.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/lint-yaml.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/playwright-on-push.yml | 2 +- .github/workflows/playwright-on-workflow-dispatch.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- .github/workflows/update-copyright.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- .github/workflows/watchtower-update.yml | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 94af09c8..475940a9 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check spelling uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2 with: diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml index 39758f3e..81ea8ff1 100644 --- a/.github/workflows/collabora.yml +++ b/.github/workflows/collabora.yml @@ -10,7 +10,7 @@ jobs: name: update collabora runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run collabora-profile-update run: | rm -f php/cool-seccomp-profile.json diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml index c901358d..5271bfa8 100644 --- a/.github/workflows/community-containers.yml +++ b/.github/workflows/community-containers.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Validate structure run: | CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)" diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 66404af5..7bdc5d1a 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -10,7 +10,7 @@ jobs: name: Run dependency update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml index 7a5509df..3f09bb98 100644 --- a/.github/workflows/docker-lint.yml +++ b/.github/workflows/docker-lint.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install hadolint run: | diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 528c6cd3..ba3b865d 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Turnstyle uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2 diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index e182b073..171fb132 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -10,7 +10,7 @@ jobs: name: update to latest imaginary commit on master branch runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run imaginary-update run: | # Imaginary diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml index 68b66812..8c0a7f45 100644 --- a/.github/workflows/json-validator.yml +++ b/.github/workflows/json-validator.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Validate Json run: | sudo apt-get update diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml index e65d7cdc..61e51450 100644 --- a/.github/workflows/lint-helm.yml +++ b/.github/workflows/lint-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 69c42c2b..c0d2d577 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index 010077ca..e36b8f4c 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index aaaa26eb..5b420c20 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -11,7 +11,7 @@ jobs: name: Run nextcloud-update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run nextcloud-update script run: | # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index 61ae7c0d..38b0fa8d 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -16,7 +16,7 @@ jobs: name: PHP Deprecation Detector runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml index 2eda156e..40277e57 100644 --- a/.github/workflows/playwright-on-push.yml +++ b/.github/workflows/playwright-on-push.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: diff --git a/.github/workflows/playwright-on-workflow-dispatch.yml b/.github/workflows/playwright-on-workflow-dispatch.yml index ab31c564..6d2f6d32 100644 --- a/.github/workflows/playwright-on-workflow-dispatch.yml +++ b/.github/workflows/playwright-on-workflow-dispatch.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 45860741..0c2f8aee 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 47a6994c..2bab876e 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -32,7 +32,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 8b746c05..b051c355 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -15,7 +15,7 @@ jobs: name: Check Shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 with: diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index 6057ed1a..28f9fef7 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -10,7 +10,7 @@ jobs: name: update talk runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run talk-container-update run: | # Recording diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 07e6549b..27b8776d 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml index f453a05c..103851c9 100644 --- a/.github/workflows/update-copyright.yml +++ b/.github/workflows/update-copyright.yml @@ -8,4 +8,4 @@ jobs: name: update copyright runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 69974d3a..2dcd2e73 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: update helm chart run: | set -x diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index 41a54a41..a60ea1c6 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: update yaml files run: | sudo bash manual-install/update-yaml.sh diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml index 34938de0..c04657be 100644 --- a/.github/workflows/watchtower-update.yml +++ b/.github/workflows/watchtower-update.yml @@ -10,7 +10,7 @@ jobs: name: update watchtower runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run watchtower-container-update run: | # Watchtower From 59e0776808f377244484d2ed59d499d484e7960c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jan 2026 04:06:09 +0000 Subject: [PATCH 0937/1064] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.1.5-cli to 29.2.0-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.2.0-cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 2fea59d1..f3079ca7 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.1.5-cli AS docker +FROM docker:29.2.0-cli AS docker # Caddy is a requirement FROM caddy:2.10.2-alpine AS caddy From 0213d8e548066624e202a387d01ca3f65791ae53 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jan 2026 04:08:45 +0000 Subject: [PATCH 0938/1064] build(deps): bump nats in /Containers/talk Bumps nats from 2.12.3-scratch to 2.12.4-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.12.4-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index fb78f943..fc8cc54a 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.12.3-scratch AS nats +FROM nats:2.12.4-scratch AS nats FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling FROM alpine:3.23.2 AS janus From 3f4eecaa9654c5c88c5b2fc5b24f40352f9236c3 Mon Sep 17 00:00:00 2001 From: Julius Knorr Date: Wed, 28 Jan 2026 09:53:53 +0100 Subject: [PATCH 0939/1064] feat: Add office switcher with feature comparison (#7421) Signed-off-by: Julius Knorr Signed-off-by: Simon L. Signed-off-by: Andrew Backhouse Co-authored-by: Simon L. Co-authored-by: Andrew Backhouse --- php/public/containers-form-submit.js | 58 ++++++- php/public/disable-collabora.js | 2 +- php/public/disable-onlyoffice.js | 6 +- php/public/style.css | 163 +++++++++++++++++- .../Controller/ConfigurationController.php | 24 +-- php/templates/containers.twig | 2 +- .../includes/optional-containers.twig | 134 ++++++++++---- php/templates/layout.twig | 2 +- php/tests/tests/initial-setup.spec.js | 6 +- 9 files changed, 338 insertions(+), 59 deletions(-) diff --git a/php/public/containers-form-submit.js b/php/public/containers-form-submit.js index b7ffd2d8..1382bced 100644 --- a/php/public/containers-form-submit.js +++ b/php/public/containers-form-submit.js @@ -1,7 +1,9 @@ document.addEventListener("DOMContentLoaded", function () { // Hide submit button initially - const optionsFormSubmit = document.getElementById("options-form-submit"); - optionsFormSubmit.style.display = 'none'; + const optionsFormSubmit = document.querySelectorAll(".options-form-submit"); + optionsFormSubmit.forEach(element => { + element.style.display = 'none'; + }); const communityFormSubmit = document.getElementById("community-form-submit"); communityFormSubmit.style.display = 'none'; @@ -12,6 +14,14 @@ document.addEventListener("DOMContentLoaded", function () { const optionsContainersCheckboxes = document.querySelectorAll("#options-form input[type='checkbox']"); const communityContainersCheckboxes = document.querySelectorAll("#community-form input[type='checkbox']"); + // Office suite radio buttons + const collaboraRadio = document.getElementById('office-collabora'); + const onlyofficeRadio = document.getElementById('office-onlyoffice'); + const noneRadio = document.getElementById('office-none'); + const collaboraHidden = document.getElementById('collabora'); + const onlyofficeHidden = document.getElementById('onlyoffice'); + let initialOfficeSelection = null; + optionsContainersCheckboxes.forEach(checkbox => { initialStateOptionsContainers[checkbox.id] = checkbox.checked; // Use checked property to capture actual initial state }); @@ -20,6 +30,17 @@ document.addEventListener("DOMContentLoaded", function () { initialStateCommunityContainers[checkbox.id] = checkbox.checked; // Use checked property to capture actual initial state }); + // Store initial office suite selection + if (collaboraRadio && onlyofficeRadio && noneRadio) { + if (collaboraRadio.checked) { + initialOfficeSelection = 'collabora'; + } else if (onlyofficeRadio.checked) { + initialOfficeSelection = 'onlyoffice'; + } else { + initialOfficeSelection = 'none'; + } + } + // Function to compare current states to initial states function checkForOptionContainerChanges() { let hasChanges = false; @@ -30,8 +51,32 @@ document.addEventListener("DOMContentLoaded", function () { } }); + // Check office suite changes and sync to hidden inputs + if (collaboraRadio && onlyofficeRadio && noneRadio && collaboraHidden && onlyofficeHidden) { + let currentOfficeSelection = null; + if (collaboraRadio.checked) { + currentOfficeSelection = 'collabora'; + collaboraHidden.value = 'on'; + onlyofficeHidden.value = ''; + } else if (onlyofficeRadio.checked) { + currentOfficeSelection = 'onlyoffice'; + collaboraHidden.value = ''; + onlyofficeHidden.value = 'on'; + } else { + currentOfficeSelection = 'none'; + collaboraHidden.value = ''; + onlyofficeHidden.value = ''; + } + + if (currentOfficeSelection !== initialOfficeSelection) { + hasChanges = true; + } + } + // Show or hide submit button based on changes - optionsFormSubmit.style.display = hasChanges ? 'block' : 'none'; + optionsFormSubmit.forEach(element => { + element.style.display = hasChanges ? 'block' : 'none'; + }); } // Function to compare current states to initial states @@ -82,6 +127,13 @@ document.addEventListener("DOMContentLoaded", function () { // Initialize talk-recording visibility on page load handleTalkVisibility(); // Ensure talk-recording is correctly initialized + // Add event listeners for office suite radio buttons + if (collaboraRadio && onlyofficeRadio && noneRadio) { + collaboraRadio.addEventListener('change', checkForOptionContainerChanges); + onlyofficeRadio.addEventListener('change', checkForOptionContainerChanges); + noneRadio.addEventListener('change', checkForOptionContainerChanges); + } + // Initial call to check for changes checkForOptionContainerChanges(); checkForCommunityContainerChanges(); diff --git a/php/public/disable-collabora.js b/php/public/disable-collabora.js index 3064ef51..762252ce 100644 --- a/php/public/disable-collabora.js +++ b/php/public/disable-collabora.js @@ -1,5 +1,5 @@ document.addEventListener("DOMContentLoaded", function(event) { // Collabora - let collabora = document.getElementById("collabora"); + const collabora = document.getElementById("office-collabora"); collabora.disabled = true; }); \ No newline at end of file diff --git a/php/public/disable-onlyoffice.js b/php/public/disable-onlyoffice.js index 83482339..c660bd9d 100644 --- a/php/public/disable-onlyoffice.js +++ b/php/public/disable-onlyoffice.js @@ -1,7 +1,5 @@ document.addEventListener("DOMContentLoaded", function(event) { // OnlyOffice - let onlyoffice = document.getElementById("onlyoffice"); - if (onlyoffice) { - onlyoffice.disabled = true; - } + const onlyoffice = document.getElementById("office-onlyoffice"); + onlyoffice.disabled = true; }); \ No newline at end of file diff --git a/php/public/style.css b/php/public/style.css index b4d5f8a5..b35883d0 100644 --- a/php/public/style.css +++ b/php/public/style.css @@ -28,7 +28,7 @@ --border-radius-large: 12px; --default-font-size: 13px; --checkbox-size: 16px; - --max-width: 500px; + --max-width: 580px; --container-top-margin: 20px; --container-bottom-margin: 20px; --container-padding: 2px; @@ -37,9 +37,9 @@ --main-padding: 50px; } -/* Breakpoint calculation: 500px (max-width) + 100px (main-padding * 2) + 200px (additional space) = 800px +/* Breakpoint calculation: 580px (max-width) + 100px (main-padding * 2) + 200px (additional space) = 880px Note: Unfortunately, it's not possible to calculate this dynamically using CSS variables in media queries */ -@media only screen and (max-width: 800px) { +@media only screen and (max-width: 880px) { :root { --container-top-margin: 50px; --container-bottom-margin: 0px; @@ -549,3 +549,160 @@ input[type="checkbox"]:disabled:not(:checked) + label { #theme-toggle:not(:hover) #theme-icon { opacity: 0.6; /* Slightly transparent */ } +/* Office Suite Feature Cards */ +.office-suite-cards { + display: grid; + grid-template-columns: repeat(auto-fit, minmax(220px, 1fr)); + gap: 16px; + margin: 20px 0; + align-items: stretch; +} + +.office-radio { + display: none; +} + +.office-card { + position: relative; + border: 2px solid var(--color-border-maxcontrast); + border-radius: var(--border-radius-large); + padding: 20px; + cursor: pointer; + transition: all 0.3s ease; + background-color: var(--color-main-background); + display: flex; + flex-direction: column; +} + +.office-card-disabled { + opacity: 50%; + pointer-events: none; +} + +.office-card:hover { + border-color: var(--color-primary-element); + box-shadow: 0 4px 12px rgba(0, 130, 201, 0.15); + transform: translateY(-2px); +} + +#office-collabora:checked + .office-card, +#office-onlyoffice:checked + .office-card { + border-color: var(--color-nextcloud-blue); + background: linear-gradient(135deg, rgba(0, 130, 201, 0.08) 0%, rgba(0, 130, 201, 0.02) 100%); +} + +[data-theme="dark"] #office-collabora:checked + .office-card, +[data-theme="dark"] #office-onlyoffice:checked + .office-card { + background: linear-gradient(135deg, rgba(0, 145, 242, 0.15) 0%, rgba(0, 145, 242, 0.03) 100%); +} + +.office-card-header { + display: flex; + justify-content: space-between; + align-items: center; + margin-bottom: 16px; +} + +.office-card h4 { + margin: 0; + height: 24px; + font-size: 18px; + font-weight: 600; + color: var(--color-main-text); +} + +.office-checkmark { + flex-shrink: 0; + display: none; +} + +#office-collabora:checked + .office-card .office-checkmark, +#office-onlyoffice:checked + .office-card .office-checkmark { + display: block; +} + +.office-features { + list-style: none; + padding: 0; + margin: 0; +} + +.office-features li { + position: relative; + padding-left: 20px; + margin-bottom: 4px; + font-size: var(--default-font-size); + line-height: 1.5; + color: var(--color-main-text); +} + +.office-features li::before { + content: '•'; + position: absolute; + left: 6px; + color: var(--color-nextcloud-blue); + font-weight: bold; +} + +.office-checkbox { + position: absolute; + opacity: 0; + pointer-events: none; +} + +.office-learn-more { + display: inline-flex; + align-items: center; + margin-top: 12px; + color: var(--color-primary-element); + text-decoration: none; + font-size: var(--default-font-size); + font-weight: 500; + transition: color 0.2s ease; +} + +.office-learn-more:hover { + color: var(--color-primary-element-hover); +} + +.office-learn-more svg { + transition: transform 0.2s ease; +} + +.office-learn-more:hover svg { + transform: translateX(3px); +} + +.office-none-card { + text-align: center; + margin: 12px 0 20px 0; +} + +.office-none-label { + display: inline-flex; + align-items: center; + font-size: 13px; + color: var(--color-primary-element); + cursor: pointer; + opacity: 0.7; + transition: opacity 0.2s ease; + padding: 8px 12px; + border-radius: var(--border-radius); +} + +.office-none-label:hover { + opacity: 1; + background-color: var(--color-primary-element-light); +} + +#office-none:checked + .office-none-label { + opacity: 1; + font-weight: 600; +} + +/* Responsive adjustments for mobile */ +@media only screen and (max-width: 800px) { + .office-suite-cards { + grid-template-columns: 1fr; + } +} \ No newline at end of file diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 45586f9c..b449db6a 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -76,24 +76,24 @@ readonly class ConfigurationController { } if (isset($request->getParsedBody()['options-form'])) { - if (isset($request->getParsedBody()['collabora']) && isset($request->getParsedBody()['onlyoffice'])) { - throw new InvalidSettingConfigurationException("Collabora and Onlyoffice are not allowed to be enabled at the same time!"); + $officeSuiteChoice = $request->getParsedBody()['office_suite_choice'] ?? ''; + + if ($officeSuiteChoice === 'collabora') { + $this->configurationManager->SetCollaboraEnabledState(1); + $this->configurationManager->SetOnlyofficeEnabledState(0); + } elseif ($officeSuiteChoice === 'onlyoffice') { + $this->configurationManager->SetCollaboraEnabledState(0); + $this->configurationManager->SetOnlyofficeEnabledState(1); + } else { + $this->configurationManager->SetCollaboraEnabledState(0); + $this->configurationManager->SetOnlyofficeEnabledState(0); } + if (isset($request->getParsedBody()['clamav'])) { $this->configurationManager->SetClamavEnabledState(1); } else { $this->configurationManager->SetClamavEnabledState(0); } - if (isset($request->getParsedBody()['onlyoffice'])) { - $this->configurationManager->SetOnlyofficeEnabledState(1); - } else { - $this->configurationManager->SetOnlyofficeEnabledState(0); - } - if (isset($request->getParsedBody()['collabora'])) { - $this->configurationManager->SetCollaboraEnabledState(1); - } else { - $this->configurationManager->SetCollaboraEnabledState(0); - } if (isset($request->getParsedBody()['talk'])) { $this->configurationManager->SetTalkEnabledState(1); } else { diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 2f722768..8e437bc2 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -27,7 +27,7 @@ {# js for optional containers and additional containers forms #} - + {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %} {% set isAnyRunning = false %} diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index b4764592..dcf59bfb 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -9,6 +9,105 @@ +

      Office Suite

      + {% if isAnyRunning == false %} +

      Choose your preferred office suite. Only one can be enabled at a time.

      + {% endif %} +
      + + + + + + +
      + {% if isAnyRunning == false %} +
      + + +
      + {% endif %} + +

      Additional Optional Containers

      -

      - - -

      -

      - - -

      +

      - +

      Minimal system requirements: When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV, Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see this documentation

      {% if isAnyRunning == true %} - - + + diff --git a/php/templates/layout.twig b/php/templates/layout.twig index 4d842e3d..79c615d9 100644 --- a/php/templates/layout.twig +++ b/php/templates/layout.twig @@ -1,7 +1,7 @@ AIO - + diff --git a/php/tests/tests/initial-setup.spec.js b/php/tests/tests/initial-setup.spec.js index c88cd8e3..1f21f011 100644 --- a/php/tests/tests/initial-setup.spec.js +++ b/php/tests/tests/initial-setup.spec.js @@ -32,12 +32,12 @@ test('Initial setup', async ({ page: setupPage }) => { await containersPage.locator('#talk').uncheck(); await containersPage.getByRole('checkbox', { name: 'Whiteboard' }).uncheck(); await containersPage.getByRole('checkbox', { name: 'Imaginary' }).uncheck(); - await containersPage.getByRole('checkbox', { name: 'Collabora' }).uncheck(); - await containersPage.getByRole('button', { name: 'Save changes' }).click(); + await containersPage.getByText('Disable office suite').click(); + await containersPage.getByRole('button', { name: 'Save changes' }).last().click(); await expect(containersPage.locator('#talk')).not.toBeChecked() await expect(containersPage.getByRole('checkbox', { name: 'Whiteboard' })).not.toBeChecked() await expect(containersPage.getByRole('checkbox', { name: 'Imaginary' })).not.toBeChecked() - await expect(containersPage.getByRole('checkbox', { name: 'Collabora' })).not.toBeChecked() + await expect(containersPage.locator('#office-none')).toBeChecked() // Reject invalid time zones await containersPage.locator('#timezone').click(); From 0b6c0733ab996a3141b0afebb794f40c5c290cfe Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Wed, 7 Jan 2026 17:29:24 +0100 Subject: [PATCH 0940/1064] Cache config, introduce get() and set() helpers to guide new way to set attributes Use cached config, use set() for single attributes, setMultiple to wrap multiple calls to set() Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 50 ++++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 5 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 320bc477..3b09c5b3 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -9,15 +9,19 @@ class ConfigurationManager { private array $secrets = []; + private array $config = []; + + private bool $noWrite = false; + public function GetConfig() : array { - if(file_exists(DataConst::GetConfigFile())) + if ($this->config === [] && file_exists(DataConst::GetConfigFile())) { $configContent = (string)file_get_contents(DataConst::GetConfigFile()); - return json_decode($configContent, true, 512, JSON_THROW_ON_ERROR); + $this->config = json_decode($configContent, true, 512, JSON_THROW_ON_ERROR); } - return []; + return $this->config; } public function GetPassword() : string { @@ -34,6 +38,34 @@ class ConfigurationManager $this->WriteConfig($config); } + private function get(string $key, mixed $fallbackValue = null) : mixed { + return $this->GetConfig()[$key] ?? $fallbackValue; + } + + private function set(string $key, mixed $value) : void { + $this->GetConfig(); + $this->config[$key] = $value; + // Only write if this isn't called via setMultiple(). + if ($this->noWrite !== true) { + $this->WriteConfig(); + } + } + + /** + * This allows to assign multiple attributes without saving the config to disk in between (as would + * calling set() do). + */ + public function setMultiple(\Closure $closure) : void { + $this->noWrite = true; + try { + $this->GetConfig(); + $closure($this); + $this->WriteConfig(); + } finally { + $this->noWrite = false; + } + } + public function GetAndGenerateSecret(string $secretId) : string { if ($secretId === '') { return ''; @@ -599,17 +631,25 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public function WriteConfig(array $config) : void { + public function WriteConfig(?array $config) : void { + if ($config) { + $this->config = $config; + } if(!is_dir(DataConst::GetDataDirectory())) { throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!"); } + // Shouldn't happen, but as a precaution we won't write an empty config to disk. + if ($this->config === []) { + return; + } $df = disk_free_space(DataConst::GetDataDirectory()); - $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT|JSON_THROW_ON_ERROR); + $content = json_encode($this->config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT|JSON_THROW_ON_ERROR); $size = strlen($content) + 10240; if ($df !== false && (int)$df < $size) { throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!"); } file_put_contents(DataConst::GetConfigFile(), $content); + $this->config = []; } private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string { From 21b14a4a5df379f7ed457f9185faf94323c737fb Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 11:43:43 +0100 Subject: [PATCH 0941/1064] Adapt GetEnvironmentalVariableOrConfig() to get() and set() Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 3b09c5b3..0ee4bae2 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -654,23 +654,21 @@ class ConfigurationManager private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string { $envVariableOutput = getenv($envVariableName); + $configValue = $this->get($configName, ''); if ($envVariableOutput === false) { - $config = $this->GetConfig(); - if (!isset($config[$configName]) || $config[$configName] === '') { - $config[$configName] = $defaultValue; + if ($configValue === '') { + $this->set($configName, $defaultValue); + return $defaultValue; } - return $config[$configName]; + return $configValue; } - if(file_exists(DataConst::GetConfigFile())) { - $config = $this->GetConfig(); - if (!isset($config[$configName])) { - $config[$configName] = ''; - } - if ($envVariableOutput !== $config[$configName]) { - $config[$configName] = $envVariableOutput; - $this->WriteConfig($config); + + if (file_exists(DataConst::GetConfigFile())) { + if ($envVariableOutput !== $configValue) { + $this->set($configName, $envVariableOutput); } } + return $envVariableOutput; } From a9b648e18fcfd6bd973b13c2dbca19b2260054d8 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 18:22:40 +0100 Subject: [PATCH 0942/1064] Adapt GetAndGenerateSecret() to get() and set() Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 0ee4bae2..27a98d03 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -71,17 +71,17 @@ class ConfigurationManager return ''; } - $config = $this->GetConfig(); - if(!isset($config['secrets'][$secretId])) { - $config['secrets'][$secretId] = bin2hex(random_bytes(24)); - $this->WriteConfig($config); + $secrets = $this->get('secrets', []); + if (!isset($secrets[$secretId])) { + $secrets[$secretId] = bin2hex(random_bytes(24)); + $this->set('secrets', $secrets); } if ($secretId === 'BORGBACKUP_PASSWORD' && !file_exists(DataConst::GetBackupSecretFile())) { - $this->DoubleSafeBackupSecret($config['secrets'][$secretId]); + $this->DoubleSafeBackupSecret($secrets[$secretId]); } - return $config['secrets'][$secretId]; + return $secrets[$secretId]; } public function GetRegisteredSecret(string $secretId) : string { From b2f992d955d26c10bba639bae89ff4156a74899c Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:37:36 +0100 Subject: [PATCH 0943/1064] Make `AIO_TOKEN` an attribute Signed-off-by: Pablo Zmdl --- php/src/Auth/AuthManager.php | 2 +- php/src/Controller/DockerController.php | 5 +---- php/src/Data/ConfigurationManager.php | 9 +++++---- php/src/Docker/DockerActionManager.php | 2 +- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php index 925ff89f..b4533c1e 100644 --- a/php/src/Auth/AuthManager.php +++ b/php/src/Auth/AuthManager.php @@ -19,7 +19,7 @@ readonly class AuthManager { } public function CheckToken(string $token) : bool { - return hash_equals($this->configurationManager->GetToken(), $token); + return hash_equals($this->configurationManager->AIO_TOKEN, $token); } public function SetAuthState(bool $isLoggedIn) : void { diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index a924e61f..ab10d3c6 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -213,10 +213,7 @@ readonly class DockerController { } public function startTopContainer(bool $pullImage) : void { - $config = $this->configurationManager->GetConfig(); - // set AIO_TOKEN - $config['AIO_TOKEN'] = bin2hex(random_bytes(24)); - $this->configurationManager->WriteConfig($config); + $this->configurationManager->AIO_TOKEN = bin2hex(random_bytes(24)); // Stop domaincheck since apache would not be able to start otherwise $this->StopDomaincheckContainer(); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 27a98d03..6b80c71b 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -13,6 +13,11 @@ class ConfigurationManager private bool $noWrite = false; + public string $AIO_TOKEN { + get => $this->get('AIO_TOKEN', ''); + set { $this->set('AIO_TOKEN', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -28,10 +33,6 @@ class ConfigurationManager return $this->GetConfig()['password']; } - public function GetToken() : string { - return $this->GetConfig()['AIO_TOKEN']; - } - public function SetPassword(string $password) : void { $config = $this->GetConfig(); $config['password'] = $password; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index fb3701a4..ae957d35 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -559,7 +559,7 @@ readonly class DockerActionManager { return match ($placeholder) { 'NC_DOMAIN' => $this->configurationManager->GetDomain(), 'NC_BASE_DN' => $this->configurationManager->GetBaseDN(), - 'AIO_TOKEN' => $this->configurationManager->GetToken(), + 'AIO_TOKEN' => $this->configurationManager->AIO_TOKEN, 'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(), 'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(), 'AIO_URL' => $this->configurationManager->GetAIOURL(), From 4d8e959608c9c1be21b337bb19b89656e478d8ec Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 14:55:29 +0100 Subject: [PATCH 0944/1064] Make `password` an attribute Signed-off-by: Pablo Zmdl --- php/src/Auth/AuthManager.php | 2 +- php/src/Data/ConfigurationManager.php | 19 +++++++------------ php/src/Data/Setup.php | 2 +- 3 files changed, 9 insertions(+), 14 deletions(-) diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php index b4533c1e..1d558aed 100644 --- a/php/src/Auth/AuthManager.php +++ b/php/src/Auth/AuthManager.php @@ -15,7 +15,7 @@ readonly class AuthManager { } public function CheckCredentials(string $password) : bool { - return hash_equals($this->configurationManager->GetPassword(), $password); + return hash_equals($this->configurationManager->password, $password); } public function CheckToken(string $token) : bool { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 6b80c71b..1c40508f 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -18,6 +18,11 @@ class ConfigurationManager set { $this->set('AIO_TOKEN', $value); } } + public string $password { + get => $this->get('password', ''); + set { $this->set('password', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -29,16 +34,6 @@ class ConfigurationManager return $this->config; } - public function GetPassword() : string { - return $this->GetConfig()['password']; - } - - public function SetPassword(string $password) : void { - $config = $this->GetConfig(); - $config['password'] = $password; - $this->WriteConfig($config); - } - private function get(string $key, mixed $fallbackValue = null) : mixed { return $this->GetConfig()[$key] ?? $fallbackValue; } @@ -586,7 +581,7 @@ class ConfigurationManager throw new InvalidSettingConfigurationException("Please enter your current password."); } - if ($currentPassword !== $this->GetPassword()) { + if ($currentPassword !== $this->password) { throw new InvalidSettingConfigurationException("The entered current password is not correct."); } @@ -603,7 +598,7 @@ class ConfigurationManager } // All checks pass so set the password - $this->SetPassword($newPassword); + $this->set('password', $newPassword); } public function GetApachePort() : string { diff --git a/php/src/Data/Setup.php b/php/src/Data/Setup.php index f8f43e4b..e409eef8 100644 --- a/php/src/Data/Setup.php +++ b/php/src/Data/Setup.php @@ -17,7 +17,7 @@ readonly class Setup { } $password = $this->passwordGenerator->GeneratePassword(8); - $this->configurationManager->SetPassword($password); + $this->configurationManager->password = $password; return $password; } From 484ff7994319838736570ad8e7b900bb9580c9e6 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 13:11:20 +0100 Subject: [PATCH 0945/1064] Make `wasStartButtonClicked` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Controller/DockerController.php | 6 +++--- php/src/Data/ConfigurationManager.php | 13 +++++-------- php/src/Docker/DockerActionManager.php | 2 +- 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index b57f65a5..59708627 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -105,7 +105,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(), 'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(), 'borg_backup_mode' => $configurationManager->GetBackupMode(), - 'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(), + 'was_start_button_clicked' => $configurationManager->wasStartButtonClicked, 'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(), 'last_backup_time' => $configurationManager->GetLastBackupTime(), 'backup_times' => $configurationManager->GetBackupTimes(), diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index ab10d3c6..e913349d 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -190,11 +190,11 @@ readonly class DockerController { $config = $this->configurationManager->GetConfig(); // set AIO_URL $config['AIO_URL'] = $host . ':' . (string)$port . $path; - // set wasStartButtonClicked - $config['wasStartButtonClicked'] = 1; // set install_latest_major $config['install_latest_major'] = $installLatestMajor; $this->configurationManager->WriteConfig($config); + // set wasStartButtonClicked + $this->configurationManager->wasStartButtonClicked = true; // Do not pull container images in case 'bypass_container_update' is set via url params // Needed for local testing @@ -274,7 +274,7 @@ readonly class DockerController { public function StartDomaincheckContainer() : void { # Don't start if domain is already set - if ($this->configurationManager->GetDomain() !== '' || $this->configurationManager->wasStartButtonClicked()) { + if ($this->configurationManager->GetDomain() !== '' || $this->configurationManager->wasStartButtonClicked) { return; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 1c40508f..18cdc46c 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -23,6 +23,11 @@ class ConfigurationManager set { $this->set('password', $value); } } + public bool $wasStartButtonClicked { + get => $this->get('wasStartButtonClicked', false); + set { $this->set('wasStartButtonClicked', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -150,14 +155,6 @@ class ConfigurationManager return $backupTimes; } - public function wasStartButtonClicked() : bool { - if (isset($this->GetConfig()['wasStartButtonClicked'])) { - return true; - } else { - return false; - } - } - private function isx64Platform() : bool { if (php_uname('m') === 'x86_64') { return true; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index ae957d35..42c2d5f0 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -621,7 +621,7 @@ readonly class DockerActionManager { public function isAnyUpdateAvailable(): bool { // return early if instance is not installed - if (!$this->configurationManager->wasStartButtonClicked()) { + if (!$this->configurationManager->wasStartButtonClicked) { return false; } $id = 'nextcloud-aio-apache'; From 06fdf31c8707b6edee57fc93efdbf16930434320 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 13:09:52 +0100 Subject: [PATCH 0946/1064] Make `AIO_URL` an attribute Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 4 ++-- php/src/Data/ConfigurationManager.php | 14 +++++--------- php/src/Docker/DockerActionManager.php | 2 +- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index e913349d..b8f89c46 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -188,11 +188,11 @@ readonly class DockerController { } $config = $this->configurationManager->GetConfig(); - // set AIO_URL - $config['AIO_URL'] = $host . ':' . (string)$port . $path; // set install_latest_major $config['install_latest_major'] = $installLatestMajor; $this->configurationManager->WriteConfig($config); + // set AIO_URL + $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path; // set wasStartButtonClicked $this->configurationManager->wasStartButtonClicked = true; diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 18cdc46c..c4032fea 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -23,6 +23,11 @@ class ConfigurationManager set { $this->set('password', $value); } } + public string $AIO_URL { + get => $this->get('AIO_URL', ''); + set { $this->set('AIO_URL', $value); } + } + public bool $wasStartButtonClicked { get => $this->get('wasStartButtonClicked', false); set { $this->set('wasStartButtonClicked', $value); } @@ -475,15 +480,6 @@ class ConfigurationManager return $config['restore-exclude-previews']; } - public function GetAIOURL() : string { - $config = $this->GetConfig(); - if(!isset($config['AIO_URL'])) { - $config['AIO_URL'] = ''; - } - - return $config['AIO_URL']; - } - /** * @throws InvalidSettingConfigurationException */ diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 42c2d5f0..7ef920e7 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -562,7 +562,7 @@ readonly class DockerActionManager { 'AIO_TOKEN' => $this->configurationManager->AIO_TOKEN, 'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(), 'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(), - 'AIO_URL' => $this->configurationManager->GetAIOURL(), + 'AIO_URL' => $this->configurationManager->AIO_URL, 'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(), 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(), 'APACHE_PORT' => $this->configurationManager->GetApachePort(), From 1d11a4682b3f03200f2e22b413ffb76424464a78 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 13:06:59 +0100 Subject: [PATCH 0947/1064] Make `install_latest_major` an attribute Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 11 +---------- php/src/Data/ConfigurationManager.php | 13 +++++-------- php/src/Docker/DockerActionManager.php | 2 +- 3 files changed, 7 insertions(+), 19 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index b8f89c46..f8f2896a 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -181,16 +181,7 @@ readonly class DockerController { $port = 443; } - if (isset($request->getParsedBody()['install_latest_major'])) { - $installLatestMajor = 32; - } else { - $installLatestMajor = ""; - } - - $config = $this->configurationManager->GetConfig(); - // set install_latest_major - $config['install_latest_major'] = $installLatestMajor; - $this->configurationManager->WriteConfig($config); + $this->configurationManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']); // set AIO_URL $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path; // set wasStartButtonClicked diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index c4032fea..1fb03e68 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -33,6 +33,11 @@ class ConfigurationManager set { $this->set('wasStartButtonClicked', $value); } } + public bool $install_latest_major { + get => $this->get('install_latest_major', false); + set { $this->set('install_latest_major', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -889,14 +894,6 @@ class ConfigurationManager } } - public function shouldLatestMajorGetInstalled() : bool { - $config = $this->GetConfig(); - if(!isset($config['install_latest_major'])) { - $config['install_latest_major'] = ''; - } - return $config['install_latest_major'] !== ''; - } - public function GetAdditionalBackupDirectoriesString() : string { if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) { return ''; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 7ef920e7..1c6c418e 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -595,7 +595,7 @@ readonly class DockerActionManager { 'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(), 'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(), 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->configurationManager->GetNextcloudAdditionalPhpExtensions(), - 'INSTALL_LATEST_MAJOR' => $this->configurationManager->shouldLatestMajorGetInstalled() ? 'yes' : '', + 'INSTALL_LATEST_MAJOR' => $this->configurationManager->install_latest_major ? 'yes' : '', 'REMOVE_DISABLED_APPS' => $this->configurationManager->shouldDisabledAppsGetRemoved() ? 'yes' : '', // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), From b8130958c557b05499736c32aaa6808a9bd5b8b1 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 13:05:10 +0100 Subject: [PATCH 0948/1064] Make `selectedRestoreTime` an attribute Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 4 +--- php/src/Data/ConfigurationManager.php | 14 +++++--------- php/src/Docker/DockerActionManager.php | 1 + 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index f8f2896a..1848ccab 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -124,14 +124,12 @@ readonly class DockerController { public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response { $this->configurationManager->SetBackupMode('restore'); - $config = $this->configurationManager->GetConfig(); - $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? ''; if (isset($request->getParsedBody()['restore-exclude-previews'])) { $config['restore-exclude-previews'] = 1; } else { $config['restore-exclude-previews'] = ''; } - $this->configurationManager->WriteConfig($config); + $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? ''; $id = self::TOP_CONTAINER; $forceStopNextcloud = true; diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 1fb03e68..3e003e61 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -23,6 +23,11 @@ class ConfigurationManager set { $this->set('password', $value); } } + public string $selectedRestoreTime { + get => $this->get('selected-restore-time', ''); + set { $this->set('selected-restore-time', $value); } + } + public string $AIO_URL { get => $this->get('AIO_URL', ''); set { $this->set('AIO_URL', $value); } @@ -467,15 +472,6 @@ class ConfigurationManager $this->WriteConfig($config); } - public function GetSelectedRestoreTime() : string { - $config = $this->GetConfig(); - if(!isset($config['selected-restore-time'])) { - $config['selected-restore-time'] = ''; - } - - return $config['selected-restore-time']; - } - public function GetRestoreExcludePreviews() : string { $config = $this->GetConfig(); if(!isset($config['restore-exclude-previews'])) { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 1c6c418e..8ce0749e 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -565,6 +565,7 @@ readonly class DockerActionManager { 'AIO_URL' => $this->configurationManager->AIO_URL, 'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(), 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(), + 'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime, 'APACHE_PORT' => $this->configurationManager->GetApachePort(), 'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(), 'TALK_PORT' => $this->configurationManager->GetTalkPort(), From c968e9e310ad36d2529e9624abe07d6271b55c27 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 13:02:19 +0100 Subject: [PATCH 0949/1064] Make `restoreExcludePreviews` an attribute Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 6 +----- php/src/Data/ConfigurationManager.php | 14 +++++--------- php/src/Docker/DockerActionManager.php | 3 +-- 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 1848ccab..0ee4e522 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -124,12 +124,8 @@ readonly class DockerController { public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response { $this->configurationManager->SetBackupMode('restore'); - if (isset($request->getParsedBody()['restore-exclude-previews'])) { - $config['restore-exclude-previews'] = 1; - } else { - $config['restore-exclude-previews'] = ''; - } $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? ''; + $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']); $id = self::TOP_CONTAINER; $forceStopNextcloud = true; diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 3e003e61..d216fedd 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -23,6 +23,11 @@ class ConfigurationManager set { $this->set('password', $value); } } + public bool $restoreExcludePreviews { + get => $this->get('restore-exclude-previews', false); + set { $this->set('restore-exclude-previews', $value); } + } + public string $selectedRestoreTime { get => $this->get('selected-restore-time', ''); set { $this->set('selected-restore-time', $value); } @@ -472,15 +477,6 @@ class ConfigurationManager $this->WriteConfig($config); } - public function GetRestoreExcludePreviews() : string { - $config = $this->GetConfig(); - if(!isset($config['restore-exclude-previews'])) { - $config['restore-exclude-previews'] = ''; - } - - return $config['restore-exclude-previews']; - } - /** * @throws InvalidSettingConfigurationException */ diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 8ce0749e..b04124f3 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -563,8 +563,7 @@ readonly class DockerActionManager { 'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(), 'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(), 'AIO_URL' => $this->configurationManager->AIO_URL, - 'SELECTED_RESTORE_TIME' => $this->configurationManager->GetSelectedRestoreTime(), - 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->GetRestoreExcludePreviews(), + 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '', 'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime, 'APACHE_PORT' => $this->configurationManager->GetApachePort(), 'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(), From 881e77cca5d4b975f8ae2588dde4cd5a02898043 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 13:00:22 +0100 Subject: [PATCH 0950/1064] Make `isWhiteboardEnabled` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 ++-- .../Controller/ConfigurationController.php | 6 +----- php/src/Data/ConfigurationManager.php | 20 +++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 5 files changed, 10 insertions(+), 24 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 59708627..a0b45675 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -136,7 +136,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), 'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(), 'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(), - 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(), + 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled, 'community_containers' => $configurationManager->listAvailableCommunityContainers(), 'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(), 'bypass_container_update' => $bypass_container_update, diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index d7498047..ccca996f 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -91,7 +91,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-whiteboard') { - if (!$this->configurationManager->isWhiteboardEnabled()) { + if (!$this->configurationManager->isWhiteboardEnabled) { continue; } } @@ -200,7 +200,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value === 'nextcloud-aio-whiteboard') { - if (!$this->configurationManager->isWhiteboardEnabled()) { + if (!$this->configurationManager->isWhiteboardEnabled) { continue; } } diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index b449db6a..62034681 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -119,11 +119,7 @@ readonly class ConfigurationController { } else { $this->configurationManager->SetDockerSocketProxyEnabledState(0); } - if (isset($request->getParsedBody()['whiteboard'])) { - $this->configurationManager->SetWhiteboardEnabledState(1); - } else { - $this->configurationManager->SetWhiteboardEnabledState(0); - } + $this->configurationManager->isWhiteboardEnabled = isset($request->getParsedBody()['whiteboard']); } if (isset($request->getParsedBody()['community-form'])) { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d216fedd..a6dd196a 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -23,6 +23,11 @@ class ConfigurationManager set { $this->set('password', $value); } } + public bool $isWhiteboardEnabled { + get => $this->get('isWhiteboardEnabled', true); + set { $this->set('isWhiteboardEnabled', $value); } + } + public bool $restoreExcludePreviews { get => $this->get('restore-exclude-previews', false); set { $this->set('restore-exclude-previews', $value); } @@ -207,21 +212,6 @@ class ConfigurationManager $this->WriteConfig($config); } - public function isWhiteboardEnabled() : bool { - $config = $this->GetConfig(); - if (isset($config['isWhiteboardEnabled']) && $config['isWhiteboardEnabled'] === 0) { - return false; - } else { - return true; - } - } - - public function SetWhiteboardEnabledState(int $value) : void { - $config = $this->GetConfig(); - $config['isWhiteboardEnabled'] = $value; - $this->WriteConfig($config); - } - public function SetClamavEnabledState(int $value) : void { $config = $this->GetConfig(); $config['isClamavEnabled'] = $value; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index b04124f3..72abd49c 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -601,7 +601,7 @@ readonly class DockerActionManager { 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), // Allow to get local ip-address of caddy container and add it to trusted proxies automatically 'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '', - 'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '', + 'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled ? 'yes' : '', default => $this->configurationManager->GetRegisteredSecret($placeholder), }; } From 6576d3c1e9e8e4d0c118dc3388ab8415152b7690 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:58:50 +0100 Subject: [PATCH 0951/1064] Make `backupMode` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Controller/DockerController.php | 14 +++++++------- php/src/Data/ConfigurationManager.php | 20 +++++--------------- 3 files changed, 13 insertions(+), 23 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index a0b45675..6abe1989 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -104,7 +104,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(), 'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(), 'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(), - 'borg_backup_mode' => $configurationManager->GetBackupMode(), + 'borg_backup_mode' => $configurationManager->backupMode, 'was_start_button_clicked' => $configurationManager->wasStartButtonClicked, 'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(), 'last_backup_time' => $configurationManager->GetLastBackupTime(), diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 0ee4e522..566f430a 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -89,7 +89,7 @@ readonly class DockerController { } public function startBackup(bool $forceStopNextcloud = false) : void { - $this->configurationManager->SetBackupMode('backup'); + $this->configurationManager->backupMode = 'backup'; $id = self::TOP_CONTAINER; $this->PerformRecursiveContainerStop($id, $forceStopNextcloud); @@ -109,21 +109,21 @@ readonly class DockerController { } public function checkBackup() : void { - $this->configurationManager->SetBackupMode('check'); + $this->configurationManager->backupMode = 'check'; $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); } private function listBackup() : void { - $this->configurationManager->SetBackupMode('list'); + $this->configurationManager->backupMode = 'list'; $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); } public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response { - $this->configurationManager->SetBackupMode('restore'); + $this->configurationManager->backupMode = 'restore'; $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? ''; $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']); @@ -138,22 +138,22 @@ readonly class DockerController { } public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response { - $this->configurationManager->SetBackupMode('check-repair'); + $this->configurationManager->backupMode = 'check-repair'; $id = 'nextcloud-aio-borgbackup'; $this->PerformRecursiveContainerStart($id); // Restore to backup check which is needed to make the UI logic work correctly - $this->configurationManager->SetBackupMode('check'); + $this->configurationManager->backupMode = 'check'; return $response->withStatus(201)->withHeader('Location', '.'); } public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response { - $this->configurationManager->SetBackupMode('test'); $config = $this->configurationManager->GetConfig(); $config['instance_restore_attempt'] = 0; $this->configurationManager->WriteConfig($config); + $this->configurationManager->backupMode = 'test'; $id = self::TOP_CONTAINER; $this->PerformRecursiveContainerStop($id); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index a6dd196a..e21984b6 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -38,6 +38,11 @@ class ConfigurationManager set { $this->set('selected-restore-time', $value); } } + public string $backupMode { + get => $this->get('backup-mode', ''); + set { $this->set('backup-mode', $value); } + } + public string $AIO_URL { get => $this->get('AIO_URL', ''); set { $this->set('AIO_URL', $value); } @@ -452,21 +457,6 @@ class ConfigurationManager return 'dc=' . implode(',dc=', explode('.', $domain)); } - public function GetBackupMode() : string { - $config = $this->GetConfig(); - if(!isset($config['backup-mode'])) { - $config['backup-mode'] = ''; - } - - return $config['backup-mode']; - } - - public function SetBackupMode(string $mode) : void { - $config = $this->GetConfig(); - $config['backup-mode'] = $mode; - $this->WriteConfig($config); - } - /** * @throws InvalidSettingConfigurationException */ From f235af29e33f7d84197a3861754fe3e5792a21bf Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:56:10 +0100 Subject: [PATCH 0952/1064] Make `isDockerSocketProxyEnabled` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 ++-- .../Controller/ConfigurationController.php | 6 +----- php/src/Data/ConfigurationManager.php | 20 +++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 5 files changed, 10 insertions(+), 24 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 6abe1989..caff178c 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -135,7 +135,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(), 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), 'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(), - 'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(), + 'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled, 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled, 'community_containers' => $configurationManager->listAvailableCommunityContainers(), 'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index ccca996f..fe454fba 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -87,7 +87,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-docker-socket-proxy') { - if (!$this->configurationManager->isDockerSocketProxyEnabled()) { + if (!$this->configurationManager->isDockerSocketProxyEnabled) { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-whiteboard') { @@ -196,7 +196,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value === 'nextcloud-aio-docker-socket-proxy') { - if (!$this->configurationManager->isDockerSocketProxyEnabled()) { + if (!$this->configurationManager->isDockerSocketProxyEnabled) { continue; } } elseif ($value === 'nextcloud-aio-whiteboard') { diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 62034681..76eefae5 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -114,11 +114,7 @@ readonly class ConfigurationController { } else { $this->configurationManager->SetFulltextsearchEnabledState(0); } - if (isset($request->getParsedBody()['docker-socket-proxy'])) { - $this->configurationManager->SetDockerSocketProxyEnabledState(1); - } else { - $this->configurationManager->SetDockerSocketProxyEnabledState(0); - } + $this->configurationManager->isDockerSocketProxyEnabled = isset($request->getParsedBody()['docker-socket-proxy']); $this->configurationManager->isWhiteboardEnabled = isset($request->getParsedBody()['whiteboard']); } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e21984b6..a44751c4 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -23,6 +23,11 @@ class ConfigurationManager set { $this->set('password', $value); } } + public bool $isDockerSocketProxyEnabled { + get => $this->get('isDockerSocketProxyEnabled', false); + set { $this->set('isDockerSocketProxyEnabled', $value); } + } + public bool $isWhiteboardEnabled { get => $this->get('isWhiteboardEnabled', true); set { $this->set('isWhiteboardEnabled', $value); } @@ -202,21 +207,6 @@ class ConfigurationManager } } - public function isDockerSocketProxyEnabled() : bool { - $config = $this->GetConfig(); - if (isset($config['isDockerSocketProxyEnabled']) && $config['isDockerSocketProxyEnabled'] === 1) { - return true; - } else { - return false; - } - } - - public function SetDockerSocketProxyEnabledState(int $value) : void { - $config = $this->GetConfig(); - $config['isDockerSocketProxyEnabled'] = $value; - $this->WriteConfig($config); - } - public function SetClamavEnabledState(int $value) : void { $config = $this->GetConfig(); $config['isClamavEnabled'] = $value; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 72abd49c..66368ca4 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -581,7 +581,7 @@ readonly class DockerActionManager { 'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(), 'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled() ? 'yes' : '', 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled() ? 'yes' : '', - 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled() ? 'yes' : '', + 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '', 'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(), 'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(), 'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(), From bebae7069b41d4c49bc13fa6817ee1241cb4751c Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:52:03 +0100 Subject: [PATCH 0953/1064] Make `instance_restore_attempt` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Controller/DockerController.php | 4 +--- php/src/Data/ConfigurationManager.php | 22 +++++++++------------- 3 files changed, 11 insertions(+), 17 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index caff178c..235a3ffc 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -103,7 +103,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'has_backup_run_once' => $configurationManager->hasBackupRunOnce(), 'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(), 'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(), - 'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(), + 'is_instance_restore_attempt' => $configurationManager->instance_restore_attempt, 'borg_backup_mode' => $configurationManager->backupMode, 'was_start_button_clicked' => $configurationManager->wasStartButtonClicked, 'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(), diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 566f430a..df6fbe5d 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -150,10 +150,8 @@ readonly class DockerController { } public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response { - $config = $this->configurationManager->GetConfig(); - $config['instance_restore_attempt'] = 0; - $this->configurationManager->WriteConfig($config); $this->configurationManager->backupMode = 'test'; + $this->configurationManager->instance_restore_attempt = false; $id = self::TOP_CONTAINER; $this->PerformRecursiveContainerStop($id); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index a44751c4..12d4aef2 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -48,6 +48,11 @@ class ConfigurationManager set { $this->set('backup-mode', $value); } } + public bool $instance_restore_attempt { + get => $this->get('instance_restore_attempt', false); + set { $this->set('instance_restore_attempt', $value); } + } + public string $AIO_URL { get => $this->get('AIO_URL', ''); set { $this->set('AIO_URL', $value); } @@ -529,8 +534,11 @@ class ConfigurationManager $config['borg_backup_host_location'] = $location; $config['borg_remote_repo'] = $repo; $config['borg_restore_password'] = $password; - $config['instance_restore_attempt'] = 1; $this->WriteConfig($config); + + $this->setMultiple(function ($confManager) { + $confManager->instance_restore_attempt = true; + }); } /** @@ -663,18 +671,6 @@ class ConfigurationManager return $config['borg_restore_password']; } - public function isInstanceRestoreAttempt() : bool { - $config = $this->GetConfig(); - if(!isset($config['instance_restore_attempt'])) { - $config['instance_restore_attempt'] = ''; - } - - if ($config['instance_restore_attempt'] === 1) { - return true; - } - return false; - } - public function GetNextcloudMount() : string { $envVariableName = 'NEXTCLOUD_MOUNT'; $configName = 'nextcloud_mount'; From f8a244bee2e87c6a0bd46d61ee93b39fb4267b24 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:01:53 +0100 Subject: [PATCH 0954/1064] Make `isClamavEnabled` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 ++-- .../Controller/ConfigurationController.php | 6 +----- php/src/Data/ConfigurationManager.php | 20 +++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 5 files changed, 10 insertions(+), 24 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 235a3ffc..c213251d 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -110,7 +110,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'last_backup_time' => $configurationManager->GetLastBackupTime(), 'backup_times' => $configurationManager->GetBackupTimes(), 'current_channel' => $dockerActionManager->GetCurrentChannel(), - 'is_clamav_enabled' => $configurationManager->isClamavEnabled(), + 'is_clamav_enabled' => $configurationManager->isClamavEnabled, 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(), 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(), 'is_talk_enabled' => $configurationManager->isTalkEnabled(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index fe454fba..639f6513 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -56,7 +56,7 @@ readonly class ContainerDefinitionFetcher { $containers = []; foreach ($data['aio_services_v1'] as $entry) { if ($entry['container_name'] === 'nextcloud-aio-clamav') { - if (!$this->configurationManager->isClamavEnabled()) { + if (!$this->configurationManager->isClamavEnabled) { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-onlyoffice') { @@ -168,7 +168,7 @@ readonly class ContainerDefinitionFetcher { } foreach ($valueDependsOn as $value) { if ($value === 'nextcloud-aio-clamav') { - if (!$this->configurationManager->isClamavEnabled()) { + if (!$this->configurationManager->isClamavEnabled) { continue; } } elseif ($value === 'nextcloud-aio-onlyoffice') { diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 76eefae5..b8a4bb6c 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -88,11 +88,7 @@ readonly class ConfigurationController { $this->configurationManager->SetCollaboraEnabledState(0); $this->configurationManager->SetOnlyofficeEnabledState(0); } - - if (isset($request->getParsedBody()['clamav'])) { - $this->configurationManager->SetClamavEnabledState(1); - } else { - $this->configurationManager->SetClamavEnabledState(0); + $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']); } if (isset($request->getParsedBody()['talk'])) { $this->configurationManager->SetTalkEnabledState(1); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 12d4aef2..485ca6ce 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -68,6 +68,11 @@ class ConfigurationManager set { $this->set('install_latest_major', $value); } } + public bool $isClamavEnabled { + get => $this->get('isClamavEnabled', false); + set { $this->set('isClamavEnabled', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -203,21 +208,6 @@ class ConfigurationManager } } - public function isClamavEnabled() : bool { - $config = $this->GetConfig(); - if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) { - return true; - } else { - return false; - } - } - - public function SetClamavEnabledState(int $value) : void { - $config = $this->GetConfig(); - $config['isClamavEnabled'] = $value; - $this->WriteConfig($config); - } - public function isImaginaryEnabled() : bool { $config = $this->GetConfig(); if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 0) { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 66368ca4..86401005 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -571,7 +571,7 @@ readonly class DockerActionManager { 'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(), 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(), - 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled() ? 'yes' : '', + 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '', 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '', 'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled() ? 'yes' : '', 'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled() ? 'yes' : '', From 0c3d919618f5e61173a7c7b3533926fdd5bd4434 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:02:41 +0100 Subject: [PATCH 0955/1064] Make `isOnlyofficeEnabled` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 ++-- .../Controller/ConfigurationController.php | 7 +++---- php/src/Data/ConfigurationManager.php | 20 +++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 5 files changed, 12 insertions(+), 23 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index c213251d..75607e63 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -111,7 +111,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'backup_times' => $configurationManager->GetBackupTimes(), 'current_channel' => $dockerActionManager->GetCurrentChannel(), 'is_clamav_enabled' => $configurationManager->isClamavEnabled, - 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(), + 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled, 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(), 'is_talk_enabled' => $configurationManager->isTalkEnabled(), 'borg_restore_password' => $configurationManager->GetBorgRestorePassword(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 639f6513..d101178b 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -60,7 +60,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-onlyoffice') { - if (!$this->configurationManager->isOnlyofficeEnabled()) { + if (!$this->configurationManager->isOnlyofficeEnabled) { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') { @@ -172,7 +172,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value === 'nextcloud-aio-onlyoffice') { - if (!$this->configurationManager->isOnlyofficeEnabled()) { + if (!$this->configurationManager->isOnlyofficeEnabled) { continue; } } elseif ($value === 'nextcloud-aio-collabora') { diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index b8a4bb6c..d39efd2a 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -80,16 +80,15 @@ readonly class ConfigurationController { if ($officeSuiteChoice === 'collabora') { $this->configurationManager->SetCollaboraEnabledState(1); - $this->configurationManager->SetOnlyofficeEnabledState(0); + $this->configurationManager->isOnlyofficeEnabled = false; } elseif ($officeSuiteChoice === 'onlyoffice') { $this->configurationManager->SetCollaboraEnabledState(0); - $this->configurationManager->SetOnlyofficeEnabledState(1); + $this->configurationManager->isOnlyofficeEnabled = true; } else { $this->configurationManager->SetCollaboraEnabledState(0); - $this->configurationManager->SetOnlyofficeEnabledState(0); + $this->configurationManager->isOnlyofficeEnabled = false; } $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']); - } if (isset($request->getParsedBody()['talk'])) { $this->configurationManager->SetTalkEnabledState(1); } else { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 485ca6ce..36cea5e0 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -73,6 +73,11 @@ class ConfigurationManager set { $this->set('isClamavEnabled', $value); } } + public bool $isOnlyofficeEnabled { + get => $this->get('isOnlyofficeEnabled', false); + set { $this->set('isOnlyofficeEnabled', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -243,21 +248,6 @@ class ConfigurationManager $this->WriteConfig($config); } - public function isOnlyofficeEnabled() : bool { - $config = $this->GetConfig(); - if (isset($config['isOnlyofficeEnabled']) && $config['isOnlyofficeEnabled'] === 1) { - return true; - } else { - return false; - } - } - - public function SetOnlyofficeEnabledState(int $value) : void { - $config = $this->GetConfig(); - $config['isOnlyofficeEnabled'] = $value; - $this->WriteConfig($config); - } - public function isCollaboraEnabled() : bool { $config = $this->GetConfig(); if (isset($config['isCollaboraEnabled']) && $config['isCollaboraEnabled'] === 0) { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 86401005..16771c6c 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -573,7 +573,7 @@ readonly class DockerActionManager { 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(), 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '', 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '', - 'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled() ? 'yes' : '', + 'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '', 'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled() ? 'yes' : '', 'TALK_ENABLED' => $this->configurationManager->isTalkEnabled() ? 'yes' : '', 'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '', From cd1c2276e5ca2959ced114d881caf5dfa5bbc8d5 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:03:12 +0100 Subject: [PATCH 0956/1064] Make `isCollaboraEnabled` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 ++-- .../Controller/ConfigurationController.php | 6 +++--- php/src/Controller/DockerController.php | 2 +- php/src/Data/ConfigurationManager.php | 20 +++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 6 files changed, 13 insertions(+), 23 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 75607e63..adfd72d5 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -112,7 +112,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'current_channel' => $dockerActionManager->GetCurrentChannel(), 'is_clamav_enabled' => $configurationManager->isClamavEnabled, 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled, - 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(), + 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled, 'is_talk_enabled' => $configurationManager->isTalkEnabled(), 'borg_restore_password' => $configurationManager->GetBorgRestorePassword(), 'daily_backup_time' => $configurationManager->GetDailyBackupTime(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index d101178b..e4e27f69 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -64,7 +64,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') { - if (!$this->configurationManager->isCollaboraEnabled()) { + if (!$this->configurationManager->isCollaboraEnabled) { continue; } if ($this->configurationManager->isCollaboraSubscriptionEnabled()) { @@ -176,7 +176,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value === 'nextcloud-aio-collabora') { - if (!$this->configurationManager->isCollaboraEnabled()) { + if (!$this->configurationManager->isCollaboraEnabled) { continue; } } elseif ($value === 'nextcloud-aio-talk') { diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index d39efd2a..56621eee 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -79,13 +79,13 @@ readonly class ConfigurationController { $officeSuiteChoice = $request->getParsedBody()['office_suite_choice'] ?? ''; if ($officeSuiteChoice === 'collabora') { - $this->configurationManager->SetCollaboraEnabledState(1); + $this->configurationManager->isCollaboraEnabled = true; $this->configurationManager->isOnlyofficeEnabled = false; } elseif ($officeSuiteChoice === 'onlyoffice') { - $this->configurationManager->SetCollaboraEnabledState(0); + $this->configurationManager->isCollaboraEnabled = false; $this->configurationManager->isOnlyofficeEnabled = true; } else { - $this->configurationManager->SetCollaboraEnabledState(0); + $this->configurationManager->isCollaboraEnabled = false; $this->configurationManager->isOnlyofficeEnabled = false; } $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']); diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index df6fbe5d..ff73e29a 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -224,7 +224,7 @@ readonly class DockerController { // This is a hack but no better solution was found for the meantime // Stop Collabora first to make sure it force-saves // See https://github.com/nextcloud/richdocuments/issues/3799 - if ($id === self::TOP_CONTAINER && $this->configurationManager->isCollaboraEnabled()) { + if ($id === self::TOP_CONTAINER && $this->configurationManager->isCollaboraEnabled) { $this->PerformRecursiveContainerStop('nextcloud-aio-collabora'); } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 36cea5e0..165f9c44 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -78,6 +78,11 @@ class ConfigurationManager set { $this->set('isOnlyofficeEnabled', $value); } } + public bool $isCollaboraEnabled { + get => $this->get('isCollaboraEnabled', true); + set { $this->set('isCollaboraEnabled', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -248,21 +253,6 @@ class ConfigurationManager $this->WriteConfig($config); } - public function isCollaboraEnabled() : bool { - $config = $this->GetConfig(); - if (isset($config['isCollaboraEnabled']) && $config['isCollaboraEnabled'] === 0) { - return false; - } else { - return true; - } - } - - public function SetCollaboraEnabledState(int $value) : void { - $config = $this->GetConfig(); - $config['isCollaboraEnabled'] = $value; - $this->WriteConfig($config); - } - public function isTalkEnabled() : bool { $config = $this->GetConfig(); if (isset($config['isTalkEnabled']) && $config['isTalkEnabled'] === 0) { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 16771c6c..7cb20ad6 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -574,7 +574,7 @@ readonly class DockerActionManager { 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '', 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '', 'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '', - 'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled() ? 'yes' : '', + 'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '', 'TALK_ENABLED' => $this->configurationManager->isTalkEnabled() ? 'yes' : '', 'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '', 'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(), From e009abdd54030b654044f567fb88873b6365dc42 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:03:38 +0100 Subject: [PATCH 0957/1064] Make `isTalkEnabled` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 ++-- .../Controller/ConfigurationController.php | 6 +----- php/src/Data/ConfigurationManager.php | 20 +++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 5 files changed, 10 insertions(+), 24 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index adfd72d5..0481aceb 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -113,7 +113,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_clamav_enabled' => $configurationManager->isClamavEnabled, 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled, 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled, - 'is_talk_enabled' => $configurationManager->isTalkEnabled(), + 'is_talk_enabled' => $configurationManager->isTalkEnabled, 'borg_restore_password' => $configurationManager->GetBorgRestorePassword(), 'daily_backup_time' => $configurationManager->GetDailyBackupTime(), 'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index e4e27f69..9635c8cf 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -71,7 +71,7 @@ readonly class ContainerDefinitionFetcher { $entry['image'] = 'ghcr.io/nextcloud-releases/aio-collabora-online'; } } elseif ($entry['container_name'] === 'nextcloud-aio-talk') { - if (!$this->configurationManager->isTalkEnabled()) { + if (!$this->configurationManager->isTalkEnabled) { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-talk-recording') { @@ -180,7 +180,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value === 'nextcloud-aio-talk') { - if (!$this->configurationManager->isTalkEnabled()) { + if (!$this->configurationManager->isTalkEnabled) { continue; } } elseif ($value === 'nextcloud-aio-talk-recording') { diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 56621eee..75ec29ae 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -89,11 +89,7 @@ readonly class ConfigurationController { $this->configurationManager->isOnlyofficeEnabled = false; } $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']); - if (isset($request->getParsedBody()['talk'])) { - $this->configurationManager->SetTalkEnabledState(1); - } else { - $this->configurationManager->SetTalkEnabledState(0); - } + $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']); if (isset($request->getParsedBody()['talk-recording'])) { $this->configurationManager->SetTalkRecordingEnabledState(1); } else { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 165f9c44..648d04c3 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -83,6 +83,11 @@ class ConfigurationManager set { $this->set('isCollaboraEnabled', $value); } } + public bool $isTalkEnabled { + get => $this->get('isTalkEnabled', true); + set { $this->set('isTalkEnabled', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -253,21 +258,6 @@ class ConfigurationManager $this->WriteConfig($config); } - public function isTalkEnabled() : bool { - $config = $this->GetConfig(); - if (isset($config['isTalkEnabled']) && $config['isTalkEnabled'] === 0) { - return false; - } else { - return true; - } - } - - public function SetTalkEnabledState(int $value) : void { - $config = $this->GetConfig(); - $config['isTalkEnabled'] = $value; - $this->WriteConfig($config); - } - public function isTalkRecordingEnabled() : bool { if (!$this->isTalkEnabled()) { return false; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 7cb20ad6..313de7b0 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -575,7 +575,7 @@ readonly class DockerActionManager { 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '', 'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '', 'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '', - 'TALK_ENABLED' => $this->configurationManager->isTalkEnabled() ? 'yes' : '', + 'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '', 'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '', 'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(), 'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(), From 190d47810b8501f0788e5e65dc576ae0284f9554 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:04:04 +0100 Subject: [PATCH 0958/1064] Make `isTalkRecordingEnabled` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 +-- .../Controller/ConfigurationController.php | 6 +---- php/src/Data/ConfigurationManager.php | 27 ++++--------------- php/src/Docker/DockerActionManager.php | 2 +- 5 files changed, 10 insertions(+), 31 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 0481aceb..34d7efe1 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -134,7 +134,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(), 'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(), 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), - 'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(), + 'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled, 'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled, 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled, 'community_containers' => $configurationManager->listAvailableCommunityContainers(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 9635c8cf..851b2b4d 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -75,7 +75,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-talk-recording') { - if (!$this->configurationManager->isTalkRecordingEnabled()) { + if (!$this->configurationManager->isTalkRecordingEnabled) { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-imaginary') { @@ -184,7 +184,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value === 'nextcloud-aio-talk-recording') { - if (!$this->configurationManager->isTalkRecordingEnabled()) { + if (!$this->configurationManager->isTalkRecordingEnabled) { continue; } } elseif ($value === 'nextcloud-aio-imaginary') { diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 75ec29ae..cf8bf02b 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -90,11 +90,7 @@ readonly class ConfigurationController { } $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']); $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']); - if (isset($request->getParsedBody()['talk-recording'])) { - $this->configurationManager->SetTalkRecordingEnabledState(1); - } else { - $this->configurationManager->SetTalkRecordingEnabledState(0); - } + $this->configurationManager->isTalkRecordingEnabled = isset($request->getParsedBody()['talk-recording']); if (isset($request->getParsedBody()['imaginary'])) { $this->configurationManager->SetImaginaryEnabledState(1); } else { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 648d04c3..bd920a04 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -88,6 +88,11 @@ class ConfigurationManager set { $this->set('isTalkEnabled', $value); } } + public bool $isTalkRecordingEnabled { + get => $this->isTalkEnabled && $this->get('isTalkRecordingEnabled', false); + set { $this->set('isTalkRecordingEnabled', $this->isTalkEnabled && $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -258,28 +263,6 @@ class ConfigurationManager $this->WriteConfig($config); } - public function isTalkRecordingEnabled() : bool { - if (!$this->isTalkEnabled()) { - return false; - } - $config = $this->GetConfig(); - if (isset($config['isTalkRecordingEnabled']) && $config['isTalkRecordingEnabled'] === 1) { - return true; - } else { - return false; - } - } - - public function SetTalkRecordingEnabledState(int $value) : void { - if (!$this->isTalkEnabled()) { - $value = 0; - } - - $config = $this->GetConfig(); - $config['isTalkRecordingEnabled'] = $value; - $this->WriteConfig($config); - } - /** * @throws InvalidSettingConfigurationException */ diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 313de7b0..ebd1489d 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -572,7 +572,7 @@ readonly class DockerActionManager { 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(), 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '', - 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled() ? 'yes' : '', + 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled ? 'yes' : '', 'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '', 'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '', 'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '', From f16f5b233d72ab22e96bb40a65540a2e6ea7efba Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:04:24 +0100 Subject: [PATCH 0959/1064] Make `isImaginaryEnabled` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 ++-- .../Controller/ConfigurationController.php | 6 +----- php/src/Data/ConfigurationManager.php | 20 +++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 5 files changed, 10 insertions(+), 24 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 34d7efe1..27b2edad 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -124,7 +124,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(), 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), 'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(), - 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled(), + 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled, 'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled(), 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), 'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 851b2b4d..75d47f83 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -79,7 +79,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-imaginary') { - if (!$this->configurationManager->isImaginaryEnabled()) { + if (!$this->configurationManager->isImaginaryEnabled) { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-fulltextsearch') { @@ -188,7 +188,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value === 'nextcloud-aio-imaginary') { - if (!$this->configurationManager->isImaginaryEnabled()) { + if (!$this->configurationManager->isImaginaryEnabled) { continue; } } elseif ($value === 'nextcloud-aio-fulltextsearch') { diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index cf8bf02b..c7df757b 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -91,11 +91,7 @@ readonly class ConfigurationController { $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']); $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']); $this->configurationManager->isTalkRecordingEnabled = isset($request->getParsedBody()['talk-recording']); - if (isset($request->getParsedBody()['imaginary'])) { - $this->configurationManager->SetImaginaryEnabledState(1); - } else { - $this->configurationManager->SetImaginaryEnabledState(0); - } + $this->configurationManager->isImaginaryEnabled = isset($request->getParsedBody()['imaginary']); if (isset($request->getParsedBody()['fulltextsearch'])) { $this->configurationManager->SetFulltextsearchEnabledState(1); } else { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index bd920a04..65e83524 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -93,6 +93,11 @@ class ConfigurationManager set { $this->set('isTalkRecordingEnabled', $this->isTalkEnabled && $value); } } + public bool $isImaginaryEnabled { + get => $this->get('isImaginaryEnabled', true); + set { $this->set('isImaginaryEnabled', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -228,21 +233,6 @@ class ConfigurationManager } } - public function isImaginaryEnabled() : bool { - $config = $this->GetConfig(); - if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 0) { - return false; - } else { - return true; - } - } - - public function SetImaginaryEnabledState(int $value) : void { - $config = $this->GetConfig(); - $config['isImaginaryEnabled'] = $value; - $this->WriteConfig($config); - } - public function isFulltextsearchEnabled() : bool { $config = $this->GetConfig(); if (isset($config['isFulltextsearchEnabled']) && $config['isFulltextsearchEnabled'] === 1) { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index ebd1489d..a9f2c29e 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -579,7 +579,7 @@ readonly class DockerActionManager { 'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '', 'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(), 'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(), - 'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled() ? 'yes' : '', + 'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '', 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled() ? 'yes' : '', 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '', 'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(), From f737d2f598032df2fd2df3ad9c4f7b4319e91d66 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:04:48 +0100 Subject: [PATCH 0960/1064] Make `isFulltextsearchEnabled` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 +-- .../Controller/ConfigurationController.php | 6 +---- php/src/Data/ConfigurationManager.php | 26 +++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 5 files changed, 11 insertions(+), 29 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 27b2edad..2b1d6af1 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -125,7 +125,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), 'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(), 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled, - 'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled(), + 'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled, 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), 'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(), 'nextcloud_mount' => $configurationManager->GetNextcloudMount(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 75d47f83..4ac53258 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -83,7 +83,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-fulltextsearch') { - if (!$this->configurationManager->isFulltextsearchEnabled()) { + if (!$this->configurationManager->isFulltextsearchEnabled) { continue; } } elseif ($entry['container_name'] === 'nextcloud-aio-docker-socket-proxy') { @@ -192,7 +192,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value === 'nextcloud-aio-fulltextsearch') { - if (!$this->configurationManager->isFulltextsearchEnabled()) { + if (!$this->configurationManager->isFulltextsearchEnabled) { continue; } } elseif ($value === 'nextcloud-aio-docker-socket-proxy') { diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index c7df757b..9688c5e9 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -92,11 +92,7 @@ readonly class ConfigurationController { $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']); $this->configurationManager->isTalkRecordingEnabled = isset($request->getParsedBody()['talk-recording']); $this->configurationManager->isImaginaryEnabled = isset($request->getParsedBody()['imaginary']); - if (isset($request->getParsedBody()['fulltextsearch'])) { - $this->configurationManager->SetFulltextsearchEnabledState(1); - } else { - $this->configurationManager->SetFulltextsearchEnabledState(0); - } + $this->configurationManager->isFulltextsearchEnabled = isset($request->getParsedBody()['fulltextsearch']); $this->configurationManager->isDockerSocketProxyEnabled = isset($request->getParsedBody()['docker-socket-proxy']); $this->configurationManager->isWhiteboardEnabled = isset($request->getParsedBody()['whiteboard']); } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 65e83524..43680ca9 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -98,6 +98,12 @@ class ConfigurationManager set { $this->set('isImaginaryEnabled', $value); } } + public bool $isFulltextsearchEnabled { + get => $this->get('isFulltextsearchEnabled', false); + // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768 + set { $this->set('isFulltextsearchEnabled', ($this->isSeccompDisabled() && $value)); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -233,26 +239,6 @@ class ConfigurationManager } } - public function isFulltextsearchEnabled() : bool { - $config = $this->GetConfig(); - if (isset($config['isFulltextsearchEnabled']) && $config['isFulltextsearchEnabled'] === 1) { - return true; - } else { - return false; - } - } - - public function SetFulltextsearchEnabledState(int $value) : void { - // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768 - if ($this->isSeccompDisabled()) { - $value = 0; - } - - $config = $this->GetConfig(); - $config['isFulltextsearchEnabled'] = $value; - $this->WriteConfig($config); - } - /** * @throws InvalidSettingConfigurationException */ diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index a9f2c29e..73f4bd9d 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -580,7 +580,7 @@ readonly class DockerActionManager { 'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(), 'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(), 'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '', - 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled() ? 'yes' : '', + 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '', 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '', 'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(), 'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(), From 5b0b9ef8263e740fa854be09dc424d53ae1ad9ff Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:06:20 +0100 Subject: [PATCH 0961/1064] Make `domain` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Controller/DockerController.php | 2 +- php/src/Data/ConfigurationManager.php | 25 +++++++++++++------------ 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 2b1d6af1..f3e8f940 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -91,7 +91,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ $skip_domain_validation = isset($params['skip_domain_validation']); return $view->render($response, 'containers.twig', [ - 'domain' => $configurationManager->GetDomain(), + 'domain' => $configurationManager->domain, 'apache_port' => $configurationManager->GetApachePort(), 'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(), 'borg_remote_repo' => $configurationManager->GetBorgRemoteRepo(), diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index ff73e29a..4e6d52b7 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -257,7 +257,7 @@ readonly class DockerController { public function StartDomaincheckContainer() : void { # Don't start if domain is already set - if ($this->configurationManager->GetDomain() !== '' || $this->configurationManager->wasStartButtonClicked) { + if ($this->configurationManager->domain !== '' || $this->configurationManager->wasStartButtonClicked) { return; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 43680ca9..d276ebb7 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -104,6 +104,11 @@ class ConfigurationManager set { $this->set('isFulltextsearchEnabled', ($this->isSeccompDisabled() && $value)); } } + public string $domain { + get => $this->get('domain', ''); + set { $this->SetDomain($value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -241,6 +246,8 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException + * + * We can't turn this into a private validation method because of the second argument. */ public function SetDomain(string $domain, bool $skipDomainValidation) : void { // Validate that at least one dot is contained @@ -346,25 +353,19 @@ class ConfigurationManager } } - // Write domain $config = $this->GetConfig(); - $config['domain'] = $domain; // Reset the borg restore password when setting the domain $config['borg_restore_password'] = ''; $this->WriteConfig($config); - } - - public function GetDomain() : string { - $config = $this->GetConfig(); - if(!isset($config['domain'])) { - $config['domain'] = ''; - } - - return $config['domain']; + $this->setMultiple(function ($confManager) use ($domain) { + // Write domain + // Don't set the domain via the attribute, or we create a loop. + $confManager->set('domain', $domain); + }); } public function GetBaseDN() : string { - $domain = $this->GetDomain(); + $domain = $this->domain; if ($domain === "") { return ""; } From b4d198f72b14cc52e667bf782d3db51c4fd80c34 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:07:45 +0100 Subject: [PATCH 0962/1064] Make `borg_backup_host_location` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 2 +- php/src/Data/ConfigurationManager.php | 26 +++++++++++++------------- php/src/Docker/DockerActionManager.php | 2 +- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index f3e8f940..eb214eff 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -93,7 +93,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ return $view->render($response, 'containers.twig', [ 'domain' => $configurationManager->domain, 'apache_port' => $configurationManager->GetApachePort(), - 'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(), + 'borg_backup_host_location' => $configurationManager->borg_backup_host_location, 'borg_remote_repo' => $configurationManager->GetBorgRemoteRepo(), 'borg_public_key' => $configurationManager->GetBorgPublicKey(), 'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 4ac53258..e8244ddc 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -113,7 +113,7 @@ readonly class ContainerDefinitionFetcher { if (isset($entry['volumes'])) { foreach ($entry['volumes'] as $value) { if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') { - $value['source'] = $this->configurationManager->GetBorgBackupHostLocation(); + $value['source'] = $this->configurationManager->borg_backup_host_location; if($value['source'] === '') { continue; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d276ebb7..1c93f51b 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -109,6 +109,11 @@ class ConfigurationManager set { $this->SetDomain($value); } } + public string $borg_backup_host_location { + get => $this->get('borg_backup_host_location', ''); + set { $this->set('borg_backup_host_location', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -379,9 +384,11 @@ class ConfigurationManager $this->ValidateBorgLocationVars($location, $repo); $config = $this->GetConfig(); - $config['borg_backup_host_location'] = $location; $config['borg_remote_repo'] = $repo; $this->WriteConfig($config); + $this->setMultiple(function ($confManager) use ($location) { + $confManager->borg_backup_host_location = $location; + }); } private function ValidateBorgLocationVars(string $location, string $repo) : void { @@ -428,9 +435,11 @@ class ConfigurationManager public function DeleteBorgBackupLocationItems() : void { // Delete the variables $config = $this->GetConfig(); - $config['borg_backup_host_location'] = ''; $config['borg_remote_repo'] = ''; $this->WriteConfig($config); + $this->setMultiple(function ($confManager) { + $confManager->borg_backup_host_location = ''; + }); // Also delete the borg config file to be able to start over if (file_exists(DataConst::GetBackupKeyFile())) { @@ -451,12 +460,12 @@ class ConfigurationManager } $config = $this->GetConfig(); - $config['borg_backup_host_location'] = $location; $config['borg_remote_repo'] = $repo; $config['borg_restore_password'] = $password; $this->WriteConfig($config); - $this->setMultiple(function ($confManager) { + $this->setMultiple(function ($confManager) use ($location) { + $confManager->borg_backup_host_location = $location; $confManager->instance_restore_attempt = true; }); } @@ -556,15 +565,6 @@ class ConfigurationManager return $envVariableOutput; } - public function GetBorgBackupHostLocation() : string { - $config = $this->GetConfig(); - if(!isset($config['borg_backup_host_location'])) { - $config['borg_backup_host_location'] = ''; - } - - return $config['borg_backup_host_location']; - } - public function GetBorgRemoteRepo() : string { $config = $this->GetConfig(); if(!isset($config['borg_remote_repo'])) { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 73f4bd9d..a3ea0c9b 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -589,7 +589,7 @@ readonly class DockerActionManager { 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(), 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(), 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', - 'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->GetBorgBackupHostLocation(), + 'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->borg_backup_host_location, 'APACHE_MAX_SIZE' => (string)($this->configurationManager->GetApacheMaxSize()), 'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(), 'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(), From a361ab9d20f4cfc4c5c0fc071509756a734bdea1 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:14:39 +0100 Subject: [PATCH 0963/1064] Make `borg_remote_repo` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 24 ++++++++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 3 files changed, 12 insertions(+), 16 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index eb214eff..16d274f9 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -94,7 +94,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'domain' => $configurationManager->domain, 'apache_port' => $configurationManager->GetApachePort(), 'borg_backup_host_location' => $configurationManager->borg_backup_host_location, - 'borg_remote_repo' => $configurationManager->GetBorgRemoteRepo(), + 'borg_remote_repo' => $configurationManager->borg_remote_repo, 'borg_public_key' => $configurationManager->GetBorgPublicKey(), 'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'), 'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 1c93f51b..5dea0c6d 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -114,6 +114,11 @@ class ConfigurationManager set { $this->set('borg_backup_host_location', $value); } } + public string $borg_remote_repo { + get => $this->get('borg_remote_repo', ''); + set { $this->set('borg_remote_repo', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -384,10 +389,10 @@ class ConfigurationManager $this->ValidateBorgLocationVars($location, $repo); $config = $this->GetConfig(); - $config['borg_remote_repo'] = $repo; $this->WriteConfig($config); - $this->setMultiple(function ($confManager) use ($location) { + $this->setMultiple(function ($confManager) use ($location, $repo) { $confManager->borg_backup_host_location = $location; + $confManager->borg_remote_repo = $repo; }); } @@ -435,10 +440,10 @@ class ConfigurationManager public function DeleteBorgBackupLocationItems() : void { // Delete the variables $config = $this->GetConfig(); - $config['borg_remote_repo'] = ''; $this->WriteConfig($config); $this->setMultiple(function ($confManager) { $confManager->borg_backup_host_location = ''; + $confManager->borg_remote_repo = ''; }); // Also delete the borg config file to be able to start over @@ -460,12 +465,12 @@ class ConfigurationManager } $config = $this->GetConfig(); - $config['borg_remote_repo'] = $repo; $config['borg_restore_password'] = $password; $this->WriteConfig($config); - $this->setMultiple(function ($confManager) use ($location) { + $this->setMultiple(function ($confManager) use ($location, $repo) { $confManager->borg_backup_host_location = $location; + $confManager->borg_remote_repo = $repo; $confManager->instance_restore_attempt = true; }); } @@ -565,15 +570,6 @@ class ConfigurationManager return $envVariableOutput; } - public function GetBorgRemoteRepo() : string { - $config = $this->GetConfig(); - if(!isset($config['borg_remote_repo'])) { - $config['borg_remote_repo'] = ''; - } - - return $config['borg_remote_repo']; - } - public function GetBorgPublicKey() : string { if (!file_exists(DataConst::GetBackupPublicKey())) { return ""; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index a3ea0c9b..876dd805 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -560,7 +560,7 @@ readonly class DockerActionManager { 'NC_DOMAIN' => $this->configurationManager->GetDomain(), 'NC_BASE_DN' => $this->configurationManager->GetBaseDN(), 'AIO_TOKEN' => $this->configurationManager->AIO_TOKEN, - 'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->GetBorgRemoteRepo(), + 'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->borg_remote_repo, 'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(), 'AIO_URL' => $this->configurationManager->AIO_URL, 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '', From 6033a4486c147eab303ba9f8120ab4663e348084 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:16:30 +0100 Subject: [PATCH 0964/1064] Make `borg_restore_password` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 23 +++++++++-------------- php/src/Docker/DockerActionManager.php | 2 +- 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 16d274f9..05c39f76 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -114,7 +114,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled, 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled, 'is_talk_enabled' => $configurationManager->isTalkEnabled, - 'borg_restore_password' => $configurationManager->GetBorgRestorePassword(), + 'borg_restore_password' => $configurationManager->borg_restore_password, 'daily_backup_time' => $configurationManager->GetDailyBackupTime(), 'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(), 'timezone' => $configurationManager->GetTimezone(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 5dea0c6d..2091ddb5 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -119,6 +119,11 @@ class ConfigurationManager set { $this->set('borg_remote_repo', $value); } } + public string $borg_restore_password { + get => $this->get('borg_restore_password', ''); + set { $this->set('borg_restore_password', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -364,13 +369,13 @@ class ConfigurationManager } $config = $this->GetConfig(); - // Reset the borg restore password when setting the domain - $config['borg_restore_password'] = ''; $this->WriteConfig($config); $this->setMultiple(function ($confManager) use ($domain) { // Write domain // Don't set the domain via the attribute, or we create a loop. $confManager->set('domain', $domain); + // Reset the borg restore password when setting the domain + $confManager->borg_restore_password = ''; }); } @@ -465,12 +470,11 @@ class ConfigurationManager } $config = $this->GetConfig(); - $config['borg_restore_password'] = $password; $this->WriteConfig($config); - - $this->setMultiple(function ($confManager) use ($location, $repo) { + $this->setMultiple(function ($confManager) use ($location, $repo, $password) { $confManager->borg_backup_host_location = $location; $confManager->borg_remote_repo = $repo; + $confManager->borg_restore_password = $password; $confManager->instance_restore_attempt = true; }); } @@ -578,15 +582,6 @@ class ConfigurationManager return trim((string)file_get_contents(DataConst::GetBackupPublicKey())); } - public function GetBorgRestorePassword() : string { - $config = $this->GetConfig(); - if(!isset($config['borg_restore_password'])) { - $config['borg_restore_password'] = ''; - } - - return $config['borg_restore_password']; - } - public function GetNextcloudMount() : string { $envVariableName = 'NEXTCLOUD_MOUNT'; $configName = 'nextcloud_mount'; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 876dd805..8b9720fb 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -570,7 +570,7 @@ readonly class DockerActionManager { 'TALK_PORT' => $this->configurationManager->GetTalkPort(), 'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(), 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), - 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->GetBorgRestorePassword(), + 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password, 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '', 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled ? 'yes' : '', 'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '', From 6e5237cd205f0dc6ef069b6026f43a77028d00e7 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:17:25 +0100 Subject: [PATCH 0965/1064] Make `timezone` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- .../Controller/ConfigurationController.php | 4 +-- php/src/Data/ConfigurationManager.php | 36 +++++++++---------- php/src/Docker/DockerActionManager.php | 2 +- 4 files changed, 22 insertions(+), 22 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 05c39f76..130d34d5 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -117,7 +117,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'borg_restore_password' => $configurationManager->borg_restore_password, 'daily_backup_time' => $configurationManager->GetDailyBackupTime(), 'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(), - 'timezone' => $configurationManager->GetTimezone(), + 'timezone' => $configurationManager->timezone, 'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation), 'talk_port' => $configurationManager->GetTalkPort(), 'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(), diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 9688c5e9..58337ef4 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -67,12 +67,12 @@ readonly class ConfigurationController { } if (isset($request->getParsedBody()['delete_timezone'])) { - $this->configurationManager->DeleteTimezone(); + $this->configurationManager->deleteTimezone(); } if (isset($request->getParsedBody()['timezone'])) { $timezone = $request->getParsedBody()['timezone'] ?? ''; - $this->configurationManager->SetTimezone($timezone); + $this->configurationManager->timezone = $timezone; } if (isset($request->getParsedBody()['options-form'])) { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 2091ddb5..119e81ce 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -124,6 +124,18 @@ class ConfigurationManager set { $this->set('borg_restore_password', $value); } } + /** + * @throws InvalidSettingConfigurationException + */ + public string $timezone { + get => $this->get('timezone', ''); + set { + // This throws an exception if the validation fails. + $this->validateTimezone($value); + $this->set('timezone', $value); + } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -784,19 +796,10 @@ class ConfigurationManager return false; } - public function GetTimezone() : string { - $config = $this->GetConfig(); - if(!isset($config['timezone'])) { - $config['timezone'] = ''; - } - - return $config['timezone']; - } - /** * @throws InvalidSettingConfigurationException */ - public function SetTimezone(string $timezone) : void { + private function validateTimezone(string $timezone) : void { if ($timezone === "") { throw new InvalidSettingConfigurationException("The timezone must not be empty!"); } @@ -804,16 +807,13 @@ class ConfigurationManager if (!preg_match("#^[a-zA-Z0-9_\-\/\+]+$#", $timezone)) { throw new InvalidSettingConfigurationException("The entered timezone does not seem to be a valid timezone!"); } - - $config = $this->GetConfig(); - $config['timezone'] = $timezone; - $this->WriteConfig($config); } - public function DeleteTimezone() : void { - $config = $this->GetConfig(); - $config['timezone'] = ''; - $this->WriteConfig($config); + /** + * Provide an extra method since our `timezone` attribute setter prevents setting an empty timezone. + */ + public function deleteTimezone() : void { + $this->set('timezone', ''); } public function shouldDomainValidationBeSkipped(bool $skipDomainValidation) : bool { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 8b9720fb..ae8e9c83 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -577,7 +577,7 @@ readonly class DockerActionManager { 'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '', 'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '', 'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '', - 'TIMEZONE' => $this->configurationManager->GetTimezone() === '' ? 'Etc/UTC' : $this->configurationManager->GetTimezone(), + 'TIMEZONE' => $this->configurationManager->timezone === '' ? 'Etc/UTC' : $this->configurationManager->timezone, 'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(), 'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '', 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '', From ca35006a8595e6abbb0d6313b819ae98b8ea2068 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:18:45 +0100 Subject: [PATCH 0966/1064] Make `collabora_dictionaries` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- .../Controller/ConfigurationController.php | 2 +- php/src/Data/ConfigurationManager.php | 34 +++++++++---------- php/src/Docker/DockerActionManager.php | 2 +- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 130d34d5..dc0151e2 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -120,7 +120,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'timezone' => $configurationManager->timezone, 'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation), 'talk_port' => $configurationManager->GetTalkPort(), - 'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(), + 'collabora_dictionaries' => $configurationManager->collabora_dictionaries, 'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(), 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), 'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(), diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 58337ef4..4a36ce5c 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -117,7 +117,7 @@ readonly class ConfigurationController { if (isset($request->getParsedBody()['collabora_dictionaries'])) { $collaboraDictionaries = $request->getParsedBody()['collabora_dictionaries'] ?? ''; - $this->configurationManager->SetCollaboraDictionaries($collaboraDictionaries); + $this->configurationManager->collabora_dictionaries = $collaboraDictionaries; } if (isset($request->getParsedBody()['delete_collabora_additional_options'])) { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 119e81ce..9f037ec4 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -136,6 +136,18 @@ class ConfigurationManager } } + /** + * @throws InvalidSettingConfigurationException + */ + public string $collabora_dictionaries { + get => $this->get('collabora_dictionaries', ''); + set { + // This throws an exception if the validation fails. + $this->validateCollaboraDictionaries($value); + $this->set('collabora_dictionaries', $value); + } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -831,19 +843,10 @@ class ConfigurationManager return 'deck twofactor_totp tasks calendar contacts notes'; } - public function GetCollaboraDictionaries() : string { - $config = $this->GetConfig(); - if(!isset($config['collabora_dictionaries'])) { - $config['collabora_dictionaries'] = ''; - } - - return $config['collabora_dictionaries']; - } - /** * @throws InvalidSettingConfigurationException */ - public function SetCollaboraDictionaries(string $CollaboraDictionaries) : void { + private function validateCollaboraDictionaries(string $CollaboraDictionaries) : void { if ($CollaboraDictionaries === "") { throw new InvalidSettingConfigurationException("The dictionaries must not be empty!"); } @@ -851,16 +854,13 @@ class ConfigurationManager if (!preg_match("#^[a-zA-Z_ ]+$#", $CollaboraDictionaries)) { throw new InvalidSettingConfigurationException("The entered dictionaries do not seem to be a valid!"); } - - $config = $this->GetConfig(); - $config['collabora_dictionaries'] = $CollaboraDictionaries; - $this->WriteConfig($config); } + /** + * Provide an extra method since the corresponding attribute setter prevents setting an empty value. + */ public function DeleteCollaboraDictionaries() : void { - $config = $this->GetConfig(); - $config['collabora_dictionaries'] = ''; - $this->WriteConfig($config); + $this->set('collabora_dictionaries', ''); } /** diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index ae8e9c83..3bbc37f1 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -578,7 +578,7 @@ readonly class DockerActionManager { 'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '', 'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '', 'TIMEZONE' => $this->configurationManager->timezone === '' ? 'Etc/UTC' : $this->configurationManager->timezone, - 'COLLABORA_DICTIONARIES' => $this->configurationManager->GetCollaboraDictionaries() === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->GetCollaboraDictionaries(), + 'COLLABORA_DICTIONARIES' => $this->configurationManager->collabora_dictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->collabora_dictionaries, 'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '', 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '', 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '', From 228440f2a8905aab4a2db54faa70fc8565776ffd Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:21:23 +0100 Subject: [PATCH 0967/1064] Make `collabora_additional_options` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- .../Controller/ConfigurationController.php | 4 +- php/src/Data/ConfigurationManager.php | 38 +++++++++---------- php/src/Docker/DockerActionManager.php | 4 +- 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index dc0151e2..83d1d878 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -121,7 +121,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation), 'talk_port' => $configurationManager->GetTalkPort(), 'collabora_dictionaries' => $configurationManager->collabora_dictionaries, - 'collabora_additional_options' => $configurationManager->GetAdditionalCollaboraOptions(), + 'collabora_additional_options' => $configurationManager->collabora_additional_options, 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), 'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(), 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled, diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 4a36ce5c..3147fda4 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -121,12 +121,12 @@ readonly class ConfigurationController { } if (isset($request->getParsedBody()['delete_collabora_additional_options'])) { - $this->configurationManager->DeleteAdditionalCollaboraOptions(); + $this->configurationManager->deleteAdditionalCollaboraOptions(); } if (isset($request->getParsedBody()['collabora_additional_options'])) { $additionalCollaboraOptions = $request->getParsedBody()['collabora_additional_options'] ?? ''; - $this->configurationManager->SetAdditionalCollaboraOptions($additionalCollaboraOptions); + $this->configurationManager->collabora_additional_options = $additionalCollaboraOptions; } if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 9f037ec4..3c176556 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -148,6 +148,18 @@ class ConfigurationManager } } + /** + * @throws InvalidSettingConfigurationException + */ + public string $collabora_additional_options { + get => $this->get('collabora_additional_options', ''); + set { + // This throws an exception if the validation fails. + $this->validateCollaboraAdditionalOptions($value); + $this->set('collabora_additional_options', $value); + } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -866,7 +878,7 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public function SetAdditionalCollaboraOptions(string $additionalCollaboraOptions) : void { + private function validateCollaboraAdditionalOptions(string $additionalCollaboraOptions) : void { if ($additionalCollaboraOptions === "") { throw new InvalidSettingConfigurationException("The additional options must not be empty!"); } @@ -874,32 +886,20 @@ class ConfigurationManager if (!preg_match("#^--o:#", $additionalCollaboraOptions)) { throw new InvalidSettingConfigurationException("The entered options must start with '--o:'. So the config does not seem to be a valid!"); } - - $config = $this->GetConfig(); - $config['collabora_additional_options'] = $additionalCollaboraOptions; - $this->WriteConfig($config); - } - - public function GetAdditionalCollaboraOptions() : string { - $config = $this->GetConfig(); - if(!isset($config['collabora_additional_options'])) { - $config['collabora_additional_options'] = ''; - } - - return $config['collabora_additional_options']; } public function isCollaboraSubscriptionEnabled() : bool { - if (str_contains($this->GetAdditionalCollaboraOptions(), '--o:support_key=')) { + if (str_contains($this->collabora_additional_options, '--o:support_key=')) { return true; } return false; } - public function DeleteAdditionalCollaboraOptions() : void { - $config = $this->GetConfig(); - $config['collabora_additional_options'] = ''; - $this->WriteConfig($config); + /** + * Provide an extra method since the corresponding attribute setter prevents setting an empty value. + */ + public function deleteAdditionalCollaboraOptions() : void { + $this->set('collabora_additional_options', ''); } public function GetApacheAdditionalNetwork() : string { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 3bbc37f1..6afa46fe 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -427,8 +427,8 @@ readonly class DockerActionManager { } // Additional Collabora options - if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') { - $requestBody['Cmd'] = [$this->configurationManager->GetAdditionalCollaboraOptions()]; + if ($this->configurationManager->collabora_additional_options !== '') { + $requestBody['Cmd'] = [$this->configurationManager->collabora_additional_options]; } } From 6c04cd055f363dc52d4e1bcac7a317f428246ebb Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 15:44:22 +0100 Subject: [PATCH 0968/1064] Make `aio_community_containers` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 2 +- .../Controller/ConfigurationController.php | 2 +- php/src/Data/ConfigurationManager.php | 26 ++++--------------- php/src/Docker/DockerActionManager.php | 2 +- 5 files changed, 9 insertions(+), 25 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 83d1d878..2d3e4f03 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -138,7 +138,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled, 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled, 'community_containers' => $configurationManager->listAvailableCommunityContainers(), - 'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(), + 'community_containers_enabled' => $configurationManager->aio_community_containers, 'bypass_container_update' => $bypass_container_update, ]); })->setName('profile'); diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index e8244ddc..6f96d480 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -41,7 +41,7 @@ readonly class ContainerDefinitionFetcher { $data = json_decode((string)file_get_contents(DataConst::GetContainersDefinitionPath()), true, 512, JSON_THROW_ON_ERROR); $additionalContainerNames = []; - foreach ($this->configurationManager->GetEnabledCommunityContainers() as $communityContainer) { + foreach ($this->configurationManager->aio_community_containers as $communityContainer) { if ($communityContainer !== '') { $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json'; $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR); diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 3147fda4..a1132981 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -108,7 +108,7 @@ readonly class ConfigurationController { $enabledCC[] = $item; } } - $this->configurationManager->SetEnabledCommunityContainers($enabledCC); + $this->configurationManager->aio_community_containers = $enabledCC; } if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 3c176556..72f69086 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -160,6 +160,11 @@ class ConfigurationManager } } + public array $aio_community_containers { + get => explode(' ', $this->get('aio_community_containers', '')); + set { $this->set('aio_community_containers', implode(' ', $value)); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -931,16 +936,6 @@ class ConfigurationManager } } - private function GetCommunityContainers() : string { - $config = $this->GetConfig(); - if(!isset($config['aio_community_containers'])) { - $config['aio_community_containers'] = ''; - } - - return $config['aio_community_containers']; - } - - public function listAvailableCommunityContainers() : array { $cc = []; $dir = scandir(DataConst::GetCommunityContainersDirectory()); @@ -976,17 +971,6 @@ class ConfigurationManager return $cc; } - /** @return list */ - public function GetEnabledCommunityContainers(): array { - return explode(' ', $this->GetCommunityContainers()); - } - - public function SetEnabledCommunityContainers(array $enabledCommunityContainers) : void { - $config = $this->GetConfig(); - $config['aio_community_containers'] = implode(' ', $enabledCommunityContainers); - $this->WriteConfig($config); - } - private function GetEnabledDriDevice() : string { $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE'; $configName = 'nextcloud_enable_dri_device'; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 6afa46fe..08cbf9b1 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -600,7 +600,7 @@ readonly class DockerActionManager { // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), // Allow to get local ip-address of caddy container and add it to trusted proxies automatically - 'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '', + 'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->aio_community_containers, true) ? gethostbyname('nextcloud-aio-caddy') : '', 'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled ? 'yes' : '', default => $this->configurationManager->GetRegisteredSecret($placeholder), }; From 0a22384cd90127a14f11dc55b1e73c83daf485c4 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 12:23:22 +0100 Subject: [PATCH 0969/1064] Make `turn_domain` an attribute Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 14 +++++--------- php/src/Docker/DockerActionManager.php | 2 +- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 72f69086..9362815a 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -165,6 +165,11 @@ class ConfigurationManager set { $this->set('aio_community_containers', implode(' ', $value)); } } + public string $turn_domain { + get => $this->get('turn_domain', ''); + set { $this->set('turn_domain', $value); } + } + public function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -562,15 +567,6 @@ class ConfigurationManager return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); } - public function GetTurnDomain() : string { - $config = $this->GetConfig(); - if(!isset($config['turn_domain'])) { - $config['turn_domain'] = ''; - } - - return $config['turn_domain']; - } - /** * @throws InvalidSettingConfigurationException */ diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 08cbf9b1..367b7eb4 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -568,7 +568,7 @@ readonly class DockerActionManager { 'APACHE_PORT' => $this->configurationManager->GetApachePort(), 'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(), 'TALK_PORT' => $this->configurationManager->GetTalkPort(), - 'TURN_DOMAIN' => $this->configurationManager->GetTurnDomain(), + 'TURN_DOMAIN' => $this->configurationManager->turn_domain, 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password, 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '', From 4e373cb2f8a0be7e809f0a6d2cdc3700e5b8abf2 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 12:45:00 +0100 Subject: [PATCH 0970/1064] Make `apache_ip_binding` an attribute Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 12 +++++------- php/src/Docker/DockerActionManager.php | 4 ++-- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 9362815a..7182602e 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -124,6 +124,11 @@ class ConfigurationManager set { $this->set('borg_restore_password', $value); } } + public string $apache_ip_binding { + get => $this->GetEnvironmentalVariableOrConfig('APACHE_IP_BINDING', 'apache_ip_binding', ''); + set { $this->set('apache_ip_binding', $value); } + } + /** * @throws InvalidSettingConfigurationException */ @@ -910,13 +915,6 @@ class ConfigurationManager return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); } - public function GetApacheIPBinding() : string { - $envVariableName = 'APACHE_IP_BINDING'; - $configName = 'apache_ip_binding'; - $defaultValue = ''; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); - } - private function GetDisableBackupSection() : string { $envVariableName = 'AIO_DISABLE_BACKUP_SECTION'; $configName = 'disable_backup_section'; diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 367b7eb4..b1bf847e 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -297,7 +297,7 @@ readonly class DockerActionManager { } $ipBinding = $value->ipBinding; if ($ipBinding === '%APACHE_IP_BINDING%') { - $ipBinding = $this->configurationManager->GetApacheIPBinding(); + $ipBinding = $this->configurationManager->apache_ip_binding; // Do not expose if AIO is in internal network mode if ($ipBinding === '@INTERNAL') { continue; @@ -566,7 +566,7 @@ readonly class DockerActionManager { 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '', 'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime, 'APACHE_PORT' => $this->configurationManager->GetApachePort(), - 'APACHE_IP_BINDING' => $this->configurationManager->GetApacheIPBinding(), + 'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding, 'TALK_PORT' => $this->configurationManager->GetTalkPort(), 'TURN_DOMAIN' => $this->configurationManager->turn_domain, 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), From dc28eb67372be8bc6848eb17c27673c1ae382bb4 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 12:47:45 +0100 Subject: [PATCH 0971/1064] Make `apache_port` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 10 ++++------ php/src/Docker/DockerActionManager.php | 8 ++++---- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 2d3e4f03..27364a98 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -92,7 +92,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ return $view->render($response, 'containers.twig', [ 'domain' => $configurationManager->domain, - 'apache_port' => $configurationManager->GetApachePort(), + 'apache_port' => $configurationManager->apache_port, 'borg_backup_host_location' => $configurationManager->borg_backup_host_location, 'borg_remote_repo' => $configurationManager->borg_remote_repo, 'borg_public_key' => $configurationManager->GetBorgPublicKey(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 7182602e..aaef8e08 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -363,7 +363,7 @@ class ConfigurationManager } // Get the apache port - $port = $this->GetApachePort(); + $port = $this->apache_port; if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { if ($port === '443') { @@ -558,11 +558,9 @@ class ConfigurationManager $this->set('password', $newPassword); } - public function GetApachePort() : string { - $envVariableName = 'APACHE_PORT'; - $configName = 'apache_port'; - $defaultValue = '443'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public string $apache_port { + get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443'); + set { $this->set('apache_port', $value); } } public function GetTalkPort() : string { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index b1bf847e..0db11ade 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -115,7 +115,7 @@ readonly class DockerActionManager { $containerName = $container->identifier; $internalPort = $container->internalPorts; if ($internalPort === '%APACHE_PORT%') { - $internalPort = $this->configurationManager->GetApachePort(); + $internalPort = $this->configurationManager->apache_port; } elseif ($internalPort === '%TALK_PORT%') { $internalPort = $this->configurationManager->GetTalkPort(); } @@ -261,7 +261,7 @@ readonly class DockerActionManager { $port = $value->port; $protocol = $value->protocol; if ($port === '%APACHE_PORT%') { - $port = $this->configurationManager->GetApachePort(); + $port = $this->configurationManager->apache_port; // Do not expose udp if AIO is in reverse proxy mode if ($port !== '443' && $protocol === 'udp') { continue; @@ -283,7 +283,7 @@ readonly class DockerActionManager { $port = $value->port; $protocol = $value->protocol; if ($port === '%APACHE_PORT%') { - $port = $this->configurationManager->GetApachePort(); + $port = $this->configurationManager->apache_port; // Do not expose udp if AIO is in reverse proxy mode if ($port !== '443' && $protocol === 'udp') { continue; @@ -565,7 +565,7 @@ readonly class DockerActionManager { 'AIO_URL' => $this->configurationManager->AIO_URL, 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '', 'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime, - 'APACHE_PORT' => $this->configurationManager->GetApachePort(), + 'APACHE_PORT' => $this->configurationManager->apache_port, 'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding, 'TALK_PORT' => $this->configurationManager->GetTalkPort(), 'TURN_DOMAIN' => $this->configurationManager->turn_domain, From 96c9c1a6f91befbba4150d9312bc00173044ade9 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 12:52:24 +0100 Subject: [PATCH 0972/1064] Make `talk_port` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 10 ++++------ php/src/Docker/DockerActionManager.php | 8 ++++---- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 27364a98..718ad0ca 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -119,7 +119,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(), 'timezone' => $configurationManager->timezone, 'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation), - 'talk_port' => $configurationManager->GetTalkPort(), + 'talk_port' => $configurationManager->talk_port, 'collabora_dictionaries' => $configurationManager->collabora_dictionaries, 'collabora_additional_options' => $configurationManager->collabora_additional_options, 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index aaef8e08..fca733e9 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -562,12 +562,10 @@ class ConfigurationManager get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443'); set { $this->set('apache_port', $value); } } - - public function GetTalkPort() : string { - $envVariableName = 'TALK_PORT'; - $configName = 'talk_port'; - $defaultValue = '3478'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + + public string $talk_port { + get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478'); + set { $this->set('talk_port', $value); } } /** diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 0db11ade..8cfbe399 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -117,7 +117,7 @@ readonly class DockerActionManager { if ($internalPort === '%APACHE_PORT%') { $internalPort = $this->configurationManager->apache_port; } elseif ($internalPort === '%TALK_PORT%') { - $internalPort = $this->configurationManager->GetTalkPort(); + $internalPort = $this->configurationManager->talk_port; } if ($internalPort !== "" && $internalPort !== 'host') { @@ -267,7 +267,7 @@ readonly class DockerActionManager { continue; } } else if ($port === '%TALK_PORT%') { - $port = $this->configurationManager->GetTalkPort(); + $port = $this->configurationManager->talk_port; } $portWithProtocol = $port . '/' . $protocol; $exposedPorts[$portWithProtocol] = null; @@ -289,7 +289,7 @@ readonly class DockerActionManager { continue; } } else if ($port === '%TALK_PORT%') { - $port = $this->configurationManager->GetTalkPort(); + $port = $this->configurationManager->talk_port; // Skip publishing talk tcp port if it is set to 443 if ($port === '443' && $protocol === 'tcp') { continue; @@ -567,7 +567,7 @@ readonly class DockerActionManager { 'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime, 'APACHE_PORT' => $this->configurationManager->apache_port, 'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding, - 'TALK_PORT' => $this->configurationManager->GetTalkPort(), + 'TALK_PORT' => $this->configurationManager->talk_port, 'TURN_DOMAIN' => $this->configurationManager->turn_domain, 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password, From 903aed1e34797c0fcaaa6bde13fe83b9cd77000f Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 12:54:14 +0100 Subject: [PATCH 0973/1064] Make `nextcloud_upload_limit` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 11 ++++------- php/src/Docker/DockerActionManager.php | 2 +- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 718ad0ca..b14bb449 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -129,7 +129,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), 'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(), 'nextcloud_mount' => $configurationManager->GetNextcloudMount(), - 'nextcloud_upload_limit' => $configurationManager->GetNextcloudUploadLimit(), + 'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit, 'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(), 'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(), 'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index fca733e9..f9525c09 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -634,13 +634,10 @@ class ConfigurationManager return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); } - public function GetNextcloudUploadLimit() : string { - $envVariableName = 'NEXTCLOUD_UPLOAD_LIMIT'; - $configName = 'nextcloud_upload_limit'; - $defaultValue = '16G'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public string $nextcloud_upload_limit { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G'); + set { $this->set('nextcloud_upload_limit', $value); } } - public function GetNextcloudMemoryLimit() : string { $envVariableName = 'NEXTCLOUD_MEMORY_LIMIT'; $configName = 'nextcloud_memory_limit'; @@ -649,7 +646,7 @@ class ConfigurationManager } public function GetApacheMaxSize() : int { - $uploadLimit = (int)rtrim($this->GetNextcloudUploadLimit(), 'G'); + $uploadLimit = (int)rtrim($this->nextcloud_upload_limit, 'G'); return $uploadLimit * 1024 * 1024 * 1024; } diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 8cfbe399..d42678a7 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -582,7 +582,7 @@ readonly class DockerActionManager { 'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '', 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '', 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '', - 'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->GetNextcloudUploadLimit(), + 'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->nextcloud_upload_limit, 'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(), 'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(), 'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(), From 4de73dd75b865b6e5a1e0488ca0e92d30efbbbd8 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 12:53:22 +0100 Subject: [PATCH 0974/1064] Make `nextcloud_mount` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 ++-- php/src/Data/ConfigurationManager.php | 8 +++----- php/src/Docker/DockerActionManager.php | 6 +++--- 4 files changed, 9 insertions(+), 11 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index b14bb449..a87449fc 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -128,7 +128,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled, 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), 'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(), - 'nextcloud_mount' => $configurationManager->GetNextcloudMount(), + 'nextcloud_mount' => $configurationManager->nextcloud_mount, 'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit, 'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(), 'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 6f96d480..c81989f2 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -119,7 +119,7 @@ readonly class ContainerDefinitionFetcher { } } if($value['source'] === '%NEXTCLOUD_MOUNT%') { - $value['source'] = $this->configurationManager->GetNextcloudMount(); + $value['source'] = $this->configurationManager->nextcloud_mount; if($value['source'] === '') { continue; } @@ -140,7 +140,7 @@ readonly class ContainerDefinitionFetcher { } } if ($value['destination'] === '%NEXTCLOUD_MOUNT%') { - $value['destination'] = $this->configurationManager->GetNextcloudMount(); + $value['destination'] = $this->configurationManager->nextcloud_mount; if($value['destination'] === '') { continue; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index f9525c09..da823439 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -620,11 +620,9 @@ class ConfigurationManager return trim((string)file_get_contents(DataConst::GetBackupPublicKey())); } - public function GetNextcloudMount() : string { - $envVariableName = 'NEXTCLOUD_MOUNT'; - $configName = 'nextcloud_mount'; - $defaultValue = ''; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public string $nextcloud_mount { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', ''); + set { $this->set('nextcloud_mount', $value); } } public function GetNextcloudDatadirMount() : string { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index d42678a7..7ab3bc23 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -205,7 +205,7 @@ readonly class DockerActionManager { foreach ($container->volumes->GetVolumes() as $volume) { // // NEXTCLOUD_MOUNT gets added via bind-mount later on // if ($container->identifier === 'nextcloud-aio-nextcloud') { - // if ($volume->name === $this->configurationManager->GetNextcloudMount()) { + // if ($volume->name === $this->configurationManager->nextcloud_mount) { // continue; // } // } @@ -408,7 +408,7 @@ readonly class DockerActionManager { // // Special things for the nextcloud container which should not be exposed in the containers.json // } elseif ($container->identifier === 'nextcloud-aio-nextcloud') { // foreach ($container->volumes->GetVolumes() as $volume) { - // if ($volume->name !== $this->configurationManager->GetNextcloudMount()) { + // if ($volume->name !== $this->configurationManager->nextcloud_mount) { // continue; // } // $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]]; @@ -569,7 +569,7 @@ readonly class DockerActionManager { 'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding, 'TALK_PORT' => $this->configurationManager->talk_port, 'TURN_DOMAIN' => $this->configurationManager->turn_domain, - 'NEXTCLOUD_MOUNT' => $this->configurationManager->GetNextcloudMount(), + 'NEXTCLOUD_MOUNT' => $this->configurationManager->nextcloud_mount, 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password, 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '', 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled ? 'yes' : '', From 3e19fa66d0271eb3b656a0aebab90e17383f6406 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 12:51:30 +0100 Subject: [PATCH 0975/1064] Make `nextcloud_datadir_mount` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 2 +- php/src/Data/ConfigurationManager.php | 13 ++++++------- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index a87449fc..e312a7df 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -127,7 +127,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled, 'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled, 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), - 'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(), + 'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount, 'nextcloud_mount' => $configurationManager->nextcloud_mount, 'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit, 'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index c81989f2..22309da8 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -124,7 +124,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') { - $value['source'] = $this->configurationManager->GetNextcloudDatadirMount(); + $value['source'] = $this->configurationManager->nextcloud_datadir_mount; if ($value['source'] === '') { continue; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index da823439..b2dd40fb 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -473,8 +473,8 @@ class ConfigurationManager // Prevent backup to be contained in Nextcloud Datadir as this will delete the backup archive upon restore // See https://github.com/nextcloud/all-in-one/issues/6607 - if (str_starts_with($location . '/', rtrim($this->GetNextcloudDatadirMount(), '/') . '/')) { - throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->GetNextcloudDatadirMount()); + if (str_starts_with($location . '/', rtrim($this->nextcloud_datadir_mount, '/') . '/')) { + throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->nextcloud_datadir_mount); } } else { @@ -625,11 +625,10 @@ class ConfigurationManager set { $this->set('nextcloud_mount', $value); } } - public function GetNextcloudDatadirMount() : string { - $envVariableName = 'NEXTCLOUD_DATADIR'; - $configName = 'nextcloud_datadir'; - $defaultValue = 'nextcloud_aio_nextcloud_data'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + + public string $nextcloud_datadir_mount { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data'); + set { $this->set('nextcloud_datadir_mount', $value); } } public string $nextcloud_upload_limit { From c1f8ac6989e9a0064c6012546f0f6060fccac190 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 12:54:54 +0100 Subject: [PATCH 0976/1064] Make `nextcloud_memory_limit` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 9 ++++----- php/src/Docker/DockerActionManager.php | 2 +- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index e312a7df..7bace4ac 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -131,7 +131,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'nextcloud_mount' => $configurationManager->nextcloud_mount, 'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit, 'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(), - 'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(), + 'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit, 'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(), 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), 'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled, diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index b2dd40fb..c466bb3c 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -635,11 +635,10 @@ class ConfigurationManager get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G'); set { $this->set('nextcloud_upload_limit', $value); } } - public function GetNextcloudMemoryLimit() : string { - $envVariableName = 'NEXTCLOUD_MEMORY_LIMIT'; - $configName = 'nextcloud_memory_limit'; - $defaultValue = '512M'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + + public string $nextcloud_memory_limit { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M'); + set { $this->set('nextcloud_memory_limit', $value); } } public function GetApacheMaxSize() : int { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 7ab3bc23..ee3cee60 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -583,7 +583,7 @@ readonly class DockerActionManager { 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '', 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '', 'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->nextcloud_upload_limit, - 'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->GetNextcloudMemoryLimit(), + 'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->nextcloud_memory_limit, 'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(), 'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(), 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(), From 367e847cc813a674c8977c3b0e7e635588838dda Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 12:55:58 +0100 Subject: [PATCH 0977/1064] Make `nextcloud_max_time` an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 8 +++----- php/src/Docker/DockerActionManager.php | 2 +- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 7bace4ac..d4f4799f 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -130,7 +130,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount, 'nextcloud_mount' => $configurationManager->nextcloud_mount, 'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit, - 'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(), + 'nextcloud_max_time' => $configurationManager->nextcloud_max_time, 'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit, 'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(), 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index c466bb3c..44c8cc62 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -646,11 +646,9 @@ class ConfigurationManager return $uploadLimit * 1024 * 1024 * 1024; } - public function GetNextcloudMaxTime() : string { - $envVariableName = 'NEXTCLOUD_MAX_TIME'; - $configName = 'nextcloud_max_time'; - $defaultValue = '3600'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public string $nextcloud_max_time { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600'); + set { $this->set('nextcloud_max_time', $value); } } public function GetBorgRetentionPolicy() : string { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index ee3cee60..b14e31db 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -584,7 +584,7 @@ readonly class DockerActionManager { 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '', 'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->nextcloud_upload_limit, 'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->nextcloud_memory_limit, - 'NEXTCLOUD_MAX_TIME' => $this->configurationManager->GetNextcloudMaxTime(), + 'NEXTCLOUD_MAX_TIME' => $this->configurationManager->nextcloud_max_time, 'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(), 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(), 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(), From f1ffd0771ce86e253e40e16ef4996fe16a960c76 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 14:28:15 +0100 Subject: [PATCH 0978/1064] Privatize GetConfig() and WriteConfig() Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 44c8cc62..e172d19b 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -175,7 +175,7 @@ class ConfigurationManager set { $this->set('turn_domain', $value); } } - public function GetConfig() : array + private function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) { @@ -571,10 +571,7 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public function WriteConfig(?array $config) : void { - if ($config) { - $this->config = $config; - } + private function WriteConfig() : void { if(!is_dir(DataConst::GetDataDirectory())) { throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!"); } From c997332e47e26473536fbffa5e6881293814f369 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 18:28:58 +0100 Subject: [PATCH 0979/1064] Remove residue code Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 9 --------- 1 file changed, 9 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e172d19b..b30e6fc3 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -419,8 +419,6 @@ class ConfigurationManager } } - $config = $this->GetConfig(); - $this->WriteConfig($config); $this->setMultiple(function ($confManager) use ($domain) { // Write domain // Don't set the domain via the attribute, or we create a loop. @@ -443,9 +441,6 @@ class ConfigurationManager */ public function SetBorgLocationVars(string $location, string $repo) : void { $this->ValidateBorgLocationVars($location, $repo); - - $config = $this->GetConfig(); - $this->WriteConfig($config); $this->setMultiple(function ($confManager) use ($location, $repo) { $confManager->borg_backup_host_location = $location; $confManager->borg_remote_repo = $repo; @@ -495,8 +490,6 @@ class ConfigurationManager public function DeleteBorgBackupLocationItems() : void { // Delete the variables - $config = $this->GetConfig(); - $this->WriteConfig($config); $this->setMultiple(function ($confManager) { $confManager->borg_backup_host_location = ''; $confManager->borg_remote_repo = ''; @@ -520,8 +513,6 @@ class ConfigurationManager throw new InvalidSettingConfigurationException("Please enter the password!"); } - $config = $this->GetConfig(); - $this->WriteConfig($config); $this->setMultiple(function ($confManager) use ($location, $repo, $password) { $confManager->borg_backup_host_location = $location; $confManager->borg_remote_repo = $repo; From 9c9ad02f8a830f210494ea141fbcf400bb87fbd7 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 16:31:29 +0100 Subject: [PATCH 0980/1064] Set multiple attributes at once Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 27 +++++++++++++++---------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 4e6d52b7..f1c5400d 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -123,9 +123,11 @@ readonly class DockerController { } public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response { - $this->configurationManager->backupMode = 'restore'; - $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? ''; - $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']); + $this->configurationManager->setMultiple(function ($confManager) use ($request) { + $confManager->backupMode = 'restore'; + $confManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? ''; + $confManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']); + }); $id = self::TOP_CONTAINER; $forceStopNextcloud = true; @@ -150,8 +152,10 @@ readonly class DockerController { } public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response { - $this->configurationManager->backupMode = 'test'; - $this->configurationManager->instance_restore_attempt = false; + $this->configurationManager->setMultiple(function ($confManager) { + $confManager->backupMode = 'test'; + $confManager->instance_restore_attempt = false; + }); $id = self::TOP_CONTAINER; $this->PerformRecursiveContainerStop($id); @@ -173,12 +177,13 @@ readonly class DockerController { $port = 443; } - $this->configurationManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']); - // set AIO_URL - $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path; - // set wasStartButtonClicked - $this->configurationManager->wasStartButtonClicked = true; - + $this->configurationManager->setMultiple(function ($confManager) use ($request, $host, $port, $path) { + $confManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']); + // set AIO_URL + $confManager->AIO_URL = $host . ':' . (string)$port . $path; + // set wasStartButtonClicked + $confManager->wasStartButtonClicked = true; + }); // Do not pull container images in case 'bypass_container_update' is set via url params // Needed for local testing $pullImage = !isset($request->getParsedBody()['bypass_container_update']); From 844831a899fd075adcd820b307faac0c81b20eb8 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 09:27:43 +0100 Subject: [PATCH 0981/1064] Move handling ENV-var replacement into ConfigurationManger It's the more appropriate place to have this code, and we had to touch it anyways to make it assign the values to the attributes. Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 93 ++++++++++++++++++++++++++ php/src/Docker/DockerActionManager.php | 88 +----------------------- 2 files changed, 95 insertions(+), 86 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index b30e6fc3..2cbae5cc 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -980,4 +980,97 @@ class ConfigurationManager return true; } } + + public function setAioVariables(array $input) : void { + if ($input === []) { + return; + } + $this->setMultiple(function($confManager) use ($input) { + foreach ($input as $variable) { + $keyWithValue = $confManager->replaceEnvPlaceholders($variable); + [$key, $value] = explode('=', $keyWithValue, 2); + // Set if there's an attribute corresponding to the key. + if (isset($key, $confManager->$key)) { + $confManager->$key = $value; + } + } + }); + } + + // + // Replaces placeholders in $envValue with their values. + // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000" + public function replaceEnvPlaceholders(string $envValue): string { + // $pattern breaks down as: + // % - matches a literal percent sign + // ([^%]+) - capture group that matches one or more characters that are NOT percent signs + // % - matches the closing percent sign + // + // Assumes literal percent signs are always matched and there is no + // escaping. + $pattern = '/%([^%]+)%/'; + $matchCount = preg_match_all($pattern, $envValue, $matches); + + if ($matchCount === 0) { + return $envValue; + } + + $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...] + $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...] + $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...] + $placeholderValues = array_map($this->getPlaceholderValue(...), $placeholderNames); // ["val1", "val2"] + // Guaranteed to be non-null because we found the placeholders in the preg_match_all. + return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue); + } + + private function getPlaceholderValue(string $placeholder) : string { + return match ($placeholder) { + 'NC_DOMAIN' => $this->domain, + 'NC_BASE_DN' => $this->GetBaseDN(), + 'AIO_TOKEN' => $this->AIO_TOKEN, + 'BORGBACKUP_REMOTE_REPO' => $this->borg_remote_repo, + 'BORGBACKUP_MODE' => $this->backupMode, + 'AIO_URL' => $this->AIO_URL, + 'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime, + 'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '', + 'APACHE_PORT' => $this->apache_port, + 'APACHE_IP_BINDING' => $this->apache_ip_binding, + 'TALK_PORT' => $this->talk_port, + 'TURN_DOMAIN' => $this->turn_domain, + 'NEXTCLOUD_MOUNT' => $this->nextcloud_mount, + 'BACKUP_RESTORE_PASSWORD' => $this->borg_restore_password, + 'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '', + 'TALK_RECORDING_ENABLED' => $this->isTalkRecordingEnabled ? 'yes' : '', + 'ONLYOFFICE_ENABLED' => $this->isOnlyofficeEnabled ? 'yes' : '', + 'COLLABORA_ENABLED' => $this->isCollaboraEnabled ? 'yes' : '', + 'TALK_ENABLED' => $this->isTalkEnabled ? 'yes' : '', + 'UPDATE_NEXTCLOUD_APPS' => ($this->isDailyBackupRunning() && $this->areAutomaticUpdatesEnabled()) ? 'yes' : '', + 'TIMEZONE' => $this->timezone === '' ? 'Etc/UTC' : $this->timezone, + 'COLLABORA_DICTIONARIES' => $this->collabora_dictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->collabora_dictionaries, + 'IMAGINARY_ENABLED' => $this->isImaginaryEnabled ? 'yes' : '', + 'FULLTEXTSEARCH_ENABLED' => $this->isFulltextsearchEnabled ? 'yes' : '', + 'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '', + 'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloud_upload_limit, + 'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloud_memory_limit, + 'NEXTCLOUD_MAX_TIME' => $this->nextcloud_max_time, + 'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(), + 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(), + 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(), + 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', + 'BORGBACKUP_HOST_LOCATION' => $this->borg_backup_host_location, + 'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()), + 'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(), + 'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(), + 'NEXTCLOUD_ADDITIONAL_APKS' => $this->GetNextcloudAdditionalApks(), + 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(), + 'INSTALL_LATEST_MAJOR' => $this->install_latest_major ? 'yes' : '', + 'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '', + // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) + 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), + // Allow to get local ip-address of caddy container and add it to trusted proxies automatically + 'CADDY_IP_ADDRESS' => in_array('caddy', $this->aio_community_containers, true) ? gethostbyname('nextcloud-aio-caddy') : '', + 'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '', + default => $this->GetRegisteredSecret($placeholder), + }; + } } diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index b14e31db..832480c2 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -228,15 +228,7 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Binds'] = $volumes; } - $aioVariables = $container->aioVariables->GetVariables(); - foreach ($aioVariables as $variable) { - $config = $this->configurationManager->GetConfig(); - $variable = $this->replaceEnvPlaceholders($variable); - $variableArray = explode('=', $variable); - $config[$variableArray[0]] = $variableArray[1]; - $this->configurationManager->WriteConfig($config); - sleep(1); - } + $this->configurationManager->setAioVariables($container->aioVariables->GetVariables()); $envs = $container->containerEnvironmentVariables->GetVariables(); // Special thing for the nextcloud container @@ -244,7 +236,7 @@ readonly class DockerActionManager { $envs[] = $this->GetAllNextcloudExecCommands(); } foreach ($envs as $key => $env) { - $envs[$key] = $this->replaceEnvPlaceholders($env); + $envs[$key] = $this->configurationManager->replaceEnvPlaceholders($env); } if (count($envs) > 0) { @@ -530,82 +522,6 @@ readonly class DockerActionManager { } } - // Replaces placeholders in $envValue with their values. - // E.g. "%NC_DOMAIN%:%APACHE_PORT" becomes "my.nextcloud.com:11000" - private function replaceEnvPlaceholders(string $envValue): string { - // $pattern breaks down as: - // % - matches a literal percent sign - // ([^%]+) - capture group that matches one or more characters that are NOT percent signs - // % - matches the closing percent sign - // - // Assumes literal percent signs are always matched and there is no - // escaping. - $pattern = '/%([^%]+)%/'; - $matchCount = preg_match_all($pattern, $envValue, $matches); - - if ($matchCount === 0) { - return $envValue; - } - - $placeholders = $matches[0]; // ["%PLACEHOLDER1%", "%PLACEHOLDER2%", ...] - $placeholderNames = $matches[1]; // ["PLACEHOLDER1", "PLACEHOLDER2", ...] - $placeholderPatterns = array_map(static fn(string $p) => '/' . preg_quote($p) . '/', $placeholders); // ["/%PLACEHOLDER1%/", ...] - $placeholderValues = array_map($this->getPlaceholderValue(...), $placeholderNames); // ["val1", "val2"] - // Guaranteed to be non-null because we found the placeholders in the preg_match_all. - return (string) preg_replace($placeholderPatterns, $placeholderValues, $envValue); - } - - private function getPlaceholderValue(string $placeholder) : string { - return match ($placeholder) { - 'NC_DOMAIN' => $this->configurationManager->GetDomain(), - 'NC_BASE_DN' => $this->configurationManager->GetBaseDN(), - 'AIO_TOKEN' => $this->configurationManager->AIO_TOKEN, - 'BORGBACKUP_REMOTE_REPO' => $this->configurationManager->borg_remote_repo, - 'BORGBACKUP_MODE' => $this->configurationManager->GetBackupMode(), - 'AIO_URL' => $this->configurationManager->AIO_URL, - 'RESTORE_EXCLUDE_PREVIEWS' => $this->configurationManager->restoreExcludePreviews ? '1' : '', - 'SELECTED_RESTORE_TIME' => $this->configurationManager->selectedRestoreTime, - 'APACHE_PORT' => $this->configurationManager->apache_port, - 'APACHE_IP_BINDING' => $this->configurationManager->apache_ip_binding, - 'TALK_PORT' => $this->configurationManager->talk_port, - 'TURN_DOMAIN' => $this->configurationManager->turn_domain, - 'NEXTCLOUD_MOUNT' => $this->configurationManager->nextcloud_mount, - 'BACKUP_RESTORE_PASSWORD' => $this->configurationManager->borg_restore_password, - 'CLAMAV_ENABLED' => $this->configurationManager->isClamavEnabled ? 'yes' : '', - 'TALK_RECORDING_ENABLED' => $this->configurationManager->isTalkRecordingEnabled ? 'yes' : '', - 'ONLYOFFICE_ENABLED' => $this->configurationManager->isOnlyofficeEnabled ? 'yes' : '', - 'COLLABORA_ENABLED' => $this->configurationManager->isCollaboraEnabled ? 'yes' : '', - 'TALK_ENABLED' => $this->configurationManager->isTalkEnabled ? 'yes' : '', - 'UPDATE_NEXTCLOUD_APPS' => ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) ? 'yes' : '', - 'TIMEZONE' => $this->configurationManager->timezone === '' ? 'Etc/UTC' : $this->configurationManager->timezone, - 'COLLABORA_DICTIONARIES' => $this->configurationManager->collabora_dictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->configurationManager->collabora_dictionaries, - 'IMAGINARY_ENABLED' => $this->configurationManager->isImaginaryEnabled ? 'yes' : '', - 'FULLTEXTSEARCH_ENABLED' => $this->configurationManager->isFulltextsearchEnabled ? 'yes' : '', - 'DOCKER_SOCKET_PROXY_ENABLED' => $this->configurationManager->isDockerSocketProxyEnabled ? 'yes' : '', - 'NEXTCLOUD_UPLOAD_LIMIT' => $this->configurationManager->nextcloud_upload_limit, - 'NEXTCLOUD_MEMORY_LIMIT' => $this->configurationManager->nextcloud_memory_limit, - 'NEXTCLOUD_MAX_TIME' => $this->configurationManager->nextcloud_max_time, - 'BORG_RETENTION_POLICY' => $this->configurationManager->GetBorgRetentionPolicy(), - 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->configurationManager->GetFulltextsearchJavaOptions(), - 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->configurationManager->GetTrustedCacertsDir(), - 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->configurationManager->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', - 'BORGBACKUP_HOST_LOCATION' => $this->configurationManager->borg_backup_host_location, - 'APACHE_MAX_SIZE' => (string)($this->configurationManager->GetApacheMaxSize()), - 'COLLABORA_SECCOMP_POLICY' => $this->configurationManager->GetCollaboraSeccompPolicy(), - 'NEXTCLOUD_STARTUP_APPS' => $this->configurationManager->GetNextcloudStartupApps(), - 'NEXTCLOUD_ADDITIONAL_APKS' => $this->configurationManager->GetNextcloudAdditionalApks(), - 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->configurationManager->GetNextcloudAdditionalPhpExtensions(), - 'INSTALL_LATEST_MAJOR' => $this->configurationManager->install_latest_major ? 'yes' : '', - 'REMOVE_DISABLED_APPS' => $this->configurationManager->shouldDisabledAppsGetRemoved() ? 'yes' : '', - // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) - 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), - // Allow to get local ip-address of caddy container and add it to trusted proxies automatically - 'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->aio_community_containers, true) ? gethostbyname('nextcloud-aio-caddy') : '', - 'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled ? 'yes' : '', - default => $this->configurationManager->GetRegisteredSecret($placeholder), - }; - } - private function isContainerUpdateAvailable(string $id): string { $container = $this->containerDefinitionFetcher->GetContainerById($id); From fd308d4b802c31169fb2df2189daad638c32a7ce Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 19 Jan 2026 15:18:13 +0100 Subject: [PATCH 0982/1064] Simplify some code a little bit Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 2cbae5cc..19ff0b74 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -697,10 +697,7 @@ class ConfigurationManager } public function isSeccompDisabled() : bool { - if ($this->GetCollaboraSeccompDisabledState() === 'true') { - return true; - } - return false; + return $this->GetCollaboraSeccompDisabledState() === 'true'; } /** @@ -795,10 +792,7 @@ class ConfigurationManager } public function isDailyBackupRunning() : bool { - if (file_exists(DataConst::GetDailyBackupBlockFile())) { - return true; - } - return false; + return file_exists(DataConst::GetDailyBackupBlockFile()); } /** @@ -870,10 +864,7 @@ class ConfigurationManager } public function isCollaboraSubscriptionEnabled() : bool { - if (str_contains($this->collabora_additional_options, '--o:support_key=')) { - return true; - } - return false; + return str_contains($this->collabora_additional_options, '--o:support_key='); } /** From 662840bc25444fb1081af602a0143c6cea2f75ae Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 19:36:39 +0100 Subject: [PATCH 0983/1064] Make psalm accept the property-hooks for virtual attributes Signed-off-by: Pablo Zmdl --- php/psalm.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/php/psalm.xml b/php/psalm.xml index d7ce38c9..576d82d2 100644 --- a/php/psalm.xml +++ b/php/psalm.xml @@ -20,5 +20,10 @@ + + + + + From 77bec5898f84de1e0f9dd66bf3e0ceef8919abf5 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 20 Jan 2026 19:34:52 +0100 Subject: [PATCH 0984/1064] Type for Closure argument Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 6 +++--- php/src/Data/ConfigurationManager.php | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index f1c5400d..c60efda5 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -123,7 +123,7 @@ readonly class DockerController { } public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response { - $this->configurationManager->setMultiple(function ($confManager) use ($request) { + $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) use ($request) { $confManager->backupMode = 'restore'; $confManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? ''; $confManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']); @@ -152,7 +152,7 @@ readonly class DockerController { } public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response { - $this->configurationManager->setMultiple(function ($confManager) { + $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) { $confManager->backupMode = 'test'; $confManager->instance_restore_attempt = false; }); @@ -177,7 +177,7 @@ readonly class DockerController { $port = 443; } - $this->configurationManager->setMultiple(function ($confManager) use ($request, $host, $port, $path) { + $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) use ($request, $host, $port, $path) { $confManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']); // set AIO_URL $confManager->AIO_URL = $host . ':' . (string)$port . $path; diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 19ff0b74..2fb0a413 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -419,7 +419,7 @@ class ConfigurationManager } } - $this->setMultiple(function ($confManager) use ($domain) { + $this->setMultiple(function (ConfigurationManager $confManager) use ($domain) { // Write domain // Don't set the domain via the attribute, or we create a loop. $confManager->set('domain', $domain); @@ -441,7 +441,7 @@ class ConfigurationManager */ public function SetBorgLocationVars(string $location, string $repo) : void { $this->ValidateBorgLocationVars($location, $repo); - $this->setMultiple(function ($confManager) use ($location, $repo) { + $this->setMultiple(function (ConfigurationManager $confManager) use ($location, $repo) { $confManager->borg_backup_host_location = $location; $confManager->borg_remote_repo = $repo; }); @@ -490,7 +490,7 @@ class ConfigurationManager public function DeleteBorgBackupLocationItems() : void { // Delete the variables - $this->setMultiple(function ($confManager) { + $this->setMultiple(function (ConfigurationManager $confManager) { $confManager->borg_backup_host_location = ''; $confManager->borg_remote_repo = ''; }); @@ -513,7 +513,7 @@ class ConfigurationManager throw new InvalidSettingConfigurationException("Please enter the password!"); } - $this->setMultiple(function ($confManager) use ($location, $repo, $password) { + $this->setMultiple(function (ConfigurationManager $confManager) use ($location, $repo, $password) { $confManager->borg_backup_host_location = $location; $confManager->borg_remote_repo = $repo; $confManager->borg_restore_password = $password; @@ -976,7 +976,7 @@ class ConfigurationManager if ($input === []) { return; } - $this->setMultiple(function($confManager) use ($input) { + $this->setMultiple(function(ConfigurationManager $confManager) use ($input) { foreach ($input as $variable) { $keyWithValue = $confManager->replaceEnvPlaceholders($variable); [$key, $value] = explode('=', $keyWithValue, 2); From c65ccd2db02f7dfbf664ce17b7ca07036d5d4516 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Wed, 21 Jan 2026 09:54:29 +0100 Subject: [PATCH 0985/1064] Make aio-variables code more robust and psalm-compatible Now the input gets checked for being useful. It's user-generated data in the end, which might be "funny" in curious ways. psalm complained about the possibly unset second array key in the destructuring assignment of `$key` and `$value`, which won't happen due to the check for a present equal sign earlier, but nonetheless this way the code is more robust. Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 2fb0a413..2863d6e8 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -978,10 +978,19 @@ class ConfigurationManager } $this->setMultiple(function(ConfigurationManager $confManager) use ($input) { foreach ($input as $variable) { + if (!is_string($variable) || !str_contains($variable, '=')) { + error_log("Invalid input: '$variable' is not a string or does not contain an equal sign ('=')"); + continue; + } $keyWithValue = $confManager->replaceEnvPlaceholders($variable); - [$key, $value] = explode('=', $keyWithValue, 2); - // Set if there's an attribute corresponding to the key. - if (isset($key, $confManager->$key)) { + // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case + // the check for an equal sign from above gets changed). + [$key, $value] = explode('=', $keyWithValue, 2) + [null, null]; + if ($value === null) { + error_log("Invalid input: '$keyWithValue' has no value after the equal sign"); + } else if (!property_exists($confManager, $key)) { + error_log("Error: '$key' is not a valid configuration key (in '$keyWithValue')"); + } else { $confManager->$key = $value; } } From 6bf45fb5072788a4926a4c3175f996b97b10fc10 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Wed, 21 Jan 2026 13:11:45 +0100 Subject: [PATCH 0986/1064] A script to list AIO variables that are configurable through `aio_variables` in community containers Signed-off-by: Pablo Zmdl --- get-configurable-aio-variables.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 get-configurable-aio-variables.sh diff --git a/get-configurable-aio-variables.sh b/get-configurable-aio-variables.sh new file mode 100755 index 00000000..44536bd3 --- /dev/null +++ b/get-configurable-aio-variables.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +awk '/^ public [^f][^u][^n]/ { sub(/\$/, "", $3); print $3 }' php/src/Data/ConfigurationManager.php | sort From 76d475f2b249aa6447b96d89a1eae56875fb8b34 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 16:40:45 +0100 Subject: [PATCH 0987/1064] Replace setMultiple() by startTransaction() and commitTransaction() Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 33 ++++----- php/src/Data/ConfigurationManager.php | 96 +++++++++++++------------ 2 files changed, 68 insertions(+), 61 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index c60efda5..7078b71f 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -123,11 +123,11 @@ readonly class DockerController { } public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response { - $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) use ($request) { - $confManager->backupMode = 'restore'; - $confManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? ''; - $confManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']); - }); + $this->configurationManager->startTransaction(); + $this->configurationManager->backupMode = 'restore'; + $this->configurationManager->selectedRestoreTime = $request->getParsedBody()['selected_restore_time'] ?? ''; + $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']); + $this->configurationManager->commitTransaction(); $id = self::TOP_CONTAINER; $forceStopNextcloud = true; @@ -152,10 +152,10 @@ readonly class DockerController { } public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response { - $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) { - $confManager->backupMode = 'test'; - $confManager->instance_restore_attempt = false; - }); + $this->configurationManager->startTransaction(); + $this->configurationManager->backupMode = 'test'; + $this->configurationManager->instance_restore_attempt = false; + $this->configurationManager->commitTransaction(); $id = self::TOP_CONTAINER; $this->PerformRecursiveContainerStop($id); @@ -177,13 +177,14 @@ readonly class DockerController { $port = 443; } - $this->configurationManager->setMultiple(function (ConfigurationManager $confManager) use ($request, $host, $port, $path) { - $confManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']); - // set AIO_URL - $confManager->AIO_URL = $host . ':' . (string)$port . $path; - // set wasStartButtonClicked - $confManager->wasStartButtonClicked = true; - }); + $this->configurationManager->startTransaction(); + $this->configurationManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']); + // set AIO_URL + $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path; + // set wasStartButtonClicked + $this->configurationManager->wasStartButtonClicked = true; + $this->configurationManager->commitTransaction(); + // Do not pull container images in case 'bypass_container_update' is set via url params // Needed for local testing $pullImage = !isset($request->getParsedBody()['bypass_container_update']); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 2863d6e8..2caf7849 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -193,21 +193,26 @@ class ConfigurationManager private function set(string $key, mixed $value) : void { $this->GetConfig(); $this->config[$key] = $value; - // Only write if this isn't called via setMultiple(). + // Only write if this isn't called in between startTransaction() and commitTransaction(). if ($this->noWrite !== true) { $this->WriteConfig(); } } /** - * This allows to assign multiple attributes without saving the config to disk in between (as would - * calling set() do). + * This allows to assign multiple attributes without saving the config to disk in between. It must be + * followed by a call to commitTransaction(), which then writes all changes to disk. */ - public function setMultiple(\Closure $closure) : void { + public function startTransaction() : void { + $this->GetConfig(); $this->noWrite = true; + } + + /** + * This allows to assign multiple attributes without saving the config to disk in between. + */ + public function commitTransaction() : void { try { - $this->GetConfig(); - $closure($this); $this->WriteConfig(); } finally { $this->noWrite = false; @@ -419,13 +424,14 @@ class ConfigurationManager } } - $this->setMultiple(function (ConfigurationManager $confManager) use ($domain) { - // Write domain - // Don't set the domain via the attribute, or we create a loop. - $confManager->set('domain', $domain); - // Reset the borg restore password when setting the domain - $confManager->borg_restore_password = ''; - }); + $this->startTransaction(); + // Write domain + // Don't set the domain via the attribute, or we create a loop. + $this->set('domain', $domain); + // Reset the borg restore password when setting the domain + $this->borg_restore_password = ''; + $this->startTransaction(); + $this->commitTransaction(); } public function GetBaseDN() : string { @@ -441,10 +447,10 @@ class ConfigurationManager */ public function SetBorgLocationVars(string $location, string $repo) : void { $this->ValidateBorgLocationVars($location, $repo); - $this->setMultiple(function (ConfigurationManager $confManager) use ($location, $repo) { - $confManager->borg_backup_host_location = $location; - $confManager->borg_remote_repo = $repo; - }); + $this->startTransaction(); + $this->borg_backup_host_location = $location; + $this->borg_remote_repo = $repo; + $this->commitTransaction(); } private function ValidateBorgLocationVars(string $location, string $repo) : void { @@ -490,10 +496,10 @@ class ConfigurationManager public function DeleteBorgBackupLocationItems() : void { // Delete the variables - $this->setMultiple(function (ConfigurationManager $confManager) { - $confManager->borg_backup_host_location = ''; - $confManager->borg_remote_repo = ''; - }); + $this->startTransaction(); + $this->borg_backup_host_location = ''; + $this->borg_remote_repo = ''; + $this->commitTransaction(); // Also delete the borg config file to be able to start over if (file_exists(DataConst::GetBackupKeyFile())) { @@ -513,12 +519,12 @@ class ConfigurationManager throw new InvalidSettingConfigurationException("Please enter the password!"); } - $this->setMultiple(function (ConfigurationManager $confManager) use ($location, $repo, $password) { - $confManager->borg_backup_host_location = $location; - $confManager->borg_remote_repo = $repo; - $confManager->borg_restore_password = $password; - $confManager->instance_restore_attempt = true; - }); + $this->startTransaction(); + $this->borg_backup_host_location = $location; + $this->borg_remote_repo = $repo; + $this->borg_restore_password = $password; + $this->instance_restore_attempt = true; + $this->commitTransaction(); } /** @@ -976,25 +982,25 @@ class ConfigurationManager if ($input === []) { return; } - $this->setMultiple(function(ConfigurationManager $confManager) use ($input) { - foreach ($input as $variable) { - if (!is_string($variable) || !str_contains($variable, '=')) { - error_log("Invalid input: '$variable' is not a string or does not contain an equal sign ('=')"); - continue; - } - $keyWithValue = $confManager->replaceEnvPlaceholders($variable); - // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case - // the check for an equal sign from above gets changed). - [$key, $value] = explode('=', $keyWithValue, 2) + [null, null]; - if ($value === null) { - error_log("Invalid input: '$keyWithValue' has no value after the equal sign"); - } else if (!property_exists($confManager, $key)) { - error_log("Error: '$key' is not a valid configuration key (in '$keyWithValue')"); - } else { - $confManager->$key = $value; - } + $this->startTransaction(); + foreach ($input as $variable) { + if (!is_string($variable) || !str_contains($variable, '=')) { + error_log("Invalid input: '$variable' is not a string or does not contain an equal sign ('=')"); + continue; } - }); + $keyWithValue = $confManager->replaceEnvPlaceholders($variable); + // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case + // the check for an equal sign from above gets changed). + [$key, $value] = explode('=', $keyWithValue, 2) + [null, null]; + if ($value === null) { + error_log("Invalid input: '$keyWithValue' has no value after the equal sign"); + } else if (!property_exists($confManager, $key)) { + error_log("Error: '$key' is not a valid configuration key (in '$keyWithValue')"); + } else { + $confManager->$key = $value; + } + } + $this->commitTransaction(); } // From dac5cfd917b8d7f7b748facf20874679e886cb36 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 16:43:41 +0100 Subject: [PATCH 0988/1064] Don't write the default value to disk This matches the previous behaviour and should not be changed silently. Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 1 - 1 file changed, 1 deletion(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 2caf7849..d25e4a91 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -591,7 +591,6 @@ class ConfigurationManager $configValue = $this->get($configName, ''); if ($envVariableOutput === false) { if ($configValue === '') { - $this->set($configName, $defaultValue); return $defaultValue; } return $configValue; From 3bb2ce6e4cc979dc772c410e9ac568ed515f1271 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 16:55:15 +0100 Subject: [PATCH 0989/1064] Type-cast get values to fix handling old config data Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 36 ++++++++++++++++++--------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d25e4a91..b7916b16 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -24,17 +24,20 @@ class ConfigurationManager } public bool $isDockerSocketProxyEnabled { - get => $this->get('isDockerSocketProxyEnabled', false); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->get('isDockerSocketProxyEnabled', false); set { $this->set('isDockerSocketProxyEnabled', $value); } } public bool $isWhiteboardEnabled { - get => $this->get('isWhiteboardEnabled', true); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->get('isWhiteboardEnabled', true); set { $this->set('isWhiteboardEnabled', $value); } } public bool $restoreExcludePreviews { - get => $this->get('restore-exclude-previews', false); + // Type-cast because old configs could have '1'/'' for this key. + get => (bool) $this->get('restore-exclude-previews', false); set { $this->set('restore-exclude-previews', $value); } } @@ -49,7 +52,8 @@ class ConfigurationManager } public bool $instance_restore_attempt { - get => $this->get('instance_restore_attempt', false); + // Type-cast because old configs could have 1/'' for this key. + get => (bool) $this->get('instance_restore_attempt', false); set { $this->set('instance_restore_attempt', $value); } } @@ -59,7 +63,8 @@ class ConfigurationManager } public bool $wasStartButtonClicked { - get => $this->get('wasStartButtonClicked', false); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->get('wasStartButtonClicked', false); set { $this->set('wasStartButtonClicked', $value); } } @@ -69,37 +74,44 @@ class ConfigurationManager } public bool $isClamavEnabled { - get => $this->get('isClamavEnabled', false); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->get('isClamavEnabled', false); set { $this->set('isClamavEnabled', $value); } } public bool $isOnlyofficeEnabled { - get => $this->get('isOnlyofficeEnabled', false); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->get('isOnlyofficeEnabled', false); set { $this->set('isOnlyofficeEnabled', $value); } } public bool $isCollaboraEnabled { - get => $this->get('isCollaboraEnabled', true); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->get('isCollaboraEnabled', true); set { $this->set('isCollaboraEnabled', $value); } } public bool $isTalkEnabled { - get => $this->get('isTalkEnabled', true); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->get('isTalkEnabled', true); set { $this->set('isTalkEnabled', $value); } } public bool $isTalkRecordingEnabled { - get => $this->isTalkEnabled && $this->get('isTalkRecordingEnabled', false); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->isTalkEnabled && $this->get('isTalkRecordingEnabled', false); set { $this->set('isTalkRecordingEnabled', $this->isTalkEnabled && $value); } } public bool $isImaginaryEnabled { - get => $this->get('isImaginaryEnabled', true); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->get('isImaginaryEnabled', true); set { $this->set('isImaginaryEnabled', $value); } } public bool $isFulltextsearchEnabled { - get => $this->get('isFulltextsearchEnabled', false); + // Type-cast because old configs could have 1/0 for this key. + get => (bool) $this->get('isFulltextsearchEnabled', false); // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768 set { $this->set('isFulltextsearchEnabled', ($this->isSeccompDisabled() && $value)); } } From 27fd1e82ab74ffa7acf74eefae7b26f1ec7d8724 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:10:21 +0100 Subject: [PATCH 0990/1064] Turn install_latest_major property into a string so we can save a version string or number I chose a string instead of an integer so we have more freedom what to actually save (maybe we want to include minor version digits at one point). Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 8 +++++++- php/src/Data/ConfigurationManager.php | 7 ++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 7078b71f..47c6c259 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -177,8 +177,14 @@ readonly class DockerController { $port = 443; } + if (isset($request->getParsedBody()['install_latest_major'])) { + $install_latest_major = '32'; + } else { + $install_latest_major = ''; + } + $this->configurationManager->startTransaction(); - $this->configurationManager->install_latest_major = isset($request->getParsedBody()['install_latest_major']); + $this->configurationManager->install_latest_major = $install_latest_major; // set AIO_URL $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path; // set wasStartButtonClicked diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index b7916b16..7ca0f8bc 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -68,8 +68,9 @@ class ConfigurationManager set { $this->set('wasStartButtonClicked', $value); } } - public bool $install_latest_major { - get => $this->get('install_latest_major', false); + public string $install_latest_major { + // Type-cast because old configs could have integers for this key. + get => (string) $this->get('install_latest_major', ''); set { $this->set('install_latest_major', $value); } } @@ -1080,7 +1081,7 @@ class ConfigurationManager 'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(), 'NEXTCLOUD_ADDITIONAL_APKS' => $this->GetNextcloudAdditionalApks(), 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(), - 'INSTALL_LATEST_MAJOR' => $this->install_latest_major ? 'yes' : '', + 'INSTALL_LATEST_MAJOR' => $this->install_latest_major, 'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '', // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), From dd5d51cb2a1ef50944e161f2c9e5b4f02808d926 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:12:45 +0100 Subject: [PATCH 0991/1064] Camelize property AIO_TOKEN => aioToken Signed-off-by: Pablo Zmdl --- php/src/Auth/AuthManager.php | 2 +- php/src/Controller/DockerController.php | 2 +- php/src/Data/ConfigurationManager.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php index 1d558aed..f6ab0d10 100644 --- a/php/src/Auth/AuthManager.php +++ b/php/src/Auth/AuthManager.php @@ -19,7 +19,7 @@ readonly class AuthManager { } public function CheckToken(string $token) : bool { - return hash_equals($this->configurationManager->AIO_TOKEN, $token); + return hash_equals($this->configurationManager->aioToken, $token); } public function SetAuthState(bool $isLoggedIn) : void { diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 47c6c259..862665c3 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -208,7 +208,7 @@ readonly class DockerController { } public function startTopContainer(bool $pullImage) : void { - $this->configurationManager->AIO_TOKEN = bin2hex(random_bytes(24)); + $this->configurationManager->aioToken = bin2hex(random_bytes(24)); // Stop domaincheck since apache would not be able to start otherwise $this->StopDomaincheckContainer(); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 7ca0f8bc..340e59d9 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -13,7 +13,7 @@ class ConfigurationManager private bool $noWrite = false; - public string $AIO_TOKEN { + public string $aioToken { get => $this->get('AIO_TOKEN', ''); set { $this->set('AIO_TOKEN', $value); } } @@ -1045,7 +1045,7 @@ class ConfigurationManager return match ($placeholder) { 'NC_DOMAIN' => $this->domain, 'NC_BASE_DN' => $this->GetBaseDN(), - 'AIO_TOKEN' => $this->AIO_TOKEN, + 'AIO_TOKEN' => $this->aioToken, 'BORGBACKUP_REMOTE_REPO' => $this->borg_remote_repo, 'BORGBACKUP_MODE' => $this->backupMode, 'AIO_URL' => $this->AIO_URL, From 62a21dd34a1bf8f9c346d92c585c8653b37c9a4d Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:16:02 +0100 Subject: [PATCH 0992/1064] Camelize property instance_restore_attempt => instanceRestoreAttempt Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Controller/DockerController.php | 2 +- php/src/Data/ConfigurationManager.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index d4f4799f..7037946a 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -103,7 +103,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'has_backup_run_once' => $configurationManager->hasBackupRunOnce(), 'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(), 'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(), - 'is_instance_restore_attempt' => $configurationManager->instance_restore_attempt, + 'is_instance_restore_attempt' => $configurationManager->instanceRestoreAttempt, 'borg_backup_mode' => $configurationManager->backupMode, 'was_start_button_clicked' => $configurationManager->wasStartButtonClicked, 'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(), diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 862665c3..c420bba3 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -154,7 +154,7 @@ readonly class DockerController { public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response { $this->configurationManager->startTransaction(); $this->configurationManager->backupMode = 'test'; - $this->configurationManager->instance_restore_attempt = false; + $this->configurationManager->instanceRestoreAttempt = false; $this->configurationManager->commitTransaction(); $id = self::TOP_CONTAINER; diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 340e59d9..94e8ae71 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -51,7 +51,7 @@ class ConfigurationManager set { $this->set('backup-mode', $value); } } - public bool $instance_restore_attempt { + public bool $instanceRestoreAttempt { // Type-cast because old configs could have 1/'' for this key. get => (bool) $this->get('instance_restore_attempt', false); set { $this->set('instance_restore_attempt', $value); } @@ -536,7 +536,7 @@ class ConfigurationManager $this->borg_backup_host_location = $location; $this->borg_remote_repo = $repo; $this->borg_restore_password = $password; - $this->instance_restore_attempt = true; + $this->instanceRestoreAttempt = true; $this->commitTransaction(); } From 68f811b25f690af648d5c178238791d76b561719 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:17:54 +0100 Subject: [PATCH 0993/1064] Camelize property AIO_URL => aioUrl Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 2 +- php/src/Data/ConfigurationManager.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index c420bba3..2bff0295 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -186,7 +186,7 @@ readonly class DockerController { $this->configurationManager->startTransaction(); $this->configurationManager->install_latest_major = $install_latest_major; // set AIO_URL - $this->configurationManager->AIO_URL = $host . ':' . (string)$port . $path; + $this->configurationManager->aioUrl = $host . ':' . (string)$port . $path; // set wasStartButtonClicked $this->configurationManager->wasStartButtonClicked = true; $this->configurationManager->commitTransaction(); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 94e8ae71..eaf944af 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -57,7 +57,7 @@ class ConfigurationManager set { $this->set('instance_restore_attempt', $value); } } - public string $AIO_URL { + public string $aioUrl { get => $this->get('AIO_URL', ''); set { $this->set('AIO_URL', $value); } } @@ -1048,7 +1048,7 @@ class ConfigurationManager 'AIO_TOKEN' => $this->aioToken, 'BORGBACKUP_REMOTE_REPO' => $this->borg_remote_repo, 'BORGBACKUP_MODE' => $this->backupMode, - 'AIO_URL' => $this->AIO_URL, + 'AIO_URL' => $this->aioUrl, 'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime, 'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '', 'APACHE_PORT' => $this->apache_port, From 2425a0777234a341337af57c347094eebef7712e Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:19:10 +0100 Subject: [PATCH 0994/1064] Camelize property install_latest_major => installLatestMajor Signed-off-by: Pablo Zmdl --- php/src/Controller/DockerController.php | 6 +++--- php/src/Data/ConfigurationManager.php | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 2bff0295..81b920d0 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -178,13 +178,13 @@ readonly class DockerController { } if (isset($request->getParsedBody()['install_latest_major'])) { - $install_latest_major = '32'; + $installLatestMajor = '32'; } else { - $install_latest_major = ''; + $installLatestMajor = ''; } $this->configurationManager->startTransaction(); - $this->configurationManager->install_latest_major = $install_latest_major; + $this->configurationManager->installLatestMajor = $installLatestMajor; // set AIO_URL $this->configurationManager->aioUrl = $host . ':' . (string)$port . $path; // set wasStartButtonClicked diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index eaf944af..5ccf4b88 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -68,7 +68,7 @@ class ConfigurationManager set { $this->set('wasStartButtonClicked', $value); } } - public string $install_latest_major { + public string $installLatestMajor { // Type-cast because old configs could have integers for this key. get => (string) $this->get('install_latest_major', ''); set { $this->set('install_latest_major', $value); } @@ -1081,7 +1081,7 @@ class ConfigurationManager 'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(), 'NEXTCLOUD_ADDITIONAL_APKS' => $this->GetNextcloudAdditionalApks(), 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(), - 'INSTALL_LATEST_MAJOR' => $this->install_latest_major, + 'INSTALL_LATEST_MAJOR' => $this->installLatestMajor, 'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '', // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), From 62856e78bbaee7584a9ad9e6a255e6ec33aed06a Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:21:07 +0100 Subject: [PATCH 0995/1064] Camelize property borg_backup_host_location => borgBackupHostLocation Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 2 +- php/src/Data/ConfigurationManager.php | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 7037946a..7e3a3842 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -93,7 +93,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ return $view->render($response, 'containers.twig', [ 'domain' => $configurationManager->domain, 'apache_port' => $configurationManager->apache_port, - 'borg_backup_host_location' => $configurationManager->borg_backup_host_location, + 'borg_backup_host_location' => $configurationManager->borgBackupHostLocation, 'borg_remote_repo' => $configurationManager->borg_remote_repo, 'borg_public_key' => $configurationManager->GetBorgPublicKey(), 'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'), diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 22309da8..84cd4d89 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -113,7 +113,7 @@ readonly class ContainerDefinitionFetcher { if (isset($entry['volumes'])) { foreach ($entry['volumes'] as $value) { if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') { - $value['source'] = $this->configurationManager->borg_backup_host_location; + $value['source'] = $this->configurationManager->borgBackupHostLocation; if($value['source'] === '') { continue; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 5ccf4b88..e7e830cc 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -122,7 +122,7 @@ class ConfigurationManager set { $this->SetDomain($value); } } - public string $borg_backup_host_location { + public string $borgBackupHostLocation { get => $this->get('borg_backup_host_location', ''); set { $this->set('borg_backup_host_location', $value); } } @@ -461,7 +461,7 @@ class ConfigurationManager public function SetBorgLocationVars(string $location, string $repo) : void { $this->ValidateBorgLocationVars($location, $repo); $this->startTransaction(); - $this->borg_backup_host_location = $location; + $this->borgBackupHostLocation = $location; $this->borg_remote_repo = $repo; $this->commitTransaction(); } @@ -510,7 +510,7 @@ class ConfigurationManager public function DeleteBorgBackupLocationItems() : void { // Delete the variables $this->startTransaction(); - $this->borg_backup_host_location = ''; + $this->borgBackupHostLocation = ''; $this->borg_remote_repo = ''; $this->commitTransaction(); @@ -533,7 +533,7 @@ class ConfigurationManager } $this->startTransaction(); - $this->borg_backup_host_location = $location; + $this->borgBackupHostLocation = $location; $this->borg_remote_repo = $repo; $this->borg_restore_password = $password; $this->instanceRestoreAttempt = true; @@ -1075,7 +1075,7 @@ class ConfigurationManager 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(), 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(), 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', - 'BORGBACKUP_HOST_LOCATION' => $this->borg_backup_host_location, + 'BORGBACKUP_HOST_LOCATION' => $this->borgBackupHostLocation, 'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()), 'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(), 'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(), From 284411c3695bf10c81d24bc8c16d36263578ce0c Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:22:14 +0100 Subject: [PATCH 0996/1064] Camelize property borg_remote_repo => borgRemoteRepo Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 7e3a3842..eafa994b 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -94,7 +94,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'domain' => $configurationManager->domain, 'apache_port' => $configurationManager->apache_port, 'borg_backup_host_location' => $configurationManager->borgBackupHostLocation, - 'borg_remote_repo' => $configurationManager->borg_remote_repo, + 'borg_remote_repo' => $configurationManager->borgRemoteRepo, 'borg_public_key' => $configurationManager->GetBorgPublicKey(), 'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'), 'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e7e830cc..08924d14 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -127,7 +127,7 @@ class ConfigurationManager set { $this->set('borg_backup_host_location', $value); } } - public string $borg_remote_repo { + public string $borgRemoteRepo { get => $this->get('borg_remote_repo', ''); set { $this->set('borg_remote_repo', $value); } } @@ -462,7 +462,7 @@ class ConfigurationManager $this->ValidateBorgLocationVars($location, $repo); $this->startTransaction(); $this->borgBackupHostLocation = $location; - $this->borg_remote_repo = $repo; + $this->borgRemoteRepo = $repo; $this->commitTransaction(); } @@ -511,7 +511,7 @@ class ConfigurationManager // Delete the variables $this->startTransaction(); $this->borgBackupHostLocation = ''; - $this->borg_remote_repo = ''; + $this->borgRemoteRepo = ''; $this->commitTransaction(); // Also delete the borg config file to be able to start over @@ -534,7 +534,7 @@ class ConfigurationManager $this->startTransaction(); $this->borgBackupHostLocation = $location; - $this->borg_remote_repo = $repo; + $this->borgRemoteRepo = $repo; $this->borg_restore_password = $password; $this->instanceRestoreAttempt = true; $this->commitTransaction(); @@ -1046,7 +1046,7 @@ class ConfigurationManager 'NC_DOMAIN' => $this->domain, 'NC_BASE_DN' => $this->GetBaseDN(), 'AIO_TOKEN' => $this->aioToken, - 'BORGBACKUP_REMOTE_REPO' => $this->borg_remote_repo, + 'BORGBACKUP_REMOTE_REPO' => $this->borgRemoteRepo, 'BORGBACKUP_MODE' => $this->backupMode, 'AIO_URL' => $this->aioUrl, 'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime, From 5cac2dcf12531b9631f06ba321a203059f5bd44c Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:23:21 +0100 Subject: [PATCH 0997/1064] Camelize property borg_restore_password => borgRestorePassword Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index eafa994b..5e8ddbb8 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -114,7 +114,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled, 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled, 'is_talk_enabled' => $configurationManager->isTalkEnabled, - 'borg_restore_password' => $configurationManager->borg_restore_password, + 'borg_restore_password' => $configurationManager->borgRestorePassword, 'daily_backup_time' => $configurationManager->GetDailyBackupTime(), 'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(), 'timezone' => $configurationManager->timezone, diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 08924d14..a2dd399d 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -132,7 +132,7 @@ class ConfigurationManager set { $this->set('borg_remote_repo', $value); } } - public string $borg_restore_password { + public string $borgRestorePassword { get => $this->get('borg_restore_password', ''); set { $this->set('borg_restore_password', $value); } } @@ -442,7 +442,7 @@ class ConfigurationManager // Don't set the domain via the attribute, or we create a loop. $this->set('domain', $domain); // Reset the borg restore password when setting the domain - $this->borg_restore_password = ''; + $this->borgRestorePassword = ''; $this->startTransaction(); $this->commitTransaction(); } @@ -535,7 +535,7 @@ class ConfigurationManager $this->startTransaction(); $this->borgBackupHostLocation = $location; $this->borgRemoteRepo = $repo; - $this->borg_restore_password = $password; + $this->borgRestorePassword = $password; $this->instanceRestoreAttempt = true; $this->commitTransaction(); } @@ -1056,7 +1056,7 @@ class ConfigurationManager 'TALK_PORT' => $this->talk_port, 'TURN_DOMAIN' => $this->turn_domain, 'NEXTCLOUD_MOUNT' => $this->nextcloud_mount, - 'BACKUP_RESTORE_PASSWORD' => $this->borg_restore_password, + 'BACKUP_RESTORE_PASSWORD' => $this->borgRestorePassword, 'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '', 'TALK_RECORDING_ENABLED' => $this->isTalkRecordingEnabled ? 'yes' : '', 'ONLYOFFICE_ENABLED' => $this->isOnlyofficeEnabled ? 'yes' : '', From f17db4fac17b4051e24650b9fd1007ddaac3e6c5 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:25:14 +0100 Subject: [PATCH 0998/1064] Camelize property apache_ip_binding => apacheIpBinding Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 4 ++-- php/src/Docker/DockerActionManager.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index a2dd399d..e80073c3 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -137,7 +137,7 @@ class ConfigurationManager set { $this->set('borg_restore_password', $value); } } - public string $apache_ip_binding { + public string $apacheIpBinding { get => $this->GetEnvironmentalVariableOrConfig('APACHE_IP_BINDING', 'apache_ip_binding', ''); set { $this->set('apache_ip_binding', $value); } } @@ -1052,7 +1052,7 @@ class ConfigurationManager 'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime, 'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '', 'APACHE_PORT' => $this->apache_port, - 'APACHE_IP_BINDING' => $this->apache_ip_binding, + 'APACHE_IP_BINDING' => $this->apacheIpBinding, 'TALK_PORT' => $this->talk_port, 'TURN_DOMAIN' => $this->turn_domain, 'NEXTCLOUD_MOUNT' => $this->nextcloud_mount, diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 832480c2..5ae45044 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -289,7 +289,7 @@ readonly class DockerActionManager { } $ipBinding = $value->ipBinding; if ($ipBinding === '%APACHE_IP_BINDING%') { - $ipBinding = $this->configurationManager->apache_ip_binding; + $ipBinding = $this->configurationManager->apacheIpBinding; // Do not expose if AIO is in internal network mode if ($ipBinding === '@INTERNAL') { continue; From 41c92b814fde85bc509a7c51849b3c79dbbd87b6 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:33:24 +0100 Subject: [PATCH 0999/1064] Camelize key names from aio_variables from container specs Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e80073c3..3eba45f5 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -989,6 +989,11 @@ class ConfigurationManager return true; } } + + private function camelize(string $input, string $delimiter = '_') : string { + return lcfirst(implode("", array_map('ucfirst', explode($delimiter, strtolower($input))))); + + } public function setAioVariables(array $input) : void { if ($input === []) { @@ -1004,6 +1009,7 @@ class ConfigurationManager // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case // the check for an equal sign from above gets changed). [$key, $value] = explode('=', $keyWithValue, 2) + [null, null]; + $key = $this->camelize($key); if ($value === null) { error_log("Invalid input: '$keyWithValue' has no value after the equal sign"); } else if (!property_exists($confManager, $key)) { From efe8317446c5020c131e2b9a402439b1ccfab688 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:34:33 +0100 Subject: [PATCH 1000/1064] Camelize property nextcloud_max_time => nextcloudMaxTime Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 5e8ddbb8..a9758b24 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -130,7 +130,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount, 'nextcloud_mount' => $configurationManager->nextcloud_mount, 'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit, - 'nextcloud_max_time' => $configurationManager->nextcloud_max_time, + 'nextcloud_max_time' => $configurationManager->nextcloudMaxTime, 'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit, 'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(), 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 3eba45f5..ff30751c 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -652,7 +652,7 @@ class ConfigurationManager return $uploadLimit * 1024 * 1024 * 1024; } - public string $nextcloud_max_time { + public string $nextcloudMaxTime { get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600'); set { $this->set('nextcloud_max_time', $value); } } @@ -1076,7 +1076,7 @@ class ConfigurationManager 'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '', 'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloud_upload_limit, 'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloud_memory_limit, - 'NEXTCLOUD_MAX_TIME' => $this->nextcloud_max_time, + 'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime, 'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(), 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(), 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(), From 5373471ed8f5671f59010f3ed6f9b16ed79dba67 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:35:52 +0100 Subject: [PATCH 1001/1064] Camelize property collabora_dictionaries => collaboraDictionaries Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Controller/ConfigurationController.php | 2 +- php/src/Data/ConfigurationManager.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index a9758b24..3aded9d0 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -120,7 +120,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'timezone' => $configurationManager->timezone, 'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation), 'talk_port' => $configurationManager->talk_port, - 'collabora_dictionaries' => $configurationManager->collabora_dictionaries, + 'collabora_dictionaries' => $configurationManager->collaboraDictionaries, 'collabora_additional_options' => $configurationManager->collabora_additional_options, 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), 'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(), diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index a1132981..27c83e11 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -117,7 +117,7 @@ readonly class ConfigurationController { if (isset($request->getParsedBody()['collabora_dictionaries'])) { $collaboraDictionaries = $request->getParsedBody()['collabora_dictionaries'] ?? ''; - $this->configurationManager->collabora_dictionaries = $collaboraDictionaries; + $this->configurationManager->collaboraDictionaries = $collaboraDictionaries; } if (isset($request->getParsedBody()['delete_collabora_additional_options'])) { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index ff30751c..71238c4c 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -157,7 +157,7 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public string $collabora_dictionaries { + public string $collaboraDictionaries { get => $this->get('collabora_dictionaries', ''); set { // This throws an exception if the validation fails. @@ -1070,7 +1070,7 @@ class ConfigurationManager 'TALK_ENABLED' => $this->isTalkEnabled ? 'yes' : '', 'UPDATE_NEXTCLOUD_APPS' => ($this->isDailyBackupRunning() && $this->areAutomaticUpdatesEnabled()) ? 'yes' : '', 'TIMEZONE' => $this->timezone === '' ? 'Etc/UTC' : $this->timezone, - 'COLLABORA_DICTIONARIES' => $this->collabora_dictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->collabora_dictionaries, + 'COLLABORA_DICTIONARIES' => $this->collaboraDictionaries === '' ? 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru' : $this->collaboraDictionaries, 'IMAGINARY_ENABLED' => $this->isImaginaryEnabled ? 'yes' : '', 'FULLTEXTSEARCH_ENABLED' => $this->isFulltextsearchEnabled ? 'yes' : '', 'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '', From b49900150180786735ad66b0e35793f7e672cd5b Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:36:45 +0100 Subject: [PATCH 1002/1064] Camelize property collabora_additional_options => collaboraAdditionalOptions Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Controller/ConfigurationController.php | 2 +- php/src/Data/ConfigurationManager.php | 4 ++-- php/src/Docker/DockerActionManager.php | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 3aded9d0..cf17e612 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -121,7 +121,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation), 'talk_port' => $configurationManager->talk_port, 'collabora_dictionaries' => $configurationManager->collaboraDictionaries, - 'collabora_additional_options' => $configurationManager->collabora_additional_options, + 'collabora_additional_options' => $configurationManager->collaboraAdditionalOptions, 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), 'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(), 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled, diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 27c83e11..c396a508 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -126,7 +126,7 @@ readonly class ConfigurationController { if (isset($request->getParsedBody()['collabora_additional_options'])) { $additionalCollaboraOptions = $request->getParsedBody()['collabora_additional_options'] ?? ''; - $this->configurationManager->collabora_additional_options = $additionalCollaboraOptions; + $this->configurationManager->collaboraAdditionalOptions = $additionalCollaboraOptions; } if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 71238c4c..1dcc147d 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -169,7 +169,7 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public string $collabora_additional_options { + public string $collaboraAdditionalOptions { get => $this->get('collabora_additional_options', ''); set { // This throws an exception if the validation fails. @@ -882,7 +882,7 @@ class ConfigurationManager } public function isCollaboraSubscriptionEnabled() : bool { - return str_contains($this->collabora_additional_options, '--o:support_key='); + return str_contains($this->collaboraAdditionalOptions, '--o:support_key='); } /** diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 5ae45044..9e52fb5b 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -419,8 +419,8 @@ readonly class DockerActionManager { } // Additional Collabora options - if ($this->configurationManager->collabora_additional_options !== '') { - $requestBody['Cmd'] = [$this->configurationManager->collabora_additional_options]; + if ($this->configurationManager->collaboraAdditionalOptions !== '') { + $requestBody['Cmd'] = [$this->configurationManager->collaboraAdditionalOptions]; } } From c4aa148bff296e87edf7ff810d3973dfc4690375 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:37:36 +0100 Subject: [PATCH 1003/1064] Camelize property aio_community_containers => aioCommunityContainers Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 2 +- php/src/Controller/ConfigurationController.php | 2 +- php/src/Data/ConfigurationManager.php | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index cf17e612..fedd7c2e 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -138,7 +138,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled, 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled, 'community_containers' => $configurationManager->listAvailableCommunityContainers(), - 'community_containers_enabled' => $configurationManager->aio_community_containers, + 'community_containers_enabled' => $configurationManager->aioCommunityContainers, 'bypass_container_update' => $bypass_container_update, ]); })->setName('profile'); diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 84cd4d89..2884aa32 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -41,7 +41,7 @@ readonly class ContainerDefinitionFetcher { $data = json_decode((string)file_get_contents(DataConst::GetContainersDefinitionPath()), true, 512, JSON_THROW_ON_ERROR); $additionalContainerNames = []; - foreach ($this->configurationManager->aio_community_containers as $communityContainer) { + foreach ($this->configurationManager->aioCommunityContainers as $communityContainer) { if ($communityContainer !== '') { $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json'; $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR); diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index c396a508..8bf193e0 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -108,7 +108,7 @@ readonly class ConfigurationController { $enabledCC[] = $item; } } - $this->configurationManager->aio_community_containers = $enabledCC; + $this->configurationManager->aioCommunityContainers = $enabledCC; } if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) { diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 1dcc147d..9dc6589f 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -178,7 +178,7 @@ class ConfigurationManager } } - public array $aio_community_containers { + public array $aioCommunityContainers { get => explode(' ', $this->get('aio_community_containers', '')); set { $this->set('aio_community_containers', implode(' ', $value)); } } @@ -1092,7 +1092,7 @@ class ConfigurationManager // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), // Allow to get local ip-address of caddy container and add it to trusted proxies automatically - 'CADDY_IP_ADDRESS' => in_array('caddy', $this->aio_community_containers, true) ? gethostbyname('nextcloud-aio-caddy') : '', + 'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '', 'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '', default => $this->GetRegisteredSecret($placeholder), }; From 00ce78d703c8f7824eb76ba510f0a4f6c83da2c7 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:38:20 +0100 Subject: [PATCH 1004/1064] Camelize property turn_domain => turnDomain Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 9dc6589f..bfdcd689 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -183,7 +183,7 @@ class ConfigurationManager set { $this->set('aio_community_containers', implode(' ', $value)); } } - public string $turn_domain { + public string $turnDomain { get => $this->get('turn_domain', ''); set { $this->set('turn_domain', $value); } } @@ -1060,7 +1060,7 @@ class ConfigurationManager 'APACHE_PORT' => $this->apache_port, 'APACHE_IP_BINDING' => $this->apacheIpBinding, 'TALK_PORT' => $this->talk_port, - 'TURN_DOMAIN' => $this->turn_domain, + 'TURN_DOMAIN' => $this->turnDomain, 'NEXTCLOUD_MOUNT' => $this->nextcloud_mount, 'BACKUP_RESTORE_PASSWORD' => $this->borgRestorePassword, 'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '', From 567f072ee061a91cef464d52c39d85a63e5455d4 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:39:17 +0100 Subject: [PATCH 1005/1064] Camelize property apache_port => apachePort Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 6 +++--- php/src/Docker/DockerActionManager.php | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index fedd7c2e..b7d07f6a 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -92,7 +92,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ return $view->render($response, 'containers.twig', [ 'domain' => $configurationManager->domain, - 'apache_port' => $configurationManager->apache_port, + 'apache_port' => $configurationManager->apachePort, 'borg_backup_host_location' => $configurationManager->borgBackupHostLocation, 'borg_remote_repo' => $configurationManager->borgRemoteRepo, 'borg_public_key' => $configurationManager->GetBorgPublicKey(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index bfdcd689..984943db 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -381,7 +381,7 @@ class ConfigurationManager } // Get the apache port - $port = $this->apache_port; + $port = $this->apachePort; if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { if ($port === '443') { @@ -568,7 +568,7 @@ class ConfigurationManager $this->set('password', $newPassword); } - public string $apache_port { + public string $apachePort { get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443'); set { $this->set('apache_port', $value); } } @@ -1057,7 +1057,7 @@ class ConfigurationManager 'AIO_URL' => $this->aioUrl, 'SELECTED_RESTORE_TIME' => $this->selectedRestoreTime, 'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '', - 'APACHE_PORT' => $this->apache_port, + 'APACHE_PORT' => $this->apachePort, 'APACHE_IP_BINDING' => $this->apacheIpBinding, 'TALK_PORT' => $this->talk_port, 'TURN_DOMAIN' => $this->turnDomain, diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 9e52fb5b..d4eac6b7 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -115,7 +115,7 @@ readonly class DockerActionManager { $containerName = $container->identifier; $internalPort = $container->internalPorts; if ($internalPort === '%APACHE_PORT%') { - $internalPort = $this->configurationManager->apache_port; + $internalPort = $this->configurationManager->apachePort; } elseif ($internalPort === '%TALK_PORT%') { $internalPort = $this->configurationManager->talk_port; } @@ -253,7 +253,7 @@ readonly class DockerActionManager { $port = $value->port; $protocol = $value->protocol; if ($port === '%APACHE_PORT%') { - $port = $this->configurationManager->apache_port; + $port = $this->configurationManager->apachePort; // Do not expose udp if AIO is in reverse proxy mode if ($port !== '443' && $protocol === 'udp') { continue; @@ -275,7 +275,7 @@ readonly class DockerActionManager { $port = $value->port; $protocol = $value->protocol; if ($port === '%APACHE_PORT%') { - $port = $this->configurationManager->apache_port; + $port = $this->configurationManager->apachePort; // Do not expose udp if AIO is in reverse proxy mode if ($port !== '443' && $protocol === 'udp') { continue; From f7c5115c7015083f273eb3930e13518fb12b50f1 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:40:23 +0100 Subject: [PATCH 1006/1064] Camelize property talk_port => talkPort Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 4 ++-- php/src/Docker/DockerActionManager.php | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index b7d07f6a..16e2918e 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -119,7 +119,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(), 'timezone' => $configurationManager->timezone, 'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation), - 'talk_port' => $configurationManager->talk_port, + 'talk_port' => $configurationManager->talkPort, 'collabora_dictionaries' => $configurationManager->collaboraDictionaries, 'collabora_additional_options' => $configurationManager->collaboraAdditionalOptions, 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 984943db..d0c0020f 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -573,7 +573,7 @@ class ConfigurationManager set { $this->set('apache_port', $value); } } - public string $talk_port { + public string $talkPort { get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478'); set { $this->set('talk_port', $value); } } @@ -1059,7 +1059,7 @@ class ConfigurationManager 'RESTORE_EXCLUDE_PREVIEWS' => $this->restoreExcludePreviews ? '1' : '', 'APACHE_PORT' => $this->apachePort, 'APACHE_IP_BINDING' => $this->apacheIpBinding, - 'TALK_PORT' => $this->talk_port, + 'TALK_PORT' => $this->talkPort, 'TURN_DOMAIN' => $this->turnDomain, 'NEXTCLOUD_MOUNT' => $this->nextcloud_mount, 'BACKUP_RESTORE_PASSWORD' => $this->borgRestorePassword, diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index d4eac6b7..e66989ca 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -117,7 +117,7 @@ readonly class DockerActionManager { if ($internalPort === '%APACHE_PORT%') { $internalPort = $this->configurationManager->apachePort; } elseif ($internalPort === '%TALK_PORT%') { - $internalPort = $this->configurationManager->talk_port; + $internalPort = $this->configurationManager->talkPort; } if ($internalPort !== "" && $internalPort !== 'host') { @@ -259,7 +259,7 @@ readonly class DockerActionManager { continue; } } else if ($port === '%TALK_PORT%') { - $port = $this->configurationManager->talk_port; + $port = $this->configurationManager->talkPort; } $portWithProtocol = $port . '/' . $protocol; $exposedPorts[$portWithProtocol] = null; @@ -281,7 +281,7 @@ readonly class DockerActionManager { continue; } } else if ($port === '%TALK_PORT%') { - $port = $this->configurationManager->talk_port; + $port = $this->configurationManager->talkPort; // Skip publishing talk tcp port if it is set to 443 if ($port === '443' && $protocol === 'tcp') { continue; From f35a0b43679feceae4fee98876a7cf17c5eb2881 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:41:26 +0100 Subject: [PATCH 1007/1064] Camelize property nextcloud_mount => nextcloudMount Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 4 ++-- php/src/Data/ConfigurationManager.php | 4 ++-- php/src/Docker/DockerActionManager.php | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 16e2918e..6319f632 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -128,7 +128,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled, 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), 'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount, - 'nextcloud_mount' => $configurationManager->nextcloud_mount, + 'nextcloud_mount' => $configurationManager->nextcloudMount, 'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit, 'nextcloud_max_time' => $configurationManager->nextcloudMaxTime, 'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit, diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 2884aa32..7ef6827f 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -119,7 +119,7 @@ readonly class ContainerDefinitionFetcher { } } if($value['source'] === '%NEXTCLOUD_MOUNT%') { - $value['source'] = $this->configurationManager->nextcloud_mount; + $value['source'] = $this->configurationManager->nextcloudMount; if($value['source'] === '') { continue; } @@ -140,7 +140,7 @@ readonly class ContainerDefinitionFetcher { } } if ($value['destination'] === '%NEXTCLOUD_MOUNT%') { - $value['destination'] = $this->configurationManager->nextcloud_mount; + $value['destination'] = $this->configurationManager->nextcloudMount; if($value['destination'] === '') { continue; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d0c0020f..d5ce251d 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -626,7 +626,7 @@ class ConfigurationManager return trim((string)file_get_contents(DataConst::GetBackupPublicKey())); } - public string $nextcloud_mount { + public string $nextcloudMount { get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', ''); set { $this->set('nextcloud_mount', $value); } } @@ -1061,7 +1061,7 @@ class ConfigurationManager 'APACHE_IP_BINDING' => $this->apacheIpBinding, 'TALK_PORT' => $this->talkPort, 'TURN_DOMAIN' => $this->turnDomain, - 'NEXTCLOUD_MOUNT' => $this->nextcloud_mount, + 'NEXTCLOUD_MOUNT' => $this->nextcloudMount, 'BACKUP_RESTORE_PASSWORD' => $this->borgRestorePassword, 'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '', 'TALK_RECORDING_ENABLED' => $this->isTalkRecordingEnabled ? 'yes' : '', diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index e66989ca..12dd70ae 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -205,7 +205,7 @@ readonly class DockerActionManager { foreach ($container->volumes->GetVolumes() as $volume) { // // NEXTCLOUD_MOUNT gets added via bind-mount later on // if ($container->identifier === 'nextcloud-aio-nextcloud') { - // if ($volume->name === $this->configurationManager->nextcloud_mount) { + // if ($volume->name === $this->configurationManager->nextcloudMount) { // continue; // } // } From f5cf7903adfb4eec6e1906a86eb2aa7bdaad61d5 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:42:15 +0100 Subject: [PATCH 1008/1064] Camelize property nextcloud_datadir_mount => nextcloudDatadirMount Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/ContainerDefinitionFetcher.php | 2 +- php/src/Data/ConfigurationManager.php | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 6319f632..0db30a1b 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -127,7 +127,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled, 'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled, 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), - 'nextcloud_datadir' => $configurationManager->nextcloud_datadir_mount, + 'nextcloud_datadir' => $configurationManager->nextcloudDatadirMount, 'nextcloud_mount' => $configurationManager->nextcloudMount, 'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit, 'nextcloud_max_time' => $configurationManager->nextcloudMaxTime, diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 7ef6827f..3bbc37e2 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -124,7 +124,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') { - $value['source'] = $this->configurationManager->nextcloud_datadir_mount; + $value['source'] = $this->configurationManager->nextcloudDatadirMount; if ($value['source'] === '') { continue; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d5ce251d..d1701a39 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -487,8 +487,8 @@ class ConfigurationManager // Prevent backup to be contained in Nextcloud Datadir as this will delete the backup archive upon restore // See https://github.com/nextcloud/all-in-one/issues/6607 - if (str_starts_with($location . '/', rtrim($this->nextcloud_datadir_mount, '/') . '/')) { - throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->nextcloud_datadir_mount); + if (str_starts_with($location . '/', rtrim($this->nextcloudDatadirMount, '/') . '/')) { + throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->nextcloudDatadirMount); } } else { @@ -632,7 +632,7 @@ class ConfigurationManager } - public string $nextcloud_datadir_mount { + public string $nextcloudDatadirMount { get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data'); set { $this->set('nextcloud_datadir_mount', $value); } } From bbf41cfdd37b29d54b76dff4d67efe1e3df54b74 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:42:50 +0100 Subject: [PATCH 1009/1064] Camelize property nextcloud_upload_limit => nextcloudUploadLimit Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 0db30a1b..209f1d6d 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -129,7 +129,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), 'nextcloud_datadir' => $configurationManager->nextcloudDatadirMount, 'nextcloud_mount' => $configurationManager->nextcloudMount, - 'nextcloud_upload_limit' => $configurationManager->nextcloud_upload_limit, + 'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit, 'nextcloud_max_time' => $configurationManager->nextcloudMaxTime, 'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit, 'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d1701a39..ce547bf8 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -637,7 +637,7 @@ class ConfigurationManager set { $this->set('nextcloud_datadir_mount', $value); } } - public string $nextcloud_upload_limit { + public string $nextcloudUploadLimit { get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G'); set { $this->set('nextcloud_upload_limit', $value); } } @@ -648,7 +648,7 @@ class ConfigurationManager } public function GetApacheMaxSize() : int { - $uploadLimit = (int)rtrim($this->nextcloud_upload_limit, 'G'); + $uploadLimit = (int)rtrim($this->nextcloudUploadLimit, 'G'); return $uploadLimit * 1024 * 1024 * 1024; } @@ -1074,7 +1074,7 @@ class ConfigurationManager 'IMAGINARY_ENABLED' => $this->isImaginaryEnabled ? 'yes' : '', 'FULLTEXTSEARCH_ENABLED' => $this->isFulltextsearchEnabled ? 'yes' : '', 'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '', - 'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloud_upload_limit, + 'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloudUploadLimit, 'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloud_memory_limit, 'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime, 'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(), From 8b8f60f76bf5595c7ff606510d7f05213cf8a47d Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:43:22 +0100 Subject: [PATCH 1010/1064] Camelize property nextcloud_memory_limit => nextcloudMemoryLimit Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 209f1d6d..47c6bb7b 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -131,7 +131,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'nextcloud_mount' => $configurationManager->nextcloudMount, 'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit, 'nextcloud_max_time' => $configurationManager->nextcloudMaxTime, - 'nextcloud_memory_limit' => $configurationManager->nextcloud_memory_limit, + 'nextcloud_memory_limit' => $configurationManager->nextcloudMemoryLimit, 'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(), 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), 'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled, diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index ce547bf8..1530708a 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -642,7 +642,7 @@ class ConfigurationManager set { $this->set('nextcloud_upload_limit', $value); } } - public string $nextcloud_memory_limit { + public string $nextcloudMemoryLimit { get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M'); set { $this->set('nextcloud_memory_limit', $value); } } @@ -1075,7 +1075,7 @@ class ConfigurationManager 'FULLTEXTSEARCH_ENABLED' => $this->isFulltextsearchEnabled ? 'yes' : '', 'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '', 'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloudUploadLimit, - 'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloud_memory_limit, + 'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloudMemoryLimit, 'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime, 'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(), 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(), From 0ed83c52588f9ebaffcce44a17365fb81b1ae9ff Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 23 Jan 2026 17:45:19 +0100 Subject: [PATCH 1011/1064] Move get-configurable-aio-variables.sh into php/ folder Signed-off-by: Pablo Zmdl --- .../get-configurable-aio-variables.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename get-configurable-aio-variables.sh => php/get-configurable-aio-variables.sh (100%) diff --git a/get-configurable-aio-variables.sh b/php/get-configurable-aio-variables.sh similarity index 100% rename from get-configurable-aio-variables.sh rename to php/get-configurable-aio-variables.sh From 365e1e34e4bc27fd2f8b4fd959e4cfb453cb4f08 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:06:53 +0100 Subject: [PATCH 1012/1064] Make 'borgRetentionPolicy' an attribute Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 1530708a..ce3d321d 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -657,11 +657,9 @@ class ConfigurationManager set { $this->set('nextcloud_max_time', $value); } } - public function GetBorgRetentionPolicy() : string { - $envVariableName = 'BORG_RETENTION_POLICY'; - $configName = 'borg_retention_policy'; - $defaultValue = '--keep-within=7d --keep-weekly=4 --keep-monthly=6'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public string $borgRetentionPolicy { + get => $this->GetEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6'); + set { $this->set('borg_retention_policy', $value); } } public function GetFulltextsearchJavaOptions() : string { @@ -1077,7 +1075,7 @@ class ConfigurationManager 'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloudUploadLimit, 'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloudMemoryLimit, 'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime, - 'BORG_RETENTION_POLICY' => $this->GetBorgRetentionPolicy(), + 'BORG_RETENTION_POLICY' => $this->borgRetentionPolicy, 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(), 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(), 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', From bfa2b64674843ea14a6542a0078fbe8576776e25 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:07:53 +0100 Subject: [PATCH 1013/1064] Make 'fulltextsearchJavaOptions' an attribute Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index ce3d321d..41097c8d 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -662,11 +662,9 @@ class ConfigurationManager set { $this->set('borg_retention_policy', $value); } } - public function GetFulltextsearchJavaOptions() : string { - $envVariableName = 'FULLTEXTSEARCH_JAVA_OPTIONS'; - $configName = 'fulltextsearch_java_options'; - $defaultValue = '-Xms512M -Xmx512M'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public string $fulltextsearchJavaOptions { + get => $this->GetEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M'); + set { $this->set('fulltextsearch_java_options', $value); } } public function GetDockerSocketPath() : string { @@ -1076,7 +1074,7 @@ class ConfigurationManager 'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloudMemoryLimit, 'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime, 'BORG_RETENTION_POLICY' => $this->borgRetentionPolicy, - 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->GetFulltextsearchJavaOptions(), + 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->fulltextsearchJavaOptions, 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(), 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', 'BORGBACKUP_HOST_LOCATION' => $this->borgBackupHostLocation, From 63245430efa417d88ea7c13ffea433ea9bb069fe Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:08:44 +0100 Subject: [PATCH 1014/1064] Make 'dockerSocketPath' an attribute Signed-off-by: Pablo Zmdl --- php/src/ContainerDefinitionFetcher.php | 2 +- php/src/Data/ConfigurationManager.php | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 3bbc37e2..ead82363 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -129,7 +129,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value['source'] === '%WATCHTOWER_DOCKER_SOCKET_PATH%') { - $value['source'] = $this->configurationManager->GetDockerSocketPath(); + $value['source'] = $this->configurationManager->dockerSocketPath; if($value['source'] === '') { continue; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 41097c8d..090762ae 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -667,11 +667,9 @@ class ConfigurationManager set { $this->set('fulltextsearch_java_options', $value); } } - public function GetDockerSocketPath() : string { - $envVariableName = 'WATCHTOWER_DOCKER_SOCKET_PATH'; - $configName = 'docker_socket_path'; - $defaultValue = '/var/run/docker.sock'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public string $dockerSocketPath { + get => $this->GetEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock'); + set { $this->set('docker_socket_path', $value); } } public function GetTrustedCacertsDir() : string { From 4ad8fcf2581f7d39b2dda9912cd4f89e511fd328 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:09:32 +0100 Subject: [PATCH 1015/1064] Make 'trustedCacertsDir' an attribute Signed-off-by: Pablo Zmdl --- php/src/ContainerDefinitionFetcher.php | 2 +- php/src/Data/ConfigurationManager.php | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index ead82363..831a7bc5 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -134,7 +134,7 @@ readonly class ContainerDefinitionFetcher { continue; } } elseif ($value['source'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') { - $value['source'] = $this->configurationManager->GetTrustedCacertsDir(); + $value['source'] = $this->configurationManager->trustedCacertsDir; if($value['source'] === '') { continue; } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 090762ae..63862c91 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -672,11 +672,9 @@ class ConfigurationManager set { $this->set('docker_socket_path', $value); } } - public function GetTrustedCacertsDir() : string { - $envVariableName = 'NEXTCLOUD_TRUSTED_CACERTS_DIR'; - $configName = 'trusted_cacerts_dir'; - $defaultValue = ''; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public string $trustedCacertsDir { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', ''); + set { $this->set('trusted_cacerts_dir', $value); } } public function GetNextcloudAdditionalApks() : string { @@ -1073,7 +1071,7 @@ class ConfigurationManager 'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime, 'BORG_RETENTION_POLICY' => $this->borgRetentionPolicy, 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->fulltextsearchJavaOptions, - 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->GetTrustedCacertsDir(), + 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->trustedCacertsDir, 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', 'BORGBACKUP_HOST_LOCATION' => $this->borgBackupHostLocation, 'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()), From d50dc2db1de2a7fe741db56db2f8dc9f6ae7c62b Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:10:08 +0100 Subject: [PATCH 1016/1064] Make 'nextcloudAdditionalApks' an attribute Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 63862c91..6e62be77 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -677,11 +677,9 @@ class ConfigurationManager set { $this->set('trusted_cacerts_dir', $value); } } - public function GetNextcloudAdditionalApks() : string { - $envVariableName = 'NEXTCLOUD_ADDITIONAL_APKS'; - $configName = 'nextcloud_additional_apks'; - $defaultValue = 'imagemagick'; - return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue)); + public string $nextcloudAdditionalApks { + get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick')); + set { $this->set('nextcloud_addtional_apks', $value); } } public function GetNextcloudAdditionalPhpExtensions() : string { @@ -1077,7 +1075,7 @@ class ConfigurationManager 'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()), 'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(), 'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(), - 'NEXTCLOUD_ADDITIONAL_APKS' => $this->GetNextcloudAdditionalApks(), + 'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks, 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(), 'INSTALL_LATEST_MAJOR' => $this->installLatestMajor, 'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '', From c3477a7eb206aff3653a036395c4591068e85e96 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:10:35 +0100 Subject: [PATCH 1017/1064] Make 'nextcloudAdditionalPhpExtensions' an attribute Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 6e62be77..c3f32f02 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -682,11 +682,9 @@ class ConfigurationManager set { $this->set('nextcloud_addtional_apks', $value); } } - public function GetNextcloudAdditionalPhpExtensions() : string { - $envVariableName = 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'; - $configName = 'nextcloud_additional_php_extensions'; - $defaultValue = 'imagick'; - return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue)); + public string $nextcloudAdditionalPhpExtensions { + get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick')); + set { $this->set('nextcloud_additional_php_extensions', $value); } } public function GetCollaboraSeccompPolicy() : string { @@ -1076,7 +1074,7 @@ class ConfigurationManager 'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(), 'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(), 'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks, - 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->GetNextcloudAdditionalPhpExtensions(), + 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->nextcloudAdditionalPhpExtensions, 'INSTALL_LATEST_MAJOR' => $this->installLatestMajor, 'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '', // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) From 22a26268e07308af0419739a56e0ad1f7d5517f3 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:27:55 +0100 Subject: [PATCH 1018/1064] Helper to booleanize environment-or-config-values Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index c3f32f02..c35f7ff9 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -1085,4 +1085,8 @@ class ConfigurationManager default => $this->GetRegisteredSecret($placeholder), }; } + + private function booleanize(mixed $value) : bool { + return in_array($value, [true, 'true'], true); + } } From dc5dc0215c1d304dc45e621f124fe3e2960d5389 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:12:01 +0100 Subject: [PATCH 1019/1064] Make 'collaboraSeccompDisabled' an attribute Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 16 +++++----------- php/src/Docker/DockerActionManager.php | 2 +- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index c35f7ff9..8e316b19 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -114,7 +114,7 @@ class ConfigurationManager // Type-cast because old configs could have 1/0 for this key. get => (bool) $this->get('isFulltextsearchEnabled', false); // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768 - set { $this->set('isFulltextsearchEnabled', ($this->isSeccompDisabled() && $value)); } + set { $this->set('isFulltextsearchEnabled', ($this->collaboraSeccompDisabled && $value)); } } public string $domain { @@ -689,21 +689,15 @@ class ConfigurationManager public function GetCollaboraSeccompPolicy() : string { $defaultString = '--o:security.seccomp='; - if (!$this->isSeccompDisabled()) { + if (!$this->collaboraSeccompDisabled) { return $defaultString . 'true'; } return $defaultString . 'false'; } - private function GetCollaboraSeccompDisabledState() : string { - $envVariableName = 'COLLABORA_SECCOMP_DISABLED'; - $configName = 'collabora_seccomp_disabled'; - $defaultValue = 'false'; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); - } - - public function isSeccompDisabled() : bool { - return $this->GetCollaboraSeccompDisabledState() === 'true'; + public bool $collaboraSeccompDisabled { + get => booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', '')); + set { $this->set('collabora_seccomp_disabled', $value); } } /** diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 12dd70ae..47522e23 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -412,7 +412,7 @@ readonly class DockerActionManager { // Special things for the collabora container which should not be exposed in the containers.json } elseif ($container->identifier === 'nextcloud-aio-collabora') { - if (!$this->configurationManager->isSeccompDisabled()) { + if (!$this->configurationManager->collaboraSeccompDisabled) { // Load reference seccomp profile for collabora $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath()); $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"]; From 08438aff4259eee999c4f3e1c380190f024ec28d Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:12:41 +0100 Subject: [PATCH 1020/1064] Make 'apacheAdditionalNetwork' an attribute Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 8 +++----- php/src/Docker/DockerActionManager.php | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 8e316b19..d5a5e4f0 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -874,11 +874,9 @@ class ConfigurationManager $this->set('collabora_additional_options', ''); } - public function GetApacheAdditionalNetwork() : string { - $envVariableName = 'APACHE_ADDITIONAL_NETWORK'; - $configName = 'apache_additional_network'; - $defaultValue = ''; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public string $apacheAdditionalNetwork { + get => $this->GetEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', ''); + set { $this->set('apache_additional_network', $value); } } private function GetDisableBackupSection() : string { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 47522e23..fd6334c6 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -837,7 +837,7 @@ readonly class DockerActionManager { $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, alias: $alias); if ($container->identifier === 'nextcloud-aio-apache' || $container->identifier === 'nextcloud-aio-domaincheck') { - $apacheAdditionalNetwork = $this->configurationManager->GetApacheAdditionalNetwork(); + $apacheAdditionalNetwork = $this->configurationManager->apacheAdditionalNetwork; if ($apacheAdditionalNetwork !== '') { $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, $apacheAdditionalNetwork, false, $alias); } From 0cb79a387fe128b158f6d7e784b3f47ff5c083be Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:19:57 +0100 Subject: [PATCH 1021/1064] Make 'disableBackupSection' an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 16 +++------------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 47c6bb7b..07837125 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -123,7 +123,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'collabora_dictionaries' => $configurationManager->collaboraDictionaries, 'collabora_additional_options' => $configurationManager->collaboraAdditionalOptions, 'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(), - 'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(), + 'is_backup_section_enabled' => !$configurationManager->disableBackupSection, 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled, 'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled, 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d5a5e4f0..d1825552 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -879,19 +879,9 @@ class ConfigurationManager set { $this->set('apache_additional_network', $value); } } - private function GetDisableBackupSection() : string { - $envVariableName = 'AIO_DISABLE_BACKUP_SECTION'; - $configName = 'disable_backup_section'; - $defaultValue = ''; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); - } - - public function isBackupSectionEnabled() : bool { - if ($this->GetDisableBackupSection() === 'true') { - return false; - } else { - return true; - } + public bool $disableBackupSection { + get => booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', '')); + set { $this->set('disable_backup_section', $value); } } public function listAvailableCommunityContainers() : array { From 5fc4951ba0d4ecfb56bf6f0cfe3c983cef89ad2c Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:26:39 +0100 Subject: [PATCH 1022/1064] Make 'nextcloudEnableDriDevice' an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 16 +++------------- php/src/Docker/DockerActionManager.php | 2 +- 3 files changed, 5 insertions(+), 15 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 07837125..519ec71a 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -132,7 +132,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit, 'nextcloud_max_time' => $configurationManager->nextcloudMaxTime, 'nextcloud_memory_limit' => $configurationManager->nextcloudMemoryLimit, - 'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(), + 'is_dri_device_enabled' => $configurationManager->nextcloudEnableDriDevice, 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), 'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled, 'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled, diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index d1825552..afbe9fbc 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -919,19 +919,9 @@ class ConfigurationManager return $cc; } - private function GetEnabledDriDevice() : string { - $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE'; - $configName = 'nextcloud_enable_dri_device'; - $defaultValue = ''; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); - } - - public function isDriDeviceEnabled() : bool { - if ($this->GetEnabledDriDevice() === 'true') { - return true; - } else { - return false; - } + public bool $nextcloudEnableDriDevice{ + get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', '')); + set { $this->set('nextcloud_enable_dri_device', $value); } } private function GetEnabledNvidiaGpu() : string { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index fd6334c6..31ad2371 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -307,7 +307,7 @@ readonly class DockerActionManager { $devices = []; foreach ($container->devices as $device) { - if ($device === '/dev/dri' && !$this->configurationManager->isDriDeviceEnabled()) { + if ($device === '/dev/dri' && !$this->configurationManager->nextcloudEnableDriDevice) { continue; } $devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"]; From 5bdcfd67eb54aa14401a75bb54d92466c73896fe Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:27:31 +0100 Subject: [PATCH 1023/1064] Make 'enableNvidiaGpu' an attribute Signed-off-by: Pablo Zmdl --- php/public/index.php | 2 +- php/src/Data/ConfigurationManager.php | 14 ++++---------- php/src/Docker/DockerActionManager.php | 2 +- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 519ec71a..1ec42949 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -133,7 +133,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'nextcloud_max_time' => $configurationManager->nextcloudMaxTime, 'nextcloud_memory_limit' => $configurationManager->nextcloudMemoryLimit, 'is_dri_device_enabled' => $configurationManager->nextcloudEnableDriDevice, - 'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(), + 'is_nvidia_gpu_enabled' => $configurationManager->enableNvidiaGpu, 'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled, 'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled, 'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled, diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index afbe9fbc..e03e2bfb 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -923,16 +923,10 @@ class ConfigurationManager get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', '')); set { $this->set('nextcloud_enable_dri_device', $value); } } - - private function GetEnabledNvidiaGpu() : string { - $envVariableName = 'NEXTCLOUD_ENABLE_NVIDIA_GPU'; - $configName = 'enable_nvidia_gpu'; - $defaultValue = ''; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); - } - - public function isNvidiaGpuEnabled() : bool { - return $this->GetEnabledNvidiaGpu() === 'true'; + + public bool $enableNvidiaGpu { + get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', '')); + set { $this->set('enable_nvidia_gpu', $value); } } private function GetKeepDisabledApps() : string { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 31ad2371..509f4c28 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -317,7 +317,7 @@ readonly class DockerActionManager { $requestBody['HostConfig']['Devices'] = $devices; } - if ($container->enableNvidiaGpu && $this->configurationManager->isNvidiaGpuEnabled()) { + if ($container->enableNvidiaGpu && $this->configurationManager->enableNvidiaGpu) { $requestBody['HostConfig']['Runtime'] = 'nvidia'; $requestBody['HostConfig']['DeviceRequests'] = [ [ From 3cfe307a5cb7651cb0b54bb7db5f4fac28c64b7c Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:39:40 +0100 Subject: [PATCH 1024/1064] Make `nextcloudKeepDisabledApps` an attribute Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e03e2bfb..57071d91 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -929,21 +929,11 @@ class ConfigurationManager set { $this->set('enable_nvidia_gpu', $value); } } - private function GetKeepDisabledApps() : string { - $envVariableName = 'NEXTCLOUD_KEEP_DISABLED_APPS'; - $configName = 'nextcloud_keep_disabled_apps'; - $defaultValue = ''; - return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); + public bool $nextcloudKeepDisabledApps { + get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', '')); + set { $this->set('nextcloud_keep_disabled_apps', $value); } } - public function shouldDisabledAppsGetRemoved() : bool { - if ($this->GetKeepDisabledApps() === 'true') { - return false; - } else { - return true; - } - } - private function camelize(string $input, string $delimiter = '_') : string { return lcfirst(implode("", array_map('ucfirst', explode($delimiter, strtolower($input))))); @@ -1042,7 +1032,7 @@ class ConfigurationManager 'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks, 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->nextcloudAdditionalPhpExtensions, 'INSTALL_LATEST_MAJOR' => $this->installLatestMajor, - 'REMOVE_DISABLED_APPS' => $this->shouldDisabledAppsGetRemoved() ? 'yes' : '', + 'REMOVE_DISABLED_APPS' => $this->nextcloudKeepDisabledApps ? '' : 'yes', // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), // Allow to get local ip-address of caddy container and add it to trusted proxies automatically From 078f3caf8aa180ff74ad906652d11757823576f2 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 26 Jan 2026 10:48:33 +0100 Subject: [PATCH 1025/1064] Move all properties to the top of the file Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 201 +++++++++++++------------- 1 file changed, 100 insertions(+), 101 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 57071d91..19b0a7bb 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -188,6 +188,106 @@ class ConfigurationManager set { $this->set('turn_domain', $value); } } + public string $apachePort { + get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443'); + set { $this->set('apache_port', $value); } + } + + public string $talkPort { + get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478'); + set { $this->set('talk_port', $value); } + } + + public string $nextcloudMount { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', ''); + set { $this->set('nextcloud_mount', $value); } + } + + public string $nextcloudDatadirMount { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data'); + set { $this->set('nextcloud_datadir_mount', $value); } + } + + public string $nextcloudUploadLimit { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G'); + set { $this->set('nextcloud_upload_limit', $value); } + } + + public string $nextcloudMemoryLimit { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M'); + set { $this->set('nextcloud_memory_limit', $value); } + } + + public function GetApacheMaxSize() : int { + $uploadLimit = (int)rtrim($this->nextcloudUploadLimit, 'G'); + return $uploadLimit * 1024 * 1024 * 1024; + } + + public string $nextcloudMaxTime { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600'); + set { $this->set('nextcloud_max_time', $value); } + } + + public string $borgRetentionPolicy { + get => $this->GetEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6'); + set { $this->set('borg_retention_policy', $value); } + } + + public string $fulltextsearchJavaOptions { + get => $this->GetEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M'); + set { $this->set('fulltextsearch_java_options', $value); } + } + + public string $dockerSocketPath { + get => $this->GetEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock'); + set { $this->set('docker_socket_path', $value); } + } + + public string $trustedCacertsDir { + get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', ''); + set { $this->set('trusted_cacerts_dir', $value); } + } + + public string $nextcloudAdditionalApks { + get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick')); + set { $this->set('nextcloud_addtional_apks', $value); } + } + + public string $nextcloudAdditionalPhpExtensions { + get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick')); + set { $this->set('nextcloud_additional_php_extensions', $value); } + } + + public bool $collaboraSeccompDisabled { + get => booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', '')); + set { $this->set('collabora_seccomp_disabled', $value); } + } + + public string $apacheAdditionalNetwork { + get => $this->GetEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', ''); + set { $this->set('apache_additional_network', $value); } + } + + public bool $disableBackupSection { + get => booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', '')); + set { $this->set('disable_backup_section', $value); } + } + + public bool $nextcloudEnableDriDevice{ + get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', '')); + set { $this->set('nextcloud_enable_dri_device', $value); } + } + + public bool $enableNvidiaGpu { + get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', '')); + set { $this->set('enable_nvidia_gpu', $value); } + } + + public bool $nextcloudKeepDisabledApps { + get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', '')); + set { $this->set('nextcloud_keep_disabled_apps', $value); } + } + private function GetConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) @@ -568,16 +668,6 @@ class ConfigurationManager $this->set('password', $newPassword); } - public string $apachePort { - get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443'); - set { $this->set('apache_port', $value); } - } - - public string $talkPort { - get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478'); - set { $this->set('talk_port', $value); } - } - /** * @throws InvalidSettingConfigurationException */ @@ -626,67 +716,6 @@ class ConfigurationManager return trim((string)file_get_contents(DataConst::GetBackupPublicKey())); } - public string $nextcloudMount { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', ''); - set { $this->set('nextcloud_mount', $value); } - } - - - public string $nextcloudDatadirMount { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data'); - set { $this->set('nextcloud_datadir_mount', $value); } - } - - public string $nextcloudUploadLimit { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G'); - set { $this->set('nextcloud_upload_limit', $value); } - } - - public string $nextcloudMemoryLimit { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M'); - set { $this->set('nextcloud_memory_limit', $value); } - } - - public function GetApacheMaxSize() : int { - $uploadLimit = (int)rtrim($this->nextcloudUploadLimit, 'G'); - return $uploadLimit * 1024 * 1024 * 1024; - } - - public string $nextcloudMaxTime { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600'); - set { $this->set('nextcloud_max_time', $value); } - } - - public string $borgRetentionPolicy { - get => $this->GetEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6'); - set { $this->set('borg_retention_policy', $value); } - } - - public string $fulltextsearchJavaOptions { - get => $this->GetEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M'); - set { $this->set('fulltextsearch_java_options', $value); } - } - - public string $dockerSocketPath { - get => $this->GetEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock'); - set { $this->set('docker_socket_path', $value); } - } - - public string $trustedCacertsDir { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', ''); - set { $this->set('trusted_cacerts_dir', $value); } - } - - public string $nextcloudAdditionalApks { - get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick')); - set { $this->set('nextcloud_addtional_apks', $value); } - } - - public string $nextcloudAdditionalPhpExtensions { - get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick')); - set { $this->set('nextcloud_additional_php_extensions', $value); } - } - public function GetCollaboraSeccompPolicy() : string { $defaultString = '--o:security.seccomp='; if (!$this->collaboraSeccompDisabled) { @@ -695,11 +724,6 @@ class ConfigurationManager return $defaultString . 'false'; } - public bool $collaboraSeccompDisabled { - get => booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', '')); - set { $this->set('collabora_seccomp_disabled', $value); } - } - /** * @throws InvalidSettingConfigurationException */ @@ -874,16 +898,6 @@ class ConfigurationManager $this->set('collabora_additional_options', ''); } - public string $apacheAdditionalNetwork { - get => $this->GetEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', ''); - set { $this->set('apache_additional_network', $value); } - } - - public bool $disableBackupSection { - get => booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', '')); - set { $this->set('disable_backup_section', $value); } - } - public function listAvailableCommunityContainers() : array { $cc = []; $dir = scandir(DataConst::GetCommunityContainersDirectory()); @@ -919,21 +933,6 @@ class ConfigurationManager return $cc; } - public bool $nextcloudEnableDriDevice{ - get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', '')); - set { $this->set('nextcloud_enable_dri_device', $value); } - } - - public bool $enableNvidiaGpu { - get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', '')); - set { $this->set('enable_nvidia_gpu', $value); } - } - - public bool $nextcloudKeepDisabledApps { - get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', '')); - set { $this->set('nextcloud_keep_disabled_apps', $value); } - } - private function camelize(string $input, string $delimiter = '_') : string { return lcfirst(implode("", array_map('ucfirst', explode($delimiter, strtolower($input))))); From ec66b359e0d3aaa1324abc172df9645c07a89ba4 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 27 Jan 2026 10:52:20 +0100 Subject: [PATCH 1026/1064] Check arguments to camelize() for usefulness Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 19b0a7bb..06122839 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -934,6 +934,12 @@ class ConfigurationManager } private function camelize(string $input, string $delimiter = '_') : string { + if ($input === '') { + throw new InvalidSettingConfigurationException('input cannot be empty!'); + } + if ($delimiter === '') { + $delimiter = '_'; + } return lcfirst(implode("", array_map('ucfirst', explode($delimiter, strtolower($input))))); } From 659b1ca383c575d27fba77f1b0d9d1f4624a6281 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 27 Jan 2026 10:58:25 +0100 Subject: [PATCH 1027/1064] Fix calling booleanize Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 06122839..e592286c 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -259,7 +259,7 @@ class ConfigurationManager } public bool $collaboraSeccompDisabled { - get => booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', '')); + get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', '')); set { $this->set('collabora_seccomp_disabled', $value); } } @@ -269,22 +269,22 @@ class ConfigurationManager } public bool $disableBackupSection { - get => booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', '')); + get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', '')); set { $this->set('disable_backup_section', $value); } } public bool $nextcloudEnableDriDevice{ - get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', '')); + get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', '')); set { $this->set('nextcloud_enable_dri_device', $value); } } public bool $enableNvidiaGpu { - get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', '')); + get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', '')); set { $this->set('enable_nvidia_gpu', $value); } } public bool $nextcloudKeepDisabledApps { - get => booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', '')); + get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', '')); set { $this->set('nextcloud_keep_disabled_apps', $value); } } From d9d4e3680f94ec14bb32ee534e019868ca7e8db7 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 27 Jan 2026 11:55:24 +0100 Subject: [PATCH 1028/1064] Fix residue from change to use start/commitTransaction() Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e592286c..c8f09890 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -954,17 +954,17 @@ class ConfigurationManager error_log("Invalid input: '$variable' is not a string or does not contain an equal sign ('=')"); continue; } - $keyWithValue = $confManager->replaceEnvPlaceholders($variable); + $keyWithValue = $this->replaceEnvPlaceholders($variable); // Pad the result with nulls so psalm is happy (and we don't risk to run into warnings in case // the check for an equal sign from above gets changed). [$key, $value] = explode('=', $keyWithValue, 2) + [null, null]; $key = $this->camelize($key); if ($value === null) { error_log("Invalid input: '$keyWithValue' has no value after the equal sign"); - } else if (!property_exists($confManager, $key)) { + } else if (!property_exists($this, $key)) { error_log("Error: '$key' is not a valid configuration key (in '$keyWithValue')"); } else { - $confManager->$key = $value; + $this->$key = $value; } } $this->commitTransaction(); From 5b6e0f30a6de38e1ec281443d8b0ce1121fcc0ed Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 27 Jan 2026 12:04:55 +0100 Subject: [PATCH 1029/1064] Fix assignment of INSTALL_LATEST_MAJOR from env replacement Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index c8f09890..25263b50 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -1036,7 +1036,7 @@ class ConfigurationManager 'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(), 'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks, 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->nextcloudAdditionalPhpExtensions, - 'INSTALL_LATEST_MAJOR' => $this->installLatestMajor, + 'INSTALL_LATEST_MAJOR' => $this->installLatestMajor ? 'yes' : '', 'REMOVE_DISABLED_APPS' => $this->nextcloudKeepDisabledApps ? '' : 'yes', // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then) 'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'), From 5ba678c0820e748bad54a6748ad65f693b5a40bd Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Wed, 28 Jan 2026 12:08:07 +0100 Subject: [PATCH 1030/1064] Non-functional addition to camelizing nextcloud_mount to nextcloudMount Signed-off-by: Pablo Zmdl --- php/src/Docker/DockerActionManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 509f4c28..db48dc2c 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -400,7 +400,7 @@ readonly class DockerActionManager { // // Special things for the nextcloud container which should not be exposed in the containers.json // } elseif ($container->identifier === 'nextcloud-aio-nextcloud') { // foreach ($container->volumes->GetVolumes() as $volume) { - // if ($volume->name !== $this->configurationManager->nextcloud_mount) { + // if ($volume->name !== $this->configurationManager->nextcloudMount) { // continue; // } // $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]]; From 0ee76078ad32f2d7dd46c38c839965c083b6527b Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 28 Jan 2026 12:03:53 +0000 Subject: [PATCH 1031/1064] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index ee344d52..77403624 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -4058,16 +4058,16 @@ }, { "name": "symfony/finder", - "version": "v6.4.32", + "version": "v6.4.33", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de" + "reference": "24965ca011dac87431729640feef8bcf7b5523e0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de", - "reference": "3ec24885c1d9ababbb9c8f63bb42fea3c8c9b6de", + "url": "https://api.github.com/repos/symfony/finder/zipball/24965ca011dac87431729640feef8bcf7b5523e0", + "reference": "24965ca011dac87431729640feef8bcf7b5523e0", "shasum": "" }, "require": { @@ -4102,7 +4102,7 @@ "description": "Finds files and directories via an intuitive fluent interface", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/finder/tree/v6.4.32" + "source": "https://github.com/symfony/finder/tree/v6.4.33" }, "funding": [ { @@ -4122,7 +4122,7 @@ "type": "tidelift" } ], - "time": "2026-01-10T14:09:00+00:00" + "time": "2026-01-26T13:03:48+00:00" }, { "name": "symfony/polyfill-intl-grapheme", From 27020e608de07b035ff53eb508a41e680b06db2c Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 28 Jan 2026 13:28:07 +0100 Subject: [PATCH 1032/1064] fix get-configurable-aio-variables.sh script Signed-off-by: Simon L. Signed-off-by: Simon L. --- php/get-configurable-aio-variables.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/get-configurable-aio-variables.sh b/php/get-configurable-aio-variables.sh index 44536bd3..3093e1e0 100755 --- a/php/get-configurable-aio-variables.sh +++ b/php/get-configurable-aio-variables.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -awk '/^ public [^f][^u][^n]/ { sub(/\$/, "", $3); print $3 }' php/src/Data/ConfigurationManager.php | sort +awk '/^ public [^f][^u][^n]/ { sub(/\$/, "", $3); print $3 }' src/Data/ConfigurationManager.php | sort From 9871a3eb9a75910d32e5aa4c806a5e3ed1264f05 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 16 Jan 2026 15:22:18 +0100 Subject: [PATCH 1033/1064] insert the AIO version into Nextcloud's system config Signed-off-by: Simon L. --- php/containers.json | 1 + php/src/Data/ConfigurationManager.php | 9 +++++++++ php/src/Data/DataConst.php | 4 ++++ 3 files changed, 14 insertions(+) diff --git a/php/containers.json b/php/containers.json index 8c507f91..8e9218ac 100644 --- a/php/containers.json +++ b/php/containers.json @@ -219,6 +219,7 @@ "SIGNALING_SECRET=%SIGNALING_SECRET%", "ONLYOFFICE_SECRET=%ONLYOFFICE_SECRET%", "AIO_URL=%AIO_URL%", + "NC_AIO_VERSION=v%AIO_VERSION%", "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%", "CLAMAV_ENABLED=%CLAMAV_ENABLED%", "CLAMAV_HOST=nextcloud-aio-clamav", diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 25263b50..124e78c6 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -420,6 +420,14 @@ class ConfigurationManager return $backupTimes; } + public function getAioVersion() : string { + $path = DataConst::GetAioVersionFile(); + if ($path !== '' && file_exists($path)) { + return trim((string)file_get_contents($path)); + } + return ''; + } + private function isx64Platform() : bool { if (php_uname('m') === 'x86_64') { return true; @@ -1043,6 +1051,7 @@ class ConfigurationManager // Allow to get local ip-address of caddy container and add it to trusted proxies automatically 'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '', 'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '', + 'AIO_VERSION' => $this->getAioVersion(), default => $this->GetRegisteredSecret($placeholder), }; } diff --git a/php/src/Data/DataConst.php b/php/src/Data/DataConst.php index 9111a98a..9272e3d4 100644 --- a/php/src/Data/DataConst.php +++ b/php/src/Data/DataConst.php @@ -66,4 +66,8 @@ class DataConst { public static function GetContainersDefinitionPath() : string { return (string)realpath(__DIR__ . '/../../containers.json'); } + + public static function GetAioVersionFile() : string { + return (string)realpath(__DIR__ . '/../../templates/includes/aio-version.twig'); + } } From bf43a6dae6e1a760f79ca33f800991e355c6c061 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Wed, 28 Jan 2026 16:51:36 +0100 Subject: [PATCH 1034/1064] Lower case method names in ConfigurationManager Signed-off-by: Pablo Zmdl --- php/public/index.php | 14 +- php/src/ContainerDefinitionFetcher.php | 2 +- .../Controller/ConfigurationController.php | 18 +-- php/src/Data/ConfigurationManager.php | 134 +++++++++--------- php/src/Docker/DockerActionManager.php | 4 +- 5 files changed, 86 insertions(+), 86 deletions(-) diff --git a/php/public/index.php b/php/public/index.php index 1ec42949..cc06bb90 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -95,10 +95,10 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'apache_port' => $configurationManager->apachePort, 'borg_backup_host_location' => $configurationManager->borgBackupHostLocation, 'borg_remote_repo' => $configurationManager->borgRemoteRepo, - 'borg_public_key' => $configurationManager->GetBorgPublicKey(), - 'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'), + 'borg_public_key' => $configurationManager->getBorgPublicKey(), + 'nextcloud_password' => $configurationManager->getAndGenerateSecret('NEXTCLOUD_PASSWORD'), 'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(), - 'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'), + 'borgbackup_password' => $configurationManager->getAndGenerateSecret('BORGBACKUP_PASSWORD'), 'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManager->IsMastercontainerUpdateAvailable() ), 'has_backup_run_once' => $configurationManager->hasBackupRunOnce(), 'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(), @@ -107,15 +107,15 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'borg_backup_mode' => $configurationManager->backupMode, 'was_start_button_clicked' => $configurationManager->wasStartButtonClicked, 'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(), - 'last_backup_time' => $configurationManager->GetLastBackupTime(), - 'backup_times' => $configurationManager->GetBackupTimes(), + 'last_backup_time' => $configurationManager->getLastBackupTime(), + 'backup_times' => $configurationManager->getBackupTimes(), 'current_channel' => $dockerActionManager->GetCurrentChannel(), 'is_clamav_enabled' => $configurationManager->isClamavEnabled, 'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled, 'is_collabora_enabled' => $configurationManager->isCollaboraEnabled, 'is_talk_enabled' => $configurationManager->isTalkEnabled, 'borg_restore_password' => $configurationManager->borgRestorePassword, - 'daily_backup_time' => $configurationManager->GetDailyBackupTime(), + 'daily_backup_time' => $configurationManager->getDailyBackupTime(), 'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(), 'timezone' => $configurationManager->timezone, 'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation), @@ -126,7 +126,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'is_backup_section_enabled' => !$configurationManager->disableBackupSection, 'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled, 'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled, - 'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(), + 'additional_backup_directories' => $configurationManager->getAdditionalBackupDirectoriesString(), 'nextcloud_datadir' => $configurationManager->nextcloudDatadirMount, 'nextcloud_mount' => $configurationManager->nextcloudMount, 'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit, diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index 831a7bc5..d2519ed7 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -246,7 +246,7 @@ readonly class ContainerDefinitionFetcher { // All secrets are registered with the configuration when they // are discovered so they can be later generated at time-of-use. foreach ($entry['secrets'] as $secret) { - $this->configurationManager->RegisterSecret($secret); + $this->configurationManager->registerSecret($secret); } } diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index 8bf193e0..bb55e10f 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -20,26 +20,26 @@ readonly class ConfigurationController { if (isset($request->getParsedBody()['domain'])) { $domain = $request->getParsedBody()['domain'] ?? ''; $skipDomainValidation = isset($request->getParsedBody()['skip_domain_validation']); - $this->configurationManager->SetDomain($domain, $skipDomainValidation); + $this->configurationManager->setDomain($domain, $skipDomainValidation); } if (isset($request->getParsedBody()['current-master-password']) || isset($request->getParsedBody()['new-master-password'])) { $currentMasterPassword = $request->getParsedBody()['current-master-password'] ?? ''; $newMasterPassword = $request->getParsedBody()['new-master-password'] ?? ''; - $this->configurationManager->ChangeMasterPassword($currentMasterPassword, $newMasterPassword); + $this->configurationManager->changeMasterPassword($currentMasterPassword, $newMasterPassword); } if (isset($request->getParsedBody()['borg_backup_host_location']) || isset($request->getParsedBody()['borg_remote_repo'])) { $location = $request->getParsedBody()['borg_backup_host_location'] ?? ''; $borgRemoteRepo = $request->getParsedBody()['borg_remote_repo'] ?? ''; - $this->configurationManager->SetBorgLocationVars($location, $borgRemoteRepo); + $this->configurationManager->setBorgLocationVars($location, $borgRemoteRepo); } if (isset($request->getParsedBody()['borg_restore_host_location']) || isset($request->getParsedBody()['borg_restore_remote_repo']) || isset($request->getParsedBody()['borg_restore_password'])) { $restoreLocation = $request->getParsedBody()['borg_restore_host_location'] ?? ''; $borgRemoteRepo = $request->getParsedBody()['borg_restore_remote_repo'] ?? ''; $borgPassword = $request->getParsedBody()['borg_restore_password'] ?? ''; - $this->configurationManager->SetBorgRestoreLocationVarsAndPassword($restoreLocation, $borgRemoteRepo, $borgPassword); + $this->configurationManager->setBorgRestoreLocationVarsAndPassword($restoreLocation, $borgRemoteRepo, $borgPassword); } if (isset($request->getParsedBody()['daily_backup_time'])) { @@ -54,16 +54,16 @@ readonly class ConfigurationController { $successNotification = false; } $dailyBackupTime = $request->getParsedBody()['daily_backup_time'] ?? ''; - $this->configurationManager->SetDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates, $successNotification); + $this->configurationManager->setDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates, $successNotification); } if (isset($request->getParsedBody()['delete_daily_backup_time'])) { - $this->configurationManager->DeleteDailyBackupTime(); + $this->configurationManager->deleteDailyBackupTime(); } if (isset($request->getParsedBody()['additional_backup_directories'])) { $additionalBackupDirectories = $request->getParsedBody()['additional_backup_directories'] ?? ''; - $this->configurationManager->SetAdditionalBackupDirectories($additionalBackupDirectories); + $this->configurationManager->setAdditionalBackupDirectories($additionalBackupDirectories); } if (isset($request->getParsedBody()['delete_timezone'])) { @@ -112,7 +112,7 @@ readonly class ConfigurationController { } if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) { - $this->configurationManager->DeleteCollaboraDictionaries(); + $this->configurationManager->deleteCollaboraDictionaries(); } if (isset($request->getParsedBody()['collabora_dictionaries'])) { @@ -130,7 +130,7 @@ readonly class ConfigurationController { } if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) { - $this->configurationManager->DeleteBorgBackupLocationItems(); + $this->configurationManager->deleteBorgBackupLocationItems(); } return $response->withStatus(201)->withHeader('Location', '.'); diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 124e78c6..e65d5504 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -119,7 +119,7 @@ class ConfigurationManager public string $domain { get => $this->get('domain', ''); - set { $this->SetDomain($value); } + set { $this->setDomain($value); } } public string $borgBackupHostLocation { @@ -138,7 +138,7 @@ class ConfigurationManager } public string $apacheIpBinding { - get => $this->GetEnvironmentalVariableOrConfig('APACHE_IP_BINDING', 'apache_ip_binding', ''); + get => $this->getEnvironmentalVariableOrConfig('APACHE_IP_BINDING', 'apache_ip_binding', ''); set { $this->set('apache_ip_binding', $value); } } @@ -189,106 +189,106 @@ class ConfigurationManager } public string $apachePort { - get => $this->GetEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443'); + get => $this->getEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443'); set { $this->set('apache_port', $value); } } public string $talkPort { - get => $this->GetEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478'); + get => $this->getEnvironmentalVariableOrConfig('TALK_PORT', 'talk_port', '3478'); set { $this->set('talk_port', $value); } } public string $nextcloudMount { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', ''); + get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_MOUNT', 'nextcloud_mount', ''); set { $this->set('nextcloud_mount', $value); } } public string $nextcloudDatadirMount { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data'); + get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_DATADIR', 'nextcloud_datadir', 'nextcloud_aio_nextcloud_data'); set { $this->set('nextcloud_datadir_mount', $value); } } public string $nextcloudUploadLimit { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G'); + get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_UPLOAD_LIMIT', 'nextcloud_upload_limit', '16G'); set { $this->set('nextcloud_upload_limit', $value); } } public string $nextcloudMemoryLimit { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M'); + get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_MEMORY_LIMIT', 'nextcloud_memory_limit', '512M'); set { $this->set('nextcloud_memory_limit', $value); } } - public function GetApacheMaxSize() : int { + public function getApacheMaxSize() : int { $uploadLimit = (int)rtrim($this->nextcloudUploadLimit, 'G'); return $uploadLimit * 1024 * 1024 * 1024; } public string $nextcloudMaxTime { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600'); + get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_MAX_TIME', 'nextcloud_max_time', '3600'); set { $this->set('nextcloud_max_time', $value); } } public string $borgRetentionPolicy { - get => $this->GetEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6'); + get => $this->getEnvironmentalVariableOrConfig('BORG_RETENTION_POLICY', 'borg_retention_policy', '--keep-within=7d --keep-weekly=4 --keep-monthly=6'); set { $this->set('borg_retention_policy', $value); } } public string $fulltextsearchJavaOptions { - get => $this->GetEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M'); + get => $this->getEnvironmentalVariableOrConfig('FULLTEXTSEARCH_JAVA_OPTIONS', 'fulltextsearch_java_options', '-Xms512M -Xmx512M'); set { $this->set('fulltextsearch_java_options', $value); } } public string $dockerSocketPath { - get => $this->GetEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock'); + get => $this->getEnvironmentalVariableOrConfig('WATCHTOWER_DOCKER_SOCKET_PATH', 'docker_socket_path', '/var/run/docker.sock'); set { $this->set('docker_socket_path', $value); } } public string $trustedCacertsDir { - get => $this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', ''); + get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', ''); set { $this->set('trusted_cacerts_dir', $value); } } public string $nextcloudAdditionalApks { - get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick')); + get => trim($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_APKS', 'nextcloud_additional_apks', 'imagemagick')); set { $this->set('nextcloud_addtional_apks', $value); } } public string $nextcloudAdditionalPhpExtensions { - get => trim($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick')); + get => trim($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS', 'nextcloud_additional_php_extensions', 'imagick')); set { $this->set('nextcloud_additional_php_extensions', $value); } } public bool $collaboraSeccompDisabled { - get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', '')); + get => $this->booleanize($this->getEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', '')); set { $this->set('collabora_seccomp_disabled', $value); } } public string $apacheAdditionalNetwork { - get => $this->GetEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', ''); + get => $this->getEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', ''); set { $this->set('apache_additional_network', $value); } } public bool $disableBackupSection { - get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', '')); + get => $this->booleanize($this->getEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', '')); set { $this->set('disable_backup_section', $value); } } public bool $nextcloudEnableDriDevice{ - get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', '')); + get => $this->booleanize($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_DRI_DEVICE', 'nextcloud_enable_dri_device', '')); set { $this->set('nextcloud_enable_dri_device', $value); } } public bool $enableNvidiaGpu { - get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', '')); + get => $this->booleanize($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_ENABLE_NVIDIA_GPU', 'enable_nvidia_gpu', '')); set { $this->set('enable_nvidia_gpu', $value); } } public bool $nextcloudKeepDisabledApps { - get => $this->booleanize($this->GetEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', '')); + get => $this->booleanize($this->getEnvironmentalVariableOrConfig('NEXTCLOUD_KEEP_DISABLED_APPS', 'nextcloud_keep_disabled_apps', '')); set { $this->set('nextcloud_keep_disabled_apps', $value); } } - private function GetConfig() : array + private function getConfig() : array { if ($this->config === [] && file_exists(DataConst::GetConfigFile())) { @@ -300,15 +300,15 @@ class ConfigurationManager } private function get(string $key, mixed $fallbackValue = null) : mixed { - return $this->GetConfig()[$key] ?? $fallbackValue; + return $this->getConfig()[$key] ?? $fallbackValue; } private function set(string $key, mixed $value) : void { - $this->GetConfig(); + $this->getConfig(); $this->config[$key] = $value; // Only write if this isn't called in between startTransaction() and commitTransaction(). if ($this->noWrite !== true) { - $this->WriteConfig(); + $this->writeConfig(); } } @@ -317,7 +317,7 @@ class ConfigurationManager * followed by a call to commitTransaction(), which then writes all changes to disk. */ public function startTransaction() : void { - $this->GetConfig(); + $this->getConfig(); $this->noWrite = true; } @@ -326,13 +326,13 @@ class ConfigurationManager */ public function commitTransaction() : void { try { - $this->WriteConfig(); + $this->writeConfig(); } finally { $this->noWrite = false; } } - public function GetAndGenerateSecret(string $secretId) : string { + public function getAndGenerateSecret(string $secretId) : string { if ($secretId === '') { return ''; } @@ -344,24 +344,24 @@ class ConfigurationManager } if ($secretId === 'BORGBACKUP_PASSWORD' && !file_exists(DataConst::GetBackupSecretFile())) { - $this->DoubleSafeBackupSecret($secrets[$secretId]); + $this->doubleSafeBackupSecret($secrets[$secretId]); } return $secrets[$secretId]; } - public function GetRegisteredSecret(string $secretId) : string { + public function getRegisteredSecret(string $secretId) : string { if ($this->secrets[$secretId]) { - return $this->GetAndGenerateSecret($secretId); + return $this->getAndGenerateSecret($secretId); } throw new \Exception("The secret " . $secretId . " was not registered. Please check if it is defined in secrets of containers.json."); } - public function RegisterSecret(string $secretId) : void { + public function registerSecret(string $secretId) : void { $this->secrets[$secretId] = true; } - private function DoubleSafeBackupSecret(string $borgBackupPassword) : void { + private function doubleSafeBackupSecret(string $borgBackupPassword) : void { file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword); } @@ -373,7 +373,7 @@ class ConfigurationManager } } - public function GetLastBackupTime() : string { + public function getLastBackupTime() : string { if (!file_exists(DataConst::GetBackupArchivesList())) { return ''; } @@ -398,7 +398,7 @@ class ConfigurationManager return $lastBackupTime; } - public function GetBackupTimes() : array { + public function getBackupTimes() : array { if (!file_exists(DataConst::GetBackupArchivesList())) { return []; } @@ -441,7 +441,7 @@ class ConfigurationManager * * We can't turn this into a private validation method because of the second argument. */ - public function SetDomain(string $domain, bool $skipDomainValidation) : void { + public function setDomain(string $domain, bool $skipDomainValidation) : void { // Validate that at least one dot is contained if (!str_contains($domain, '.')) { throw new InvalidSettingConfigurationException("Domain must contain at least one dot!"); @@ -508,7 +508,7 @@ class ConfigurationManager } // Get Instance ID - $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID'); + $instanceID = $this->getAndGenerateSecret('INSTANCE_ID'); // set protocol if ($port !== '443') { @@ -555,7 +555,7 @@ class ConfigurationManager $this->commitTransaction(); } - public function GetBaseDN() : string { + public function getBaseDN() : string { $domain = $this->domain; if ($domain === "") { return ""; @@ -566,15 +566,15 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public function SetBorgLocationVars(string $location, string $repo) : void { - $this->ValidateBorgLocationVars($location, $repo); + public function setBorgLocationVars(string $location, string $repo) : void { + $this->validateBorgLocationVars($location, $repo); $this->startTransaction(); $this->borgBackupHostLocation = $location; $this->borgRemoteRepo = $repo; $this->commitTransaction(); } - private function ValidateBorgLocationVars(string $location, string $repo) : void { + private function validateBorgLocationVars(string $location, string $repo) : void { if ($location === '' && $repo === '') { throw new InvalidSettingConfigurationException("Please enter a path or a remote repo url!"); } elseif ($location !== '' && $repo !== '') { @@ -600,11 +600,11 @@ class ConfigurationManager } } else { - $this->ValidateBorgRemoteRepo($repo); + $this->validateBorgRemoteRepo($repo); } } - private function ValidateBorgRemoteRepo(string $repo) : void { + private function validateBorgRemoteRepo(string $repo) : void { $commonMsg = "For valid urls, see the remote examples at https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls"; if ($repo === "") { // Ok, remote repo is optional @@ -615,7 +615,7 @@ class ConfigurationManager } } - public function DeleteBorgBackupLocationItems() : void { + public function deleteBorgBackupLocationItems() : void { // Delete the variables $this->startTransaction(); $this->borgBackupHostLocation = ''; @@ -633,8 +633,8 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public function SetBorgRestoreLocationVarsAndPassword(string $location, string $repo, string $password) : void { - $this->ValidateBorgLocationVars($location, $repo); + public function setBorgRestoreLocationVarsAndPassword(string $location, string $repo, string $password) : void { + $this->validateBorgLocationVars($location, $repo); if ($password === '') { throw new InvalidSettingConfigurationException("Please enter the password!"); @@ -651,7 +651,7 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public function ChangeMasterPassword(string $currentPassword, string $newPassword) : void { + public function changeMasterPassword(string $currentPassword, string $newPassword) : void { if ($currentPassword === '') { throw new InvalidSettingConfigurationException("Please enter your current password."); } @@ -679,7 +679,7 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - private function WriteConfig() : void { + private function writeConfig() : void { if(!is_dir(DataConst::GetDataDirectory())) { throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!"); } @@ -697,7 +697,7 @@ class ConfigurationManager $this->config = []; } - private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string { + private function getEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string { $envVariableOutput = getenv($envVariableName); $configValue = $this->get($configName, ''); if ($envVariableOutput === false) { @@ -716,7 +716,7 @@ class ConfigurationManager return $envVariableOutput; } - public function GetBorgPublicKey() : string { + public function getBorgPublicKey() : string { if (!file_exists(DataConst::GetBackupPublicKey())) { return ""; } @@ -724,7 +724,7 @@ class ConfigurationManager return trim((string)file_get_contents(DataConst::GetBackupPublicKey())); } - public function GetCollaboraSeccompPolicy() : string { + public function getCollaboraSeccompPolicy() : string { $defaultString = '--o:security.seccomp='; if (!$this->collaboraSeccompDisabled) { return $defaultString . 'true'; @@ -735,7 +735,7 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public function SetDailyBackupTime(string $time, bool $enableAutomaticUpdates, bool $successNotification) : void { + public function setDailyBackupTime(string $time, bool $enableAutomaticUpdates, bool $successNotification) : void { if ($time === "") { throw new InvalidSettingConfigurationException("The daily backup time must not be empty!"); } @@ -757,7 +757,7 @@ class ConfigurationManager file_put_contents(DataConst::GetDailyBackupTimeFile(), $time); } - public function GetDailyBackupTime() : string { + public function getDailyBackupTime() : string { if (!file_exists(DataConst::GetDailyBackupTimeFile())) { return ''; } @@ -779,7 +779,7 @@ class ConfigurationManager } } - public function DeleteDailyBackupTime() : void { + public function deleteDailyBackupTime() : void { if (file_exists(DataConst::GetDailyBackupTimeFile())) { unlink(DataConst::GetDailyBackupTimeFile()); } @@ -788,7 +788,7 @@ class ConfigurationManager /** * @throws InvalidSettingConfigurationException */ - public function SetAdditionalBackupDirectories(string $additionalBackupDirectories) : void { + public function setAdditionalBackupDirectories(string $additionalBackupDirectories) : void { $additionalBackupDirectoriesArray = explode("\n", $additionalBackupDirectories); $validDirectories = ''; foreach($additionalBackupDirectoriesArray as $entry) { @@ -809,15 +809,15 @@ class ConfigurationManager } } - public function GetAdditionalBackupDirectoriesString() : string { + public function getAdditionalBackupDirectoriesString() : string { if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) { return ''; } return (string)file_get_contents(DataConst::GetAdditionalBackupDirectoriesFile()); } - public function GetAdditionalBackupDirectoriesArray() : array { - $additionalBackupDirectories = $this->GetAdditionalBackupDirectoriesString(); + public function getAdditionalBackupDirectoriesArray() : array { + $additionalBackupDirectories = $this->getAdditionalBackupDirectoriesString(); $additionalBackupDirectoriesArray = explode("\n", $additionalBackupDirectories); $additionalBackupDirectoriesArray = array_unique($additionalBackupDirectoriesArray, SORT_REGULAR); return $additionalBackupDirectoriesArray; @@ -854,7 +854,7 @@ class ConfigurationManager return false; } - public function GetNextcloudStartupApps() : string { + public function getNextcloudStartupApps() : string { $apps = getenv('NEXTCLOUD_STARTUP_APPS'); if (is_string($apps)) { return trim($apps); @@ -878,7 +878,7 @@ class ConfigurationManager /** * Provide an extra method since the corresponding attribute setter prevents setting an empty value. */ - public function DeleteCollaboraDictionaries() : void { + public function deleteCollaboraDictionaries() : void { $this->set('collabora_dictionaries', ''); } @@ -1007,7 +1007,7 @@ class ConfigurationManager private function getPlaceholderValue(string $placeholder) : string { return match ($placeholder) { 'NC_DOMAIN' => $this->domain, - 'NC_BASE_DN' => $this->GetBaseDN(), + 'NC_BASE_DN' => $this->getBaseDN(), 'AIO_TOKEN' => $this->aioToken, 'BORGBACKUP_REMOTE_REPO' => $this->borgRemoteRepo, 'BORGBACKUP_MODE' => $this->backupMode, @@ -1037,11 +1037,11 @@ class ConfigurationManager 'BORG_RETENTION_POLICY' => $this->borgRetentionPolicy, 'FULLTEXTSEARCH_JAVA_OPTIONS' => $this->fulltextsearchJavaOptions, 'NEXTCLOUD_TRUSTED_CACERTS_DIR' => $this->trustedCacertsDir, - 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->GetAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', + 'ADDITIONAL_DIRECTORIES_BACKUP' => $this->getAdditionalBackupDirectoriesString() !== '' ? 'yes' : '', 'BORGBACKUP_HOST_LOCATION' => $this->borgBackupHostLocation, - 'APACHE_MAX_SIZE' => (string)($this->GetApacheMaxSize()), - 'COLLABORA_SECCOMP_POLICY' => $this->GetCollaboraSeccompPolicy(), - 'NEXTCLOUD_STARTUP_APPS' => $this->GetNextcloudStartupApps(), + 'APACHE_MAX_SIZE' => (string)($this->getApacheMaxSize()), + 'COLLABORA_SECCOMP_POLICY' => $this->getCollaboraSeccompPolicy(), + 'NEXTCLOUD_STARTUP_APPS' => $this->getNextcloudStartupApps(), 'NEXTCLOUD_ADDITIONAL_APKS' => $this->nextcloudAdditionalApks, 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS' => $this->nextcloudAdditionalPhpExtensions, 'INSTALL_LATEST_MAJOR' => $this->installLatestMajor ? 'yes' : '', @@ -1052,7 +1052,7 @@ class ConfigurationManager 'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '', 'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '', 'AIO_VERSION' => $this->getAioVersion(), - default => $this->GetRegisteredSecret($placeholder), + default => $this->getRegisteredSecret($placeholder), }; } diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index db48dc2c..6fea395f 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -383,7 +383,7 @@ readonly class DockerActionManager { // Make volumes read only in case of borgbackup container. The viewer makes them writeable $isReadOnly = $container->identifier === 'nextcloud-aio-borgbackup'; - foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) { + foreach ($this->configurationManager->getAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) { if ($additionalBackupDirectories !== '') { if (!str_starts_with($additionalBackupDirectories, '/')) { $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => $isReadOnly]; @@ -940,7 +940,7 @@ readonly class DockerActionManager { } public function GetAndGenerateSecretWrapper(string $secretId): string { - return $this->configurationManager->GetAndGenerateSecret($secretId); + return $this->configurationManager->getAndGenerateSecret($secretId); } public function isNextcloudImageOutdated(): bool { From caac0443b3c2639761336d2e9cb639b3a6600d25 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 04:07:36 +0000 Subject: [PATCH 1035/1064] build(deps): bump alpine from 3.23.2 to 3.23.3 in /Containers/alpine Bumps alpine from 3.23.2 to 3.23.3. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/alpine/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/alpine/Dockerfile b/Containers/alpine/Dockerfile index 718c5510..1098b4c4 100644 --- a/Containers/alpine/Dockerfile +++ b/Containers/alpine/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.23.2 +FROM alpine:3.23.3 RUN set -ex; \ apk upgrade --no-cache -a From 120c9ba9274649e141eea4c5e39c04b8bd2cd804 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 04:07:42 +0000 Subject: [PATCH 1036/1064] build(deps): bump alpine from 3.23.2 to 3.23.3 in /Containers/borgbackup Bumps alpine from 3.23.2 to 3.23.3. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/borgbackup/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/borgbackup/Dockerfile b/Containers/borgbackup/Dockerfile index 97d6198b..6e3180cb 100644 --- a/Containers/borgbackup/Dockerfile +++ b/Containers/borgbackup/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.23.2 +FROM alpine:3.23.3 RUN set -ex; \ \ From da70dafa3d96799bbcef956d5bfda5a88e02298e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 04:07:45 +0000 Subject: [PATCH 1037/1064] build(deps): bump alpine from 3.23.2 to 3.23.3 in /Containers/clamav Bumps alpine from 3.23.2 to 3.23.3. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/clamav/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/clamav/Dockerfile b/Containers/clamav/Dockerfile index e81fb06e..6910ae1c 100644 --- a/Containers/clamav/Dockerfile +++ b/Containers/clamav/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.23.2 +FROM alpine:3.23.3 RUN set -ex; \ apk upgrade --no-cache -a; \ From b3a4eda249f570ef1c7318615f46b11c5f05ab10 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 04:07:46 +0000 Subject: [PATCH 1038/1064] build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.8.1.1 to 25.04.8.2.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.8.2.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/collabora/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/collabora/Dockerfile b/Containers/collabora/Dockerfile index 976360cb..d1693da0 100644 --- a/Containers/collabora/Dockerfile +++ b/Containers/collabora/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile -FROM collabora/code:25.04.8.1.1 +FROM collabora/code:25.04.8.2.1 USER root ARG DEBIAN_FRONTEND=noninteractive From abdcc9f551c30ae01366c6757a9a0d5550607a03 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 04:07:52 +0000 Subject: [PATCH 1039/1064] build(deps): bump alpine in /Containers/domaincheck Bumps alpine from 3.23.2 to 3.23.3. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/domaincheck/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/domaincheck/Dockerfile b/Containers/domaincheck/Dockerfile index 8122f315..374aba4a 100644 --- a/Containers/domaincheck/Dockerfile +++ b/Containers/domaincheck/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.23.2 +FROM alpine:3.23.3 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache bash lighttpd netcat-openbsd; \ From 8e48e92ebcfbdd0a88f1fda6d8680cb694c99dda Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 04:07:58 +0000 Subject: [PATCH 1040/1064] build(deps): bump alpine from 3.23.2 to 3.23.3 in /Containers/imaginary Bumps alpine from 3.23.2 to 3.23.3. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 650c4c67..b108ac18 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -14,7 +14,7 @@ RUN set -ex; \ build-base; \ go install github.com/h2non/imaginary@"$IMAGINARY_HASH"; -FROM alpine:3.23.2 +FROM alpine:3.23.3 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ From d6f1bdd8d39b3d00d2a0bad2a29d7aed67daf0fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 04:08:35 +0000 Subject: [PATCH 1041/1064] build(deps): bump alpine in /Containers/notify-push Bumps alpine from 3.23.2 to 3.23.3. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/notify-push/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/notify-push/Dockerfile b/Containers/notify-push/Dockerfile index 425115c4..838c847c 100644 --- a/Containers/notify-push/Dockerfile +++ b/Containers/notify-push/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM alpine:3.23.2 +FROM alpine:3.23.3 COPY --chmod=775 start.sh /start.sh COPY --chmod=775 healthcheck.sh /healthcheck.sh From 3ba704b233f89ba00099e2d5db11b31a5a737c5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 04:08:41 +0000 Subject: [PATCH 1042/1064] build(deps): bump alpine from 3.23.2 to 3.23.3 in /Containers/talk Bumps alpine from 3.23.2 to 3.23.3. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index fc8cc54a..e8d3d72f 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -2,7 +2,7 @@ FROM nats:2.12.4-scratch AS nats FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling -FROM alpine:3.23.2 AS janus +FROM alpine:3.23.3 AS janus ARG JANUS_VERSION=v1.3.3 WORKDIR /src @@ -35,7 +35,7 @@ RUN set -ex; \ make configs; \ rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample -FROM alpine:3.23.2 +FROM alpine:3.23.3 ENV ETURNAL_ETC_DIR="/conf" ENV SKIP_CERT_VERIFY=false COPY --from=janus --chmod=777 --chown=1000:1000 /usr/local /usr/local From a72b79f63bad3f1c3613692b728d2ba74128e46b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 04:08:55 +0000 Subject: [PATCH 1043/1064] build(deps): bump alpine from 3.23.2 to 3.23.3 in /Containers/watchtower Bumps alpine from 3.23.2 to 3.23.3. --- updated-dependencies: - dependency-name: alpine dependency-version: 3.23.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index 83bccc07..fc9ea093 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -9,7 +9,7 @@ RUN set -ex; \ build-base; \ go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.0 -FROM alpine:3.23.2 +FROM alpine:3.23.3 RUN set -ex; \ apk upgrade --no-cache -a; \ From 7de7ee1244bd19107da284ce0427bc0415d1b58a Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 29 Jan 2026 09:47:21 +0100 Subject: [PATCH 1044/1064] apply suggestion Signed-off-by: Simon L. --- .github/pull_request_template.md | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 7958ceab..0350cecc 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -5,21 +5,4 @@ --> * Resolves: # - -## Summary - - -## TODO - -- [ ] ... - -## Checklist - -- Code is [properly formatted](https://docs.nextcloud.com/server/latest/developer_manual/digging_deeper/continuous_integration.html#linting) -- [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits -- [ ] Tests ([unit](https://docs.nextcloud.com/server/latest/developer_manual/app_development/tutorial.html#unit-tests), [integration](https://docs.nextcloud.com/server/latest/developer_manual/app_development/tutorial.html#integration-tests), api and/or acceptance) are included -- [ ] Screenshots before/after for front-end changes -- [ ] Documentation ([manuals](https://github.com/nextcloud/documentation/) or wiki) has been updated or is not required -- [ ] [Backports requested](https://github.com/nextcloud/backportbot/#usage) where applicable (ex: critical bugfixes) -- [ ] [Labels added](https://github.com/nextcloud/server/labels) where applicable (ex: bug/enhancement, `3. to review`, feature component) -- [ ] [Milestone added](https://github.com/nextcloud/server/milestones) for target branch/version (ex: 32.x for `stable32`) +* [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits From b47e89468157cba66f2c1d3f78a344bf38abc199 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 29 Jan 2026 09:54:34 +0100 Subject: [PATCH 1045/1064] increase timeout for backup restore Signed-off-by: Simon L. --- php/tests/tests/restore-instance.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/tests/tests/restore-instance.spec.js b/php/tests/tests/restore-instance.spec.js index e93cf340..696a4376 100644 --- a/php/tests/tests/restore-instance.spec.js +++ b/php/tests/tests/restore-instance.spec.js @@ -74,7 +74,7 @@ test('Restore instance', async ({ page: setupPage }) => { dialog.accept() }); await containersPage.getByRole('button', { name: 'Start and update containers' }).click(); - await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 5 * 60 * 1000 }); + await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 8 * 60 * 1000 }); await expect(containersPage.getByRole('main')).toContainText(initialNextcloudPassword); // Verify that containers are all stopped From ff3fb24fa772f02825351af5adda03364c77195b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jan 2026 12:10:04 +0000 Subject: [PATCH 1046/1064] build(deps): bump peter-evans/create-pull-request in /.github/workflows Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.11 to 8.1.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/22a9089034f40e5a961c8808d113e2c98fb63676...c0f553fe549906ede9cf27b5156039d195d2ece0) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/collabora.yml | 2 +- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- .github/workflows/watchtower-update.yml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml index 81ea8ff1..a61067f3 100644 --- a/.github/workflows/collabora.yml +++ b/.github/workflows/collabora.yml @@ -18,7 +18,7 @@ jobs: mv cool-seccomp-profile.json php/ - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7 with: commit-message: collabora-seccomp-update automated change signoff: true diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 7bdc5d1a..3805a0d0 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -44,7 +44,7 @@ jobs: )" sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7 with: commit-message: php dependency updates signoff: true diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index 171fb132..05050a20 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -22,7 +22,7 @@ jobs: sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7 with: commit-message: imaginary-update automated change signoff: true diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index 5b420c20..b2475290 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -79,7 +79,7 @@ jobs: fi - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7 with: commit-message: nextcloud-update automated change signoff: true diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 0c2f8aee..bcbb12c3 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -30,7 +30,7 @@ jobs: continue-on-error: true - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: Update psalm baseline diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index 28f9fef7..b19e1cb5 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -45,7 +45,7 @@ jobs: sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7 with: commit-message: talk-update automated change signoff: true diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 2dcd2e73..92cbb978 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -23,7 +23,7 @@ jobs: sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG" fi - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7 with: commit-message: Helm Chart updates signoff: true diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index a60ea1c6..6e150261 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -16,7 +16,7 @@ jobs: run: | sudo bash manual-install/update-yaml.sh - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7 with: commit-message: Yaml updates signoff: true diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml index c04657be..ecd82a69 100644 --- a/.github/workflows/watchtower-update.yml +++ b/.github/workflows/watchtower-update.yml @@ -26,7 +26,7 @@ jobs: sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7 with: commit-message: watchtower-update automated change signoff: true From c64ecba63c3ce3e5b07b1ffb566b5a9a5811ac6b Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 28 Jan 2026 18:46:01 +0100 Subject: [PATCH 1047/1064] Update GPG key import method in entrypoint.sh Signed-off-by: Simon L. --- Containers/nextcloud/entrypoint.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 5f47a0f4..d4b4f253 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -182,8 +182,11 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/latest-${NEXT_MAJOR}.tar.bz2.asc" GNUPGHOME="$(mktemp -d)" export GNUPGHOME - # gpg key from https://nextcloud.com/nextcloud.asc - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A + if ! gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; then + if ! gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 28806A878AE423A28372792ED75899B9A724937A; then + curl -sSL https://nextcloud.com/nextcloud.asc | gpg --import + fi + fi gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2 mkdir -p /usr/src/tmp tar -xjf nextcloud.tar.bz2 -C /usr/src/tmp/ From a5efaafef20f1b60116021489db566807a7deb71 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 29 Jan 2026 13:54:31 +0100 Subject: [PATCH 1048/1064] update-yaml.sh: remove the `NC_AIO_VERSION` Signed-off-by: Simon L. --- manual-install/update-yaml.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh index af746aee..928275da 100644 --- a/manual-install/update-yaml.sh +++ b/manual-install/update-yaml.sh @@ -47,6 +47,7 @@ sed -i '/AIO_URL/d' containers.yml sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml sed -i '/TURN_DOMAIN/d' containers.yml +sed -i '/NC_AIO_VERSION/d' containers.yml TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)" mapfile -t TCP <<< "$TCP" From ffd8dac1b4e95c05e7c0c27d66653576d0ffeb6e Mon Sep 17 00:00:00 2001 From: MrAn0nym <63542658+MrAn0nym@users.noreply.github.com> Date: Thu, 29 Jan 2026 14:29:15 +0100 Subject: [PATCH 1049/1064] Fix: Additional Collabora options not working correctly (#7481) Signed-off-by: MrAn0nym <63542658+MrAn0nym@users.noreply.github.com> Signed-off-by: Simon L. Co-authored-by: Simon L. Co-authored-by: Pablo Zmdl <57864086+pabzm@users.noreply.github.com> --- php/src/Docker/DockerActionManager.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 6fea395f..a8891c3c 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -420,7 +420,13 @@ readonly class DockerActionManager { // Additional Collabora options if ($this->configurationManager->collaboraAdditionalOptions !== '') { - $requestBody['Cmd'] = [$this->configurationManager->collaboraAdditionalOptions]; + // Split the list of Collabora options, which are stored as a string but must be assigned as an array. + // To avoid problems with whitespace or dashes in option arguments we use a regular expression + // that splits the string at every position where a whitespace is followed by '--o:'. + // The leading whitespace is removed in the split but the following characters are not. + // Example: "--o:example_config1='some thing' --o:example_config2=something-else" -> ["--o:example_config1='some thing'", "--o:example_config2=something-else"] + $regEx = '/\s+(?=--o:)/'; + $requestBody['Cmd'] = preg_split($regEx, rtrim($this->configurationManager->collaboraAdditionalOptions)); } } From ec6850be6371249654f5834bfe85182d0450b2f7 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 29 Jan 2026 15:04:23 +0100 Subject: [PATCH 1050/1064] aio-interface: rename Collabora everywhere to Nextcloud Office Signed-off-by: Simon L. --- .../includes/optional-containers.twig | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index dcf59bfb..68c8689d 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -228,10 +228,10 @@ {% endif %} {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %} -

      Collabora dictionaries

      +

      Nextcloud Office dictionaries

      {% if collabora_dictionaries == "" %} -

      In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:

      +

      In order to get the correct dictionaries in Nextcloud Office, you may configure the dictionaries below:

      @@ -240,34 +240,34 @@

      You need to make sure that the dictionaries that you enter are valid. An example is de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru.

      {% else %} -

      The dictionaries for Collabora are currently set to {{ collabora_dictionaries }}. You can reset them again by clicking on the button below.

      +

      The dictionaries for Nextcloud Office are currently set to {{ collabora_dictionaries }}. You can reset them again by clicking on the button below.

      - +
      {% endif %} -

      Additional Collabora options

      +

      Additional Nextcloud Office options

      {% if collabora_additional_options == "" %} -

      You can configure additional options for collabora below.

      +

      You can configure additional options for Nextcloud Office below.

      (This can be used for configuring the net.content_security_policy and more. Make sure to submit the value!)

      - +

      You need to make sure that the options that you enter are valid. An example is --o:net.content_security_policy=frame-ancestors *.example.com:*;.

      {% else %} -

      The additioinal options for Collabora are currently set to {{ collabora_additional_options }}. You can reset them again by clicking on the button below.

      +

      The additioinal options for Nextcloud Office are currently set to {{ collabora_additional_options }}. You can reset them again by clicking on the button below.

      - +
      {% endif %} {% endif %} From 12b065f9b629fc094a80125ec3263594d7343cd5 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Thu, 29 Jan 2026 16:11:04 +0100 Subject: [PATCH 1051/1064] Adjust local-ai community container to add Vulkan support (#5797) Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Co-authored-by: Simon L. --- community-containers/caddy/readme.md | 3 +- community-containers/local-ai/local-ai.json | 49 ++++++++++++++------- community-containers/local-ai/readme.md | 19 +++----- 3 files changed, 42 insertions(+), 29 deletions(-) diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 803bbec2..fd2f30ef 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -1,5 +1,5 @@ ## Caddy with geoblocking -This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. +This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed. ### Notes - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time! @@ -14,6 +14,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb. - If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr. - If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter. +- If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI. - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active! - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json index 8e2aedb3..fceb4394 100644 --- a/community-containers/local-ai/local-ai.json +++ b/community-containers/local-ai/local-ai.json @@ -4,42 +4,59 @@ "container_name": "nextcloud-aio-local-ai", "display_name": "Local AI", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai", - "image": "ghcr.io/szaimen/aio-local-ai", - "image_tag": "v2", - "internal_port": "8080", + "image": "ghcr.io/docjyj/aio-local-ai-vulkan", + "image_tag": "v1", + "internal_port": "10078", "restart": "unless-stopped", "environment": [ "TZ=%TIMEZONE%", - "MODELS_PATH=/models" + "LOCALAI_API_KEY=%LOCALAI_API_KEY%", + "LOCALAI_ADDRESS=:10078", + "LOCALAI_CONFIG_DIR=/configuration", + "LOCALAI_MODEL_PATH=/models", + "LOCALAI_BACKEND_PATH=/backends" + ], + "ports": [ + { + "ip_binding": "%APACHE_IP_BINDING%", + "port_number": "10078", + "protocol": "tcp" + } ], "volumes": [ + { + "source": "nextcloud_aio_localai_configuration", + "destination": "/configuration", + "writeable": true + }, { "source": "nextcloud_aio_localai_models", "destination": "/models", "writeable": true }, { - "source": "nextcloud_aio_localai_images", - "destination": "/tmp/generated/images/", + "source": "nextcloud_aio_localai_backends", + "destination": "/backends", "writeable": true - }, - { - "source": "%NEXTCLOUD_DATADIR%", - "destination": "/nextcloud", - "writeable": false } ], - "enable_nvidia_gpu": false, + "secrets": [ + "LOCALAI_API_KEY" + ], + "ui_secret": "LOCALAI_API_KEY", + "devices": [ + "/dev/dri" + ], "nextcloud_exec_commands": [ - "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-local-ai'", - "touch '/mnt/ncdata/admin/files/nextcloud-aio-local-ai/models.yaml'", - "echo 'Scanning nextcloud-aio-local-ai folder for admin user...'", - "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-local-ai'", "php /var/www/html/occ app:install integration_openai", "php /var/www/html/occ app:enable integration_openai", "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080", + "php /var/www/html/occ config:app:set integration_openai api_key --value %LOCALAI_API_KEY%", "php /var/www/html/occ app:install assistant", "php /var/www/html/occ app:enable assistant" + ], + "backup_volumes": [ + "nextcloud_aio_localai_configuration" ] } ] diff --git a/community-containers/local-ai/readme.md b/community-containers/local-ai/readme.md index 2ab05996..02722bd0 100644 --- a/community-containers/local-ai/readme.md +++ b/community-containers/local-ai/readme.md @@ -1,21 +1,16 @@ ## Local AI -This container bundles Local AI and auto-configures it for you. +This container bundles Local AI and auto-configures it for you. It support hardware acceleration with Vulkan. ### Notes -- Make sure to have enough storage space available. This container alone needs ~7GB storage. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast. -- After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/mudler/LocalAI/blob/master/gallery/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated. -- Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space): -```yaml -# Stable Diffusion in NCNN with c++, supported txt2img and img2img -- url: github:mudler/LocalAI/blob/master/gallery/stablediffusion.yaml - name: Stable_diffusion -``` -- To make it work, you first need to browse `https://your-nc-domain.com/settings/admin/ai` and enable or disable specific features for your models in the openAI settings. Afterwards using the Nextcloud Assistant should work. +Documentation is available on the container repository. This documentation is regularly updated and is intended to be as simple and detailed as possible. Thanks for all your feedback! + +- See https://github.com/docjyJ/aio-local-ai-vulkan#getting-started for getting start with this container. - See [this guide](https://github.com/nextcloud/all-in-one/discussions/5430) for how to improve AI task pickup speed +- Note that Nextcloud supports only one server for AI queries, so this container cannot be used at the same time as other AI containers. - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack ### Repository -https://github.com/szaimen/aio-local-ai +https://github.com/docjyJ/aio-local-ai-vulkan ### Maintainer -https://github.com/szaimen +https://github.com/docjyJ From b55260842d10195d104193cbb0d708a49f519b96 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Jan 2026 04:07:42 +0000 Subject: [PATCH 1052/1064] build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.3.1-alpine to 3.3.2-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.3.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/docker-socket-proxy/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/docker-socket-proxy/Dockerfile b/Containers/docker-socket-proxy/Dockerfile index 62590f6f..ffc867a8 100644 --- a/Containers/docker-socket-proxy/Dockerfile +++ b/Containers/docker-socket-proxy/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM haproxy:3.3.1-alpine +FROM haproxy:3.3.2-alpine # hadolint ignore=DL3002 USER root From 716d3b0f17e6ce3805d0c94bfa7c5bcbc112550b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Jan 2026 04:08:51 +0000 Subject: [PATCH 1053/1064] build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.5.3 to v1.5.4. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.5.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Containers/whiteboard/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/whiteboard/Dockerfile b/Containers/whiteboard/Dockerfile index 3a3c5542..c83dd46b 100644 --- a/Containers/whiteboard/Dockerfile +++ b/Containers/whiteboard/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile -FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.3 +FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.4 USER root RUN set -ex; \ From 748b2cc73b6182c2df4ac2f16f54d84ad665f7a2 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 Jan 2026 09:20:00 +0100 Subject: [PATCH 1054/1064] only allow to set `APACHE_ADDITIONAL_NETWORK` via environmental variable and do not restore it on backup restore Signed-off-by: Simon L. --- php/src/Data/ConfigurationManager.php | 13 ++++++++----- php/src/Docker/DockerActionManager.php | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index e65d5504..7534acda 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -263,11 +263,6 @@ class ConfigurationManager set { $this->set('collabora_seccomp_disabled', $value); } } - public string $apacheAdditionalNetwork { - get => $this->getEnvironmentalVariableOrConfig('APACHE_ADDITIONAL_NETWORK', 'apache_additional_network', ''); - set { $this->set('apache_additional_network', $value); } - } - public bool $disableBackupSection { get => $this->booleanize($this->getEnvironmentalVariableOrConfig('AIO_DISABLE_BACKUP_SECTION', 'disable_backup_section', '')); set { $this->set('disable_backup_section', $value); } @@ -854,6 +849,14 @@ class ConfigurationManager return false; } + public function getApacheAdditionalNetwork() : string { + $network = getenv('APACHE_ADDITIONAL_NETWORK'); + if (is_string($network)) { + return trim($network); + } + return ''; + } + public function getNextcloudStartupApps() : string { $apps = getenv('NEXTCLOUD_STARTUP_APPS'); if (is_string($apps)) { diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index a8891c3c..86b36619 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -843,7 +843,7 @@ readonly class DockerActionManager { $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, alias: $alias); if ($container->identifier === 'nextcloud-aio-apache' || $container->identifier === 'nextcloud-aio-domaincheck') { - $apacheAdditionalNetwork = $this->configurationManager->apacheAdditionalNetwork; + $apacheAdditionalNetwork = $this->configurationManager->getApacheAdditionalNetwork(); if ($apacheAdditionalNetwork !== '') { $this->ConnectContainerIdToNetwork($container->identifier, $container->internalPorts, $apacheAdditionalNetwork, false, $alias); } From a037be95c73fed8bca8f73482a3b311c5196c3e4 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 Jan 2026 09:51:08 +0100 Subject: [PATCH 1055/1064] fix remaining rename of collabora to Nextcloud Office Signed-off-by: Simon L. --- php/templates/includes/optional-containers.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 68c8689d..eabcb139 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -236,7 +236,7 @@ - +

      You need to make sure that the dictionaries that you enter are valid. An example is de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru.

      {% else %} From b1cea36dfa47ffcf3e631b274f702ca160322371 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 Jan 2026 11:30:59 +0100 Subject: [PATCH 1056/1064] add a workflow that blocks merging if a pre-release was published Signed-off-by: Simon L. --- .github/workflows/fail-on-prerelease.yml | 50 ++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/fail-on-prerelease.yml diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml new file mode 100644 index 00000000..5efbe242 --- /dev/null +++ b/.github/workflows/fail-on-prerelease.yml @@ -0,0 +1,50 @@ +name: Fail on prerelease + +on: + pull_request: + +permissions: + contents: read + +jobs: + check-latest-release: + runs-on: ubuntu-latest + steps: + - name: "Check latest published release isn't a prerelease" + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 + with: + script: | + const tags = await github.rest.repos.listTags({ + owner: context.repo.owner, + repo: context.repo.repo, + per_page: 1 + }); + + if (!tags.data || tags.data.length === 0) { + core.info('No tags found for this repository; skipping prerelease check.'); + return; + } + + const latestTag = tags.data[0].name; + core.info(`Latest tag found: ${latestTag}`); + + try { + const { data } = await github.rest.repos.getReleaseByTag({ + owner: context.repo.owner, + repo: context.repo.repo, + tag: latestTag + }); + + if (data.prerelease) { + core.setFailed(`Release for tag ${latestTag} (${data.tag_name}) is a prerelease. Blocking merges to main as we need to wait for the prerelease to become stable.`); + } else { + core.info(`Release for tag ${latestTag} (${data.tag_name}) is not a prerelease.`); + } + + } catch (err) { + if (err.status === 404) { + core.info(`No release found for tag ${latestTag}; skipping prerelease check.`); + } else { + throw err; + } + } From dae8102088335542bcb789bcd9fbfe5d9e085512 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 Jan 2026 15:00:48 +0100 Subject: [PATCH 1057/1064] rename name of workflow Signed-off-by: Simon L. --- .github/workflows/fail-on-prerelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml index 5efbe242..12a288bb 100644 --- a/.github/workflows/fail-on-prerelease.yml +++ b/.github/workflows/fail-on-prerelease.yml @@ -1,4 +1,4 @@ -name: Fail on prerelease +name: Block if prerelease is present on: pull_request: From 88b2121eaad9b47490f857ff26492054410f86e6 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Sun, 1 Feb 2026 11:37:51 +0100 Subject: [PATCH 1058/1064] hotfix: Update Nextcloud integration URL for local AI Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/local-ai/local-ai.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json index fceb4394..e906b5a7 100644 --- a/community-containers/local-ai/local-ai.json +++ b/community-containers/local-ai/local-ai.json @@ -50,7 +50,7 @@ "nextcloud_exec_commands": [ "php /var/www/html/occ app:install integration_openai", "php /var/www/html/occ app:enable integration_openai", - "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080", + "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:10078", "php /var/www/html/occ config:app:set integration_openai api_key --value %LOCALAI_API_KEY%", "php /var/www/html/occ app:install assistant", "php /var/www/html/occ app:enable assistant" From cba66dec0b956ce10742f0285f6adf915795fbf8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 2 Feb 2026 10:11:00 +0100 Subject: [PATCH 1059/1064] daily-backup.sh: continue with script if wasStartButtonClicked=true was found Signed-off-by: Simon L. --- Containers/mastercontainer/daily-backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index d11f3e85..fd68e981 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -4,7 +4,7 @@ echo "Daily backup script has started" # Check if initial configuration has been done, otherwise this script should do nothing. CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json -if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE"; then +if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"; then echo "Initial configuration via AIO interface not done yet. Exiting..." exit 0 fi From 82cbbe1829b15dcf3884b33be739133127e8c364 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 2 Feb 2026 07:28:42 +0100 Subject: [PATCH 1060/1064] Wrap ConfigurationController#SetConfig into a "transaction" This avoids a lot of subsequent writes and reads from the file system, because now only commitTransaction() actually writes the config file. Signed-off-by: Pablo Zmdl Signed-off-by: Simon L. --- php/src/Controller/ConfigurationController.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index bb55e10f..c40ee98c 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -17,6 +17,7 @@ readonly class ConfigurationController { public function SetConfig(Request $request, Response $response, array $args): Response { try { + $this->configurationManager->startTransaction(); if (isset($request->getParsedBody()['domain'])) { $domain = $request->getParsedBody()['domain'] ?? ''; $skipDomainValidation = isset($request->getParsedBody()['skip_domain_validation']); @@ -137,6 +138,8 @@ readonly class ConfigurationController { } catch (InvalidSettingConfigurationException $ex) { $response->getBody()->write($ex->getMessage()); return $response->withStatus(422); + } finally { + $this->configurationManager->commitTransaction(); } } } From cfff44954bcb19b968612ae70c603d97c99d0611 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 2 Feb 2026 10:28:57 +0100 Subject: [PATCH 1061/1064] increase version to 12.6.1 Signed-off-by: Simon L. --- php/templates/includes/aio-version.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig index 062985d4..1b62f917 100644 --- a/php/templates/includes/aio-version.twig +++ b/php/templates/includes/aio-version.twig @@ -1 +1 @@ -12.6.0 +12.6.1 From c84416df5df8f5efa41be0aadd57b93938914846 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 2 Feb 2026 11:06:08 +0100 Subject: [PATCH 1062/1064] fix daily-backup.sh edge case Signed-off-by: Simon L. --- Containers/mastercontainer/daily-backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index fd68e981..cd6e54b3 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -4,7 +4,7 @@ echo "Daily backup script has started" # Check if initial configuration has been done, otherwise this script should do nothing. CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json -if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"; then +if ! [ -f "$CONFIG_FILE" ] && (! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE" || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"); then echo "Initial configuration via AIO interface not done yet. Exiting..." exit 0 fi From b8f594b09a2fa97e998ccd195cf4628f530d6972 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 2 Feb 2026 11:22:43 +0100 Subject: [PATCH 1063/1064] fix logic detail Signed-off-by: Simon L. --- Containers/mastercontainer/daily-backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index cd6e54b3..89ef3cd5 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -4,7 +4,7 @@ echo "Daily backup script has started" # Check if initial configuration has been done, otherwise this script should do nothing. CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json -if ! [ -f "$CONFIG_FILE" ] && (! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE" || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"); then +if ! [ -f "$CONFIG_FILE" ] || (! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE" && ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"); then echo "Initial configuration via AIO interface not done yet. Exiting..." exit 0 fi From e95f5cc590f162f2c3c9ac359b5961d1355aca9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Feb 2026 13:26:38 +0000 Subject: [PATCH 1064/1064] build(deps): bump actions/github-script in /.github/workflows Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.1 to 8.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/d7906e4ad0b1822421a7e6a35d5ca353c962f410...ed597411d8f924073f98dfc5c65a23a2325f34cd) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/fail-on-prerelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml index 12a288bb..a5b876c3 100644 --- a/.github/workflows/fail-on-prerelease.yml +++ b/.github/workflows/fail-on-prerelease.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Check latest published release isn't a prerelease" - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v6 with: script: | const tags = await github.rest.repos.listTags({